iulian roman via FreeIPA-users wrote: > Hi everybody, > > I have an IPA setup with AD trust and when I added a new group in AD it is > detected only on one ipa server (I have 2 ipa servers in replication mode). > getent group correctly returns the group only on one IPA server, therefore > only the ipa clients enrolled to that ipa server can see the group. > In the sssd logs I can see the following error: > > [ipa_s2n_exop_done] (0x0040): ldap_extended_operation result: No such > object(32), (null). > > If i try to add the AD group as external to a IPA group , by executing: ipa > group-add-member ad_group --external "[email protected]" > , I get the following error: > > member group: [email protected]: trusted domain object not found > > Any idea how can I solve or troubleshoot it?
Did you run ipa-adtrust-install on the other servers? They need to be configured as trust agents. rob _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
