hmmm
It suddenly started to work.....weird.

On both servers I changed  dns_lookup_realm = true (was false)
stoped sssd and cleared the sssd cache
rm /var/lib/sss/db/*
started sssd and it works now

But I find it hard to believe that was the cause.
Is there a cache involved somewhere ?

Rob Verduijn

2016-01-28 13:26 GMT+01:00 Rob Verduijn <rob.verdu...@gmail.com>:
> Hello,
>
> I've set up an ipa-server with an one way trust to a windows 2012r2 
> controller.
> All works on this server.
> I can login with ad accounts on this server.
>
> I added an ipa replica, and checked it all worked.
>
> Now I tried
> ipa-trust-add --add-agents on the first ipa server.
> restarted ipa on both servers
>
> but this did not help
> then i did a
> ipa-adtrust-install on the second ipa server
> and a ipa trust-add --type=ad windows.domain
>
> all dns queries from the docs work
> https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Windows_Integration_Guide/trust-requirements.html#verify-dns-configuration
>
> I get both ipa servers returned in the queries.
> On the windows server and the ipa server.
>
> On the first ipaserver I can issue : id WINDOWS.DOMAIN\\ad-user
> and get an answer
> On the second I get : unknown user
>
> What could be the cause of this, why does the second server not do
> ad-authentication ?
>
> Rob Verduijn

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to