Hello, I've set up an ipa-server with an one way trust to a windows 2012r2 controller. All works on this server. I can login with ad accounts on this server.
I added an ipa replica, and checked it all worked. Now I tried ipa-trust-add --add-agents on the first ipa server. restarted ipa on both servers but this did not help then i did a ipa-adtrust-install on the second ipa server and a ipa trust-add --type=ad windows.domain all dns queries from the docs work https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Windows_Integration_Guide/trust-requirements.html#verify-dns-configuration I get both ipa servers returned in the queries. On the windows server and the ipa server. On the first ipaserver I can issue : id WINDOWS.DOMAIN\\ad-user and get an answer On the second I get : unknown user What could be the cause of this, why does the second server not do ad-authentication ? Rob Verduijn -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project