On 18.11.20 09:46, Alexander Bokovoy wrote:
On ke, 18 marras 2020, Ronald Wimmer via FreeIPA-users wrote:
On 18.11.20 09:20, Ronald Wimmer via FreeIPA-users wrote:
After upgrading our IPA servers AD user resolution seems to have
stopped working.
id myADUser says:
id: ‘myADUser’: no such user
It might have something to do with:
sssctl domain-status org.mydomain.at
Online status: Offline
But why is it seen as offline?
In your original log you can see that ipa_s2n requests return an error.
Check SSSD logs on IPA masters that the client talks to. This all is
covered at
https://sssd.io/docs/users/troubleshooting.html#common-ipa-provider-issues
As it turned out I had to enable an encryption policy in order to allow
the deprecated type RC4 for communication to AD.
This is done by issuing the command (on every 8.3 server that needs to
communicate to AD) by:
update-crypto-policies --set DEFAULT:AD-SUPPORT
Details can be found in the Ootpa Release Notes:
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/pdf/8.3_release_notes/Red_Hat_Enterprise_Linux-8-8.3_Release_Notes-en-US.pdf
Cheers,
Ronald
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
