On Wed, 18 Mar 2015, Gould, Joshua wrote:
On 3/18/15, 4:28 AM, "Alexander Bokovoy" <aboko...@redhat.com> wrote:

On Wed, 18 Mar 2015, Gould, Joshua wrote:

I¹ll be happy to remove the AD section from the sssd.conf file and test
but I think there¹s more going on. The AD section was generated from the
IPA client install. I never manually added anything other than ³pac² to
the services line under the [sssd] section and the two ldap_idmap_range
Show your /var/log/ipaclient-install.log. ipa-client-install has no
support to generate sections for AD at all.

I think then it would have to be the “ipa trust-add” command which
generates those sections then? The command that I used was:
No, it is not. We don't have *any* code that could have generated that
section in FreeIPA.

# ipa trust-add --type=ad TEST.OSUWMC ―-admin=farus ―password
Active Directory domain administrator's password:
ipa: ERROR: AD DC was unable to reach any IPA domain controller. Most
likely it is a DNS or firewall issue

The trust was created even with that error message and seems to work.
Do you get something like

$ kdestroy -A
$ kinit admin
$ kvno -S cifs <hostname of AD DC>
$ klist -ef


/ Alexander Bokovoy

Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to