Hi, Thanks for the reply.
Yes the replica has been configured with AD Trust Agent. Any other pointer would be really helpful. Thanks Suchi On Mon, Jan 4, 2021 at 12:47 AM Florence Blanc-Renaud via FreeIPA-users < [email protected]> wrote: > On 12/31/20 12:51 AM, Suchismita Panda via FreeIPA-users wrote: > > Hi, > > > > We have a pair of FreeIPA servers (1 master and 1 replica) > > Freeipa server version 4.6.8 > > > > Recently when we are trying to enroll any new freeipa client to the > > server, the installation goes successful, but AD user login does > > not work. Even the client fails to retrieve AD user information using id > > command. This works fine on the FreeIPA server. > > > Hi, > > Is the IdM replica configured as trust controller / trust agent or not > configured with any trust role? If the replica is neither controller not > agent, this may explain the behavior that you are seeing. For more > information please refer to the "Trust Controllers and Trust Agents" > chapter [1]. > > HTH, > flo > > [1] > > https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/windows_integration_guide/active-directory-trust#trust-controller-agent > > Freeipa local user login is working fine on the client. > > > > There are other FreeIPA clients, where the AD user login is working > > fine. We generally use Ansible to join FreeIPA. So the installation > > process is also the same for all servers. Not sure why, recently it does > > not work. Any advice would be really helpful. > > > > Freeipa client version 4.8.6 > > > > In the logs mostly I am seeing below error - > > > > [ipa_s2n_get_user_done] (0x0040): s2n exop request failed. > > > > Thanks > > Suchi > > > > _______________________________________________ > > FreeIPA-users mailing list -- [email protected] > > To unsubscribe send an email to > [email protected] > > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > > List Archives: > https://lists.fedorahosted.org/archives/list/[email protected] > > > _______________________________________________ > FreeIPA-users mailing list -- [email protected] > To unsubscribe send an email to [email protected] > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/[email protected] >
_______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
