On Wed, 18 Mar 2015, Guertin, David S. wrote:
Wait, why do you have middlebury.edu section here at all? If middlebury is
trusted by csns.middlebury.edu, you should not have a separate
[domain/middlebury.edu] section at all!

That was in there because in my increasingly desperate attempts to get
this working, I actually read the documentation, and Section 2.4 of the
RHEL 7 Windows Integration Guide says to create a new domain section
for the Active Directory domain. Not knowing any better, I played
along.

I have removed that section, and now things are broken again. However,
the "Could not convert objectSID to a UNIX ID" problem is solved --
it's now breaking elsewhere, but I don't know where yet. I've set
debug_level = 10  everywhere, and don't see anything but success
messages in the logs, until the user is disconnected. I should probably
start another thread for that.
Yes, separating the issues would be better because we have more and more
people trying to follow threads in email archive in search of solutions
to their problems.
--
/ Alexander Bokovoy

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to