CentOS 7.5 ipa --version VERSION: 4.5.4, API_VERSION: 2.228 When on my replica, and I use
ipa idoverrideuser-find 'Default Trust View' <user> I get the expected results: -------------------------- 1 User ID override matched -------------------------- Anchor to override: :SID:S-1-5-21-55386287-1424373824-1154838474-51686 User login: <user> UID: 1503 GECOS: User Name GID: 1503 Home directory: /home/uname Login shell: /bin/bash ---------------------------- Number of entries returned 1 ---------------------------- But when I do id <user> I get id: uname: no such user What have I done wrong? I've also seen the error listed on this thread - could it be that my replica is not a trust agent? https://lists.fedorahosted.org/archives/list/[email protected]/thread/6LDXSQW5H3CE44CVXPMK53FOMG4LBGYN/ Having read https://bugzilla.redhat.com/show_bug.cgi?id=1206613 and https://pagure.io/freeipa/issue/7410 I see that I can test this [root@ipa-replica ~]# ipa server-show Server name: ipa-master.company.com Server name: ipa-master.company.com Managed suffixes: domain, ca Min domain level: 0 Max domain level: 1 Enabled server roles: CA server, NTP server, AD trust agent, AD trust controller [root@ipa-replica ~]# ipa server-show Server name: ipa-replica.company.com Server name: ipa-replica.company.com Managed suffixes: domain, ca Min domain level: 0 Max domain level: 1 Enabled server roles: CA server, NTP server It's not a trust agent or controller. I presume it should be? Yes, having now read to the end of ticket 7410 I see that I should have set the replica up with --setup-adtrust https://github.com/freeipa/freeipa/pull/1825 And from here https://lists.fedorahosted.org/archives/list/[email protected]/thread/RLWBXYP6PPHGXMJZZNEAO6TF7BCB6EDS/ it looks like I need to run ipa-adtrust-install --add-agents on the master and follow the prompts? L.
_______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/[email protected]/message/6JYX3XSTQNDHERTTIGRDYTZYPNSE2FBJ/
