Dragnell via FreeIPA-users wrote: > Hello everyone, an update on this, what I have tried so far: > 1 I create a replica without ad-trust, in an attempt to create a new > trust, but it fails with internal errors, as shown in the first post. > 2 Attempt, this time i create a new ipa server 4.9.6, this time trust > succeeded, but just as before any replica attempt show the following > "Replica DNS records could not be added on master: Insufficient access: > Insufficient 'add' privilege to add the entry" > The replica always succeed but none of them can see/add trusted object, > only the SID is show like this S-1-5-21-1928197126-2662744289-614098342-1854 > > Any idea where the problem could it be? or how to debug this further. > Thanks in advance
Did you setup trust agents? https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/installing_identity_management/installing-trust-between-idm-and-ad_installing-identity-management#proc_creating-a-trust-agent_setting-up-a-trust rob > > > El vie, 13 ago 2021 a las 19:19, Dragnell (<[email protected] > <mailto:[email protected]>>) escribió: > > hello there, for a couple of days now i have this scenarios where my > replicas couldn't find any trusted object and only show the SID of > the member of the external groups. So i destroy that and build a > replica from the master wich was the only one who could add and > remove trusted object, i deleted the old trust and unistall the old > master. (backup exist). However the new master from with i try to > create a new trust fail to do so with a internal error. > > Could any one take a look to this logs from > Thanks in advance. > Freeipa 4.9.2 > > > /var/log/htttp/error_log > debug 50 > https://paste.ubuntu.com/p/9yjRSMjP8V > <https://paste.ubuntu.com/p/9yjRSMjP8V/> > > > _______________________________________________ > FreeIPA-users mailing list -- [email protected] > To unsubscribe send an email to [email protected] > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/[email protected] > Do not reply to spam on the list, report it: > https://pagure.io/fedora-infrastructure > _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
