On Wed, 18 Mar 2015, Gould, Joshua wrote:
On 3/18/15, 4:28 AM, "Alexander Bokovoy" <aboko...@redhat.com> wrote:
On Wed, 18 Mar 2015, Gould, Joshua wrote:
I¹ll be happy to remove the AD section from the sssd.conf file and test
but I think there¹s more going on. The AD section was generated from the
IPA client install. I never manually added anything other than ³pac² to
the services line under the [sssd] section and the two ldap_idmap_range
options.
Show your /var/log/ipaclient-install.log. ipa-client-install has no
support to generate sections for AD at all.
I think then it would have to be the “ipa trust-add” command which
generates those sections then? The command that I used was:
No, it is not. We don't have *any* code that could have generated that
section in FreeIPA.
# ipa trust-add --type=ad TEST.OSUWMC ―-admin=farus ―password
--range-type=ipa-ad-trust
Active Directory domain administrator's password:
ipa: ERROR: AD DC was unable to reach any IPA domain controller. Most
likely it is a DNS or firewall issue
The trust was created even with that error message and seems to work.
Do you get something like
$ kdestroy -A
$ kinit admin
$ kvno -S cifs <hostname of AD DC>
$ klist -ef
working?
--
/ Alexander Bokovoy
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
