<div class="gmail_quote"><br>
</div>hi,<br><br>a bit puzzled now. I have joined another 2k8r2 host to the AD domain that is trusted by the ipa domain.<br><br>As AD\administrator I can ssh to the linux host.<br><br>I create a bunch of AD users, standard members of 'Domain Users'. But I cannot login to the linux host.<br>
<br>When I run wbinfo --online-status i get this:<br><br># wbinfo --online-status<br>BUILTIN : online<br>IPA : online<br>AD : offline<br><br># wbinfo --domain-info ad.asenjo.nx<br>Name : AD<br>Alt_Name : ad.asenjo.nx<br>
SID : S-1-5-21-2508008360-1834726910-79835928<br>Active Directory : No<br>Native : No<br>Primary : No<br><br># wbinfo --domain ad.asenjo.nx -u<br>With this last command I would expect to see all the users I created in the AD.<br>
<br># getent group ad_users<br>ad_users:*:642801446:administrator@ad.asenjo.nx<br><br>this tellms me that the external group we created has only the AD administrator in it, so It makes sense only this one is allowed. But I I checked the SID of the mapped group:<br>
<br># ipa group-show ad_users_external<br> Group name: ad_users_external<br> Description: AD users external map<br> Member of groups: ad_users<br> External member: S-1-5-21-2508008360-1834726910-79835928-513<br><br>And it is the AD\Domain Users sid, I checked it on the windows host because wbinfo shows me no info:<br>
<br>[root@kdc ~]# wbinfo -n "AD\Domain Users"<br>failed to call wbcLookupName: WBC_ERR_DOMAIN_NOT_FOUND<br>Could not lookup name AD\Domain Users<br>[root@kdc ~]# wbinfo -s S-1-5-21-2508008360-1834726910-79835928-513<br>
failed to call wbcLookupSid: WBC_ERR_DOMAIN_NOT_FOUND<br>Could not lookup sid S-1-5-21-2508008360-1834726910-79835928-513<br>[root@kdc ~]# wbinfo -s S-1-5-21-2508008360-1834726910-79835928-513 -d ad.asenjo.nx<br>failed to call wbcLookupSid: WBC_ERR_DOMAIN_NOT_FOUND<br>
Could not lookup sid S-1-5-21-2508008360-1834726910-79835928-513<br><br>So how can I get the rest of the users in the group mapped?<br><br>TIA,<br><br>-- <br>groet,<br>natxo<br>