On Tue, Nov 11, 2014 at 07:52:22AM +0200, Alexander Bokovoy wrote: > On Mon, 10 Nov 2014, William Muriithi wrote: > >less /var/log/sssd/sssd_example.loc.log > > > >(Mon Nov 10 15:58:21 2014) [sssd[be[example.loc]]] [fo_set_port_status] > >(0x0100): Marking port 389 of server 'ipa3-yyz-int.example.loc' as 'working' > >(Mon Nov 10 15:58:21 2014) [sssd[be[example.loc]]] > >[set_server_common_status] (0x0100): Marking server > >'ipa3-yyz-int.example.loc' as 'working' > >(Mon Nov 10 16:01:44 2014) [sssd[be[example.loc]]] [be_get_account_info] > >(0x0100): Got request for [4097][1][name=wmuriithi] > >(Mon Nov 10 16:01:44 2014) [sssd[be[example.loc]]] [ipa_s2n_get_user_done] > >(0x0040): s2n exop request failed. > >(Mon Nov 10 16:01:44 2014) [sssd[be[example.loc]]] [acctinfo_callback] > >(0x0100): Request processed. Returned 3,1432158221,Account info lookup failed > >(Mon Nov 10 16:01:57 2014) [sssd[be[example.loc]]] [be_get_account_info] > >(0x0100): Got request for [4097][1][name=wmuriithi] > >(Mon Nov 10 16:01:57 2014) [sssd[be[example.loc]]] [ipa_s2n_get_user_done] > >(0x0040): s2n exop request failed. > >(Mon Nov 10 16:01:57 2014) [sssd[be[example.loc]]] [acctinfo_callback] > >(0x0100): Request processed. Returned 3,1432158221,Account info lookup failed > >(Mon Nov 10 16:01:57 2014) [sssd[be[example.loc]]] [be_get_account_info] > >(0x0100): Got request for [4097][1][name=wmuriithi] > >(Mon Nov 10 16:01:57 2014) [sssd[be[example.loc]]] [ipa_s2n_get_user_done] > >(0x0040): s2n exop request failed. > >(Mon Nov 10 16:01:57 2014) [sssd[be[example.loc]]] [acctinfo_callback] > >(0x0100): Request processed. Returned 3,1432158221,Account info lookup failed > >(Mon Nov 10 16:01:57 2014) [sssd[be[example.loc]]] [be_get_account_info] > >(0x0100): Got request for [4097][1][name=wmuriithi] > >(Mon Nov 10 16:01:57 2014) [sssd[be[example.loc]]] [ipa_s2n_get_user_done] > >(0x0040): s2n exop request failed. > > > >Does this mean I have to recreate the trust relationship? I didn't get > >any error when I set up the trust last week and uncertain recreating > >the trust would help. Would highly appreciate any pointers on what > >would be best way forward. > 's2n exop request failed' above tells that communication to IPA master > didn't succeed in looking up AD users and groups. You need to enable > debug in sssd on IPA master and provide logs from there.
Can you resolve the user on the IPA master? Does ssh work in the IPA master? bye, Sumit > > -- > / Alexander Bokovoy > > -- > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > Go To http://freeipa.org for more info on the project -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
