Re: [Freeipa-users] Forest trust and AD child domain

2014-12-17 Thread Manuel Lopes
Thanks Sumit This is indeed a bug. We encounter this issue when we try to add the group domain users or domain admin but it's working fine with a group that we have created as users group. And only on the acme.windows.com child domain and not the windows.com domain Regards 2014-12-15 21:35

Re: [Freeipa-users] Forest trust and AD child domain

2014-12-15 Thread Sumit Bose
On Sat, Dec 13, 2014 at 02:13:30PM +0100, Manuel Lopes wrote: Hi, As explained in the previous email, the getent is successful. *[root@support1 ~]# getent group 'ACME\Domain Users' domain us...@acme.windows.com:*:**365600513:administra...@acme.windows.com

Re: [Freeipa-users] Forest trust and AD child domain

2014-12-15 Thread Manuel Lopes
The file sssd_linux.com.log is empty. 2014-12-15 15:42 GMT+01:00 Sumit Bose sb...@redhat.com: On Sat, Dec 13, 2014 at 02:13:30PM +0100, Manuel Lopes wrote: Hi, As explained in the previous email, the getent is successful. *[root@support1 ~]# getent group 'ACME\Domain Users' domain

Re: [Freeipa-users] Forest trust and AD child domain

2014-12-15 Thread Sumit Bose
On Mon, Dec 15, 2014 at 04:39:29PM +0100, Manuel Lopes wrote: The file sssd_linux.com.log is empty. please add debug_level = 10 to the [domain/...] section in sssd.conf to enable logging for this part of SSSD. bye, Sumit 2014-12-15 15:42 GMT+01:00 Sumit Bose sb...@redhat.com: On

Re: [Freeipa-users] Forest trust and AD child domain

2014-12-15 Thread Sumit Bose
On Mon, Dec 15, 2014 at 05:38:05PM +0100, Manuel Lopes wrote: Attached the sssd_linux.com.log file Regards Thank you, there is no request logged in the logs, did you run ipa group-add-member after restarting SSSD? Nevertheless I think I know what is happening, you hit an issue which should be

Re: [Freeipa-users] Forest trust and AD child domain

2014-12-12 Thread Sumit Bose
On Fri, Dec 12, 2014 at 02:06:05AM +0100, Manuel Lopes wrote: Hi Sumit, Thank you very much for the prompt reply [root@support1 ~]# ipa trustdomain-find windows.com Domain name: windows.com Domain NetBIOS name: WINDOWS Domain Security Identifier:

Re: [Freeipa-users] Forest trust and AD child domain

2014-12-12 Thread Manuel Lopes
[root@support1 ~]# ipa idrange-find 3 ranges matched Range name: LINUX.COM_id_range First Posix ID of the range: 106600 Number of IDs in the range: 20 First RID of the corresponding RID range: 1000 First RID of the secondary RID range: 1

Re: [Freeipa-users] Forest trust and AD child domain

2014-12-12 Thread Sumit Bose
On Fri, Dec 12, 2014 at 08:41:27PM +0100, Manuel Lopes wrote: [root@support1 ~]# ipa idrange-find 3 ranges matched Range name: LINUX.COM_id_range First Posix ID of the range: 106600 Number of IDs in the range: 20 First RID of the corresponding RID

Re: [Freeipa-users] Forest trust and AD child domain

2014-12-11 Thread Sumit Bose
On Thu, Dec 11, 2014 at 06:45:49PM +0100, Manuel Lopes wrote: Hello, We have been following the AD integration guide for IPAv3: http://www.freeipa.org/page/Howto/IPAv3_AD_trust_setup Our setup is: • 2 domain controllers with Windows 2008 R2 AD DC - windows.com