hi,

a bit puzzled now. I have joined another 2k8r2 host to the AD domain that
is trusted by the ipa domain.

As AD\administrator I can ssh to the linux host.

I create a bunch of AD users, standard members of 'Domain Users'. But I
cannot login to the linux host.

When I run wbinfo --online-status i get this:

# wbinfo --online-status
BUILTIN : online
IPA : online
AD : offline

# wbinfo --domain-info ad.asenjo.nx
Name              : AD
Alt_Name          : ad.asenjo.nx
SID               : S-1-5-21-2508008360-1834726910-79835928
Active Directory  : No
Native            : No
Primary           : No

# wbinfo --domain ad.asenjo.nx -u
With this last command I would expect to see all the users I created in the
AD.

# getent group ad_users
ad_users:*:642801446:administra...@ad.asenjo.nx

this tellms me that the external group we created has only the AD
administrator in it, so It makes sense only this one is allowed. But I I
checked the SID of the mapped group:

# ipa group-show ad_users_external
  Group name: ad_users_external
  Description: AD users external map
  Member of groups: ad_users
  External member: S-1-5-21-2508008360-1834726910-79835928-513

And it is the AD\Domain Users sid, I checked it on the windows host because
wbinfo shows me no info:

[root@kdc ~]# wbinfo -n "AD\Domain Users"
failed to call wbcLookupName: WBC_ERR_DOMAIN_NOT_FOUND
Could not lookup name AD\Domain Users
[root@kdc ~]# wbinfo -s S-1-5-21-2508008360-1834726910-79835928-513
failed to call wbcLookupSid: WBC_ERR_DOMAIN_NOT_FOUND
Could not lookup sid S-1-5-21-2508008360-1834726910-79835928-513
[root@kdc ~]# wbinfo -s S-1-5-21-2508008360-1834726910-79835928-513 -d
ad.asenjo.nx
failed to call wbcLookupSid: WBC_ERR_DOMAIN_NOT_FOUND
Could not lookup sid S-1-5-21-2508008360-1834726910-79835928-513

So how can I get the rest of the users in the group mapped?

TIA,

-- 
groet,
natxo
_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to