Ranbir via FreeIPA-users wrote: > Hi All, > > I'm running a Rocky IdM domain with six masters. I have a one way trust > configured with the AD domain. I can look up users in AD from the trust > agents and controllers. So far so good. > > I'm now doing a typical client enrollment, which is something I've done > many, many times before. The client install completes, but the messages > below get ouput during the install/config: > > Principal is not set when enrolling with OTP; using principal > '[email protected]' for 'getent passwd' > Unable to find 'admin' user with 'getent passwd [email protected]'! > Unable to reliably detect configuration. Check NSS setup manually. > > The end result is I can't lookup trusted users in AD or the ipa domain. > /etc/nsswitch.conf is also not configured like it normally is. > > I ran the install in verbose mode, which didn't reveal anything obvious > either. :/ > > I'm confused as to why it's even happening. I did a POC for everyone to > prove freeipa will work for us and I didn't encounter any problems. > Everything went as I expected it to. The one difference between the > prod system I'm building now and the POC is that the trust for the POC > ipa domain was with a different AD domain. I don't see how that could > be affecting the install on this first client. > > Any tips/help would be appreciated. >
Are the clients also running Rocky? This means that SSSD can't look up users. Follow standard SSSD troubleshooting for more information. The lookup failure isn't treated as fatal in case it is a transitive network issue. This also leaves the system more available for troubleshooting. rob _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
