I've set up an ipa-server with an one way trust to a windows 2012r2 controller.
All works on this server.
I can login with ad accounts on this server.

I added an ipa replica, and checked it all worked.

Now I tried
ipa-trust-add --add-agents on the first ipa server.
restarted ipa on both servers

but this did not help
then i did a
ipa-adtrust-install on the second ipa server
and a ipa trust-add --type=ad windows.domain

all dns queries from the docs work

I get both ipa servers returned in the queries.
On the windows server and the ipa server.

On the first ipaserver I can issue : id WINDOWS.DOMAIN\\ad-user
and get an answer
On the second I get : unknown user

What could be the cause of this, why does the second server not do
ad-authentication ?

Rob Verduijn

Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to