[Freeipa-users] Re: AD accounts unavailable from clients

2018-01-29 Thread Henrik Stigendal via FreeIPA-users
Hi and thank you, I’ve enabled debug on the IPA server, to me it looks like it’s trying to lookup the account in AD (testu...@corp2.ad2.test.net) but ends up looking for the username at the IPA-domain in the end? sssd_idm.test.net.log: https://pastebin.com/Az9kyiaK sssd_nss.log: https://pastebi

[Freeipa-users] Re: AD accounts unavailable from clients

2018-01-22 Thread Justin Stephenson via FreeIPA-users
If the trust was added successfully and IPA servers were promoted to Trust Controllers or Trust Agents with ipa-adtrust-install then you followed the necessary setup steps. The 's2n' log messages are client-specific requests made to the IPA server for AD trust user and group information. These