Aha!
This (from the domain log) shed some light:
(Thu Jul 12 08:13:33 2018) [sssd[be[cs.grinnell.edu]]] [sdap_save_user]
(0x0400): Processing user slyme...@grinnell.edu
(Thu Jul 12 08:13:33 2018) [sssd[be[cs.grinnell.edu]]] [sdap_save_user]
(0x1000): Mapping user [slyme...@grinnell.edu]
On Wed, Jul 11, 2018 at 09:42:14PM -, Mike Conner via FreeIPA-users wrote:
> sssd_nss.log during attempted lookup of slyme...@grinnell.edu account:
> https://pastebin.com/gLFnhZ9s
This is somewhat helpful, at least this snippet:
(Wed Jul 11 16:33:22 2018) [sssd[nss]] [cache_req_search_cache]
sssd_nss.log during attempted lookup of slyme...@grinnell.edu account:
https://pastebin.com/gLFnhZ9s
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora
On Wed, Jul 11, 2018 at 09:07:41PM -, Mike Conner via FreeIPA-users wrote:
> No, the lookups fail on both the server and the client.
Can you post logs of a failing lookup on the server? You would add
debug_level to the [nss] and [domain] section in sssd.conf and run the
lookup..
No, the lookups fail on both the server and the client.
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct:
On Wed, Jul 11, 2018 at 08:36:43PM -, Mike Conner via FreeIPA-users wrote:
> I have an issue where i've established the AD trust and am able to lookup
> my own account and about 30 others, but all others fail. I've compared
> AD attributes across accounts and can't find anything that is