Re: [Freeipa-users] Forest trust and AD child domain

2014-12-17 Thread Manuel Lopes
Thanks Sumit This is indeed a bug. We encounter this issue when we try to add the group "domain users" or "domain admin" but it's working fine with a group that we have created as "users group". And only on the acme.windows.com child domain and not the windows.com domain Regards 2014-12-15 21:3

Re: [Freeipa-users] Forest trust and AD child domain

2014-12-15 Thread Sumit Bose
On Mon, Dec 15, 2014 at 05:38:05PM +0100, Manuel Lopes wrote: > Attached the sssd_linux.com.log file > > Regards Thank you, there is no request logged in the logs, did you run ipa group-add-member after restarting SSSD? Nevertheless I think I know what is happening, you hit an issue which should

Re: [Freeipa-users] Forest trust and AD child domain

2014-12-15 Thread Sumit Bose
On Mon, Dec 15, 2014 at 04:39:29PM +0100, Manuel Lopes wrote: > The file sssd_linux.com.log is empty. please add debug_level = 10 to the [domain/...] section in sssd.conf to enable logging for this part of SSSD. bye, Sumit > > > > 2014-12-15 15:42 GMT+01:00 Sumit Bose : > > > > On Sat, Dec 1

Re: [Freeipa-users] Forest trust and AD child domain

2014-12-15 Thread Manuel Lopes
The file sssd_linux.com.log is empty. 2014-12-15 15:42 GMT+01:00 Sumit Bose : > > On Sat, Dec 13, 2014 at 02:13:30PM +0100, Manuel Lopes wrote: > > Hi, > > > > As explained in the previous email, the getent is successful. > > > > > > *[root@support1 ~]# getent group 'ACME\Domain Users' domain >

Re: [Freeipa-users] Forest trust and AD child domain

2014-12-15 Thread Sumit Bose
On Sat, Dec 13, 2014 at 02:13:30PM +0100, Manuel Lopes wrote: > Hi, > > As explained in the previous email, the getent is successful. > > > *[root@support1 ~]# getent group 'ACME\Domain Users' domain > us...@acme.windows.com:*:**365600513:administra...@acme.windows.com > <365600513%3aadministra.

Re: [Freeipa-users] Forest trust and AD child domain

2014-12-12 Thread Sumit Bose
On Fri, Dec 12, 2014 at 08:41:27PM +0100, Manuel Lopes wrote: > [root@support1 ~]# ipa idrange-find > > 3 ranges matched > > Range name: LINUX.COM_id_range > First Posix ID of the range: 106600 > Number of IDs in the range: 20 > First RID of the correspondi

Re: [Freeipa-users] Forest trust and AD child domain

2014-12-12 Thread Manuel Lopes
[root@support1 ~]# ipa idrange-find 3 ranges matched Range name: LINUX.COM_id_range First Posix ID of the range: 106600 Number of IDs in the range: 20 First RID of the corresponding RID range: 1000 First RID of the secondary RID range: 1

Re: [Freeipa-users] Forest trust and AD child domain

2014-12-12 Thread Sumit Bose
On Fri, Dec 12, 2014 at 02:06:05AM +0100, Manuel Lopes wrote: > Hi Sumit, > > Thank you very much for the prompt reply > > [root@support1 ~]# ipa trustdomain-find windows.com > Domain name: windows.com > Domain NetBIOS name: WINDOWS > Domain Security Identifier: S-1-5-21-1701591335-38552273

[Freeipa-users] Forest trust and AD child domain

2014-12-11 Thread Manuel Lopes
Hi Sumit, Thank you very much for the prompt reply [root@support1 ~]# ipa trustdomain-find windows.com Domain name: windows.com Domain NetBIOS name: WINDOWS Domain Security Identifier: S-1-5-21-1701591335-3855227394-3044674468 Domain enabled: True Domain name: acme.windows.com Domain

Re: [Freeipa-users] Forest trust and AD child domain

2014-12-11 Thread Sumit Bose
On Thu, Dec 11, 2014 at 06:45:49PM +0100, Manuel Lopes wrote: > Hello, > > > We have been following the AD integration guide for IPAv3: > http://www.freeipa.org/page/Howto/IPAv3_AD_trust_setup > > > > Our setup is: > > • 2 domain controllers with Windows 2008 R2 AD DC -> windows.com >

[Freeipa-users] Forest trust and AD child domain

2014-12-11 Thread Manuel Lopes
Hello, We have been following the AD integration guide for IPAv3: http://www.freeipa.org/page/Howto/IPAv3_AD_trust_setup Our setup is: • 2 domain controllers with Windows 2008 R2 AD DC -> windows.com as Forest Root Domain and acme.windows.com