Hola,

We successfully installed ipa-server, and then successfully joined an AD in
a one way trust.
All in IPA are Centos 7.2 latest updates.

I can successfully get info from AD by using: $id username on the server.

I can successfully *join* the new ipa server with a client using
ipa-client-install. (both on stdout and /var/log/ipaclient-install look
good).

I have followed these instructions to add an external mapped group, an
internal group and a HBAC.

http://www.freeipa.org/page/Active_Directory_trust_setup


But, for some reason I can't then login to that client using AD
credentials.

In fact, on the client in question, all indicators are that the username
being used is "unknown". I see little to nothing in /var/log/sssd/*, a few
lines, late, in /var/log/dirsrv/slapd..../. Most of the live logging of
auth seems to be in /var/log/secure.

My feeling is that the client successfully joins, but then isn't using sssd
as it's authentication system.

Where should I start looking? The logs aren't showing me anything of note.
What should I test? How can I test?

I have had this working previously on a test domain, but it's hard to know
what I've done differently due to time and how long it took to get it
working last time.

Cheers
L.




------
The most dangerous phrase in the language is, "We've always done it this
way."

- Grace Hopper
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to