On Thu, Jan 02, 2014 at 08:06:31PM +0000, Andrew Holway wrote: > /var/log/sssd/* > this is using bob@host (prattle.com is the windows domain) > https://gist.github.com/anonymous/ff817a251948ff58bdb1 > > this is using b...@prattle.com@host (prattle.com is the windows domain)
Thanks, these logs have somewhat more info than those in the other thread. It seems that Winbind on the IPA server has trouble talking to the AD server: (Thu Jan 2 19:27:41 2014) [sssd[be[wibble.com]]] [fo_set_port_status] (0x0100): Marking port 0 of server 'ipa.wibble.com' as 'working' (Thu Jan 2 19:27:41 2014) [sssd[be[wibble.com]]] [set_server_common_status] (0x0100): Marking server 'ipa.wibble.com' as 'working' (Thu Jan 2 19:27:41 2014) [sssd[be[wibble.com]]] [ipa_s2n_get_user_done] (0x0040): s2n exop request failed. (The s2n exop does a special LDAP call to IPA which in turn calls winbind on the server). To generate the winbind logs on the server, can you do 'smbcontrol winbindd debug 100', then request the trusted user. The winbind logs would be at /var/log/samba/log.w* I'd advise to restart SSSD on the client before the test to get rid of the negative cache and make sure the request actually hits the server. _______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users