For anyone that comes across this post, I figured out what happened and why this stopped working.
Early on when deploying FreeIPA and building the AD trust, I had figured out by nesting AD group via ext_group into idM local Admin group and then creating ID View overrides for said AD accounts ( no need to specify any specific posix user override values) it would pass kerberos (kbtgt) auth via auth header when using the IPA API from the CLI. During some clean-up I had removed those ID View user overrides; thus creating my own issue. :-( Re-creating the ID View override entries for the AD users fixed the issue. You can also see the successful 200 POST from the AD user in /var/log/httpd/access_log _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/freeipa-users@lists.fedorahosted.org/message/QC3MSX4TID3PVJHEQKBKWTRURJNM3WBN/