Jakub,
Resolved seems to be working (I swear restarting sssd and adding the debug line 
does some magic), the sssd performance blog worked out quite well.

I did not need to make any changes to my trust relationship, re-running the ad 
trust setup steps and restarting sssd did the trick.

Thank You!

----- Original Message -----
From: "Jakub Hrozek" <jhro...@redhat.com>
To: "Jake" <free...@jacobdevans.com>
Cc: freeipa-users@redhat.com
Sent: Thursday, August 4, 2016 3:48:14 AM
Subject: Re: [Freeipa-users] Login Troubles with Centos7 and external users 
(4.2.0-15.0.1.el7.centos.17)

On Wed, Aug 03, 2016 at 08:38:00PM -0400, Jake wrote:
> Thanks Jakub,
> turns out 'getent password usern...@legacy.example.org' only works on 1 of 
> the 4 ipa servers (the one I created the domain trust with).

OK, then we need to first fix all the servers before proceeding to the
clients.

> 
> I re-ran ipa-adtrust-install on them and no change, is there a similar post I 
> can follow to correct these & retrace my steps or does the trust need 
> configured on each.

For IPA:
    http://www.freeipa.org/page/Active_Directory_trust_setup#Debugging_trust
For SSSD:
    https://fedorahosted.org/sssd/wiki/Troubleshooting

I would personally start with looking into the SSSD logs on the server
that is misbehaving.

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to