> Wait, why do you have middlebury.edu section here at all? If middlebury is
> trusted by csns.middlebury.edu, you should not have a separate
> [domain/middlebury.edu] section at all! 

That was in there because in my increasingly desperate attempts to get this 
working, I actually read the documentation, and Section 2.4 of the RHEL 7 
Windows Integration Guide says to create a new domain section for the Active 
Directory domain. Not knowing any better, I played along.

I have removed that section, and now things are broken again. However, the 
"Could not convert objectSID to a UNIX ID" problem is solved -- it's now 
breaking elsewhere, but I don't know where yet. I've set debug_level = 10  
everywhere, and don't see anything but success messages in the logs, until the 
user is disconnected. I should probably start another thread for that.

David Guertin

Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to