On Fri, 10 Jul 2015, Angelo Pantano wrote:
I have a freeipa server trusting an active directory domain, if I ssh to
the ipa server everything works, but if I try to ssh on an ipa client the
authentication fails.

I noticed on the server that the wbinfo -n 'AD\Domain Users' is failing:

failed to call wbcLookupName: WBC_ERR_DOMAIN_NOT_FOUND

Also in the logs I see:

log.winbindd-dc-connect:  get_sorted_dc_list: attempting lookup for name
ad.local (sitename NULL)

everything else works though, I can getent users and group just fine.

Can you please help me?
We don't use wbinfo and don't recommend it with FreeIPA AD trusts -- at
least with Fedora 18+ and RHEL7+. When your FreeIPA server is deployed
on those platforms, SSSD is used to resolve users, not winbindd.
Winbindd is only used to manage forest topology.



--
/ Alexander Bokovoy

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to