Hola, We successfully installed ipa-server, and then successfully joined an AD in a one way trust. All in IPA are Centos 7.2 latest updates.
I can successfully get info from AD by using: $id username on the server. I can successfully *join* the new ipa server with a client using ipa-client-install. (both on stdout and /var/log/ipaclient-install look good). I have followed these instructions to add an external mapped group, an internal group and a HBAC. http://www.freeipa.org/page/Active_Directory_trust_setup But, for some reason I can't then login to that client using AD credentials. In fact, on the client in question, all indicators are that the username being used is "unknown". I see little to nothing in /var/log/sssd/*, a few lines, late, in /var/log/dirsrv/slapd..../. Most of the live logging of auth seems to be in /var/log/secure. My feeling is that the client successfully joins, but then isn't using sssd as it's authentication system. Where should I start looking? The logs aren't showing me anything of note. What should I test? How can I test? I have had this working previously on a test domain, but it's hard to know what I've done differently due to time and how long it took to get it working last time. Cheers L. ------ The most dangerous phrase in the language is, "We've always done it this way." - Grace Hopper
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
