Hi Alexander, But is it ok to not being controller trust or trust agent? It’s a good idea to be a trust agent at least? How can I check both?
I can fetch from IPA the data regarding the trust, on the replica server normally. [root@ipa2 ~]# ipa trust-show Realm name: ad.example.com Realm name: ad.example.com Domain NetBIOS name: EXAMPLE Domain Security Identifier: S-1-5-21-3644117338-1171143469-618167831 Trust direction: Trusting forest Trust type: Active Directory domain UPN suffixes: example.com, invalid.com [root@ipa2 ~]# ipa trustdomain-find Realm name: ad.example.com Domain name: ad.example.com Domain NetBIOS name: EXAMPLE Domain Security Identifier: S-1-5-21-3644117338-1171143469-618167831 Domain enabled: True Thank you. > On 3 Jul 2020, at 04:20, Alexander Bokovoy <[email protected]> wrote: > > On pe, 03 heinä 2020, Vinícius Ferrão via FreeIPA-users wrote: >> Hello, >> I have two FreeIPA servers with AD trust enabled. Usually I do everything >> on the IPA #1 server, but I just observed that SIDs aren’t resolved on >> the replica, is it normal? >> I’m attaching a picture of the issue to illustrate it. >> If this is not right, someone can help with debugging steps? >> I observed that I can’t do getent passwd ferrao on the replica >> either. Only on master: >> [root@ipa1 ~]# getent passwd ferrao >> >> [1][email protected]:*:1499401105:1499401105:Vinícius >> Ferrão:/home/ferrao: >> [root@ipa2 ~]# getent passwd ferrao >> > > Looks like the second server is neither trust controller nor trust > agent. > > -- > / Alexander Bokovoy > Sr. Principal Software Engineer > Security / Identity Management Engineering > Red Hat Limited, Finland > _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
