[Freeipa-users] Re: Can't resolve external users on clients, but I can on servers

2019-10-29 Thread Sumit Bose via FreeIPA-users
On Tue, Oct 29, 2019 at 02:37:50PM +, TOULMONDE Sébastien (SPC/DCS) via FreeIPA-users wrote: > Hi Sumit, > > I'll try to search if there's any duplicates, but it seems unlikely... > Nevertheless - this bug is only hit when the domain search order is null? Hi, no, changing the domain

[Freeipa-users] Re: Can't resolve external users on clients, but I can on servers

2019-10-29 Thread SPC/DCS
Hi Sumit, I'll try to search if there's any duplicates, but it seems unlikely... Nevertheless - this bug is only hit when the domain search order is null? Thanks, Seb. This e-mail cannot be used for other purposes than Proximus business use. See more on

[Freeipa-users] Re: Can't resolve external users on clients, but I can on servers

2019-10-29 Thread Sumit Bose via FreeIPA-users
On Tue, Oct 29, 2019 at 01:26:32PM +, TOULMONDE Sébastien (SPC/DCS) via FreeIPA-users wrote: > Ok, so here’s the solution I found almost by accident… > > If I specify the domain search order to ‘ad.domain:ipa.domain’ -> the clients > can now resolve the external users > If, for whatever

[Freeipa-users] Re: Can't resolve external users on clients, but I can on servers

2019-10-29 Thread SPC/DCS
Ok, so here’s the solution I found almost by accident… If I specify the domain search order to ‘ad.domain:ipa.domain’ -> the clients can now resolve the external users If, for whatever reason, the search order is empty, the clients are back to ipa-only resolve… Hope it helps someone 

[Freeipa-users] Re: Can't resolve external users on clients, but I can on servers

2019-10-11 Thread S Toulmonde via FreeIPA-users
Sumit, Ok, so on the server and the client I've set the use_fully_qualified_names to True, restarted sssd and cleared the cache. On the client I did id aduser@ad.domain - logs are here: (Fri Oct 11 11:36:47 2019) [sssd[be[ipa.domain]]] [sbus_dispatch] (0x4000): dbus conn: 0x55ded6099250 (Fri

[Freeipa-users] Re: Can't resolve external users on clients, but I can on servers

2019-10-11 Thread Sumit Bose via FreeIPA-users
On Fri, Oct 11, 2019 at 07:55:51AM -, S Toulmonde via FreeIPA-users wrote: > Hi Sumit, > > I've tried all options: > use_fully_qualified_names = False on server and client, a matrix of > true/false, same issue... Hi, I'm sorry I wasn't clear. use_fully_qualified_names must be 'True' (or

[Freeipa-users] Re: Can't resolve external users on clients, but I can on servers

2019-10-11 Thread S Toulmonde via FreeIPA-users
Hi Sumit, I've tried all options: use_fully_qualified_names = False on server and client, a matrix of true/false, same issue... Thanks for your help! ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email

[Freeipa-users] Re: Can't resolve external users on clients, but I can on servers

2019-10-10 Thread Sumit Bose via FreeIPA-users
On Thu, Oct 10, 2019 at 10:21:12AM -, S Toulmonde via FreeIPA-users wrote: > Hi, I setup an IPA realm (under rhel7) with an trust relationship to a > Windows domain. All users in AD have an idoverride to override uid and gid. > Originally, everything was working like expected: servers could