<html>
<head>
<meta content="text/html; charset=KOI8-R" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
On 09/20/2013 03:21 PM, íÉČÁÉĚ á wrote:
<blockquote
cite="mid:CALtTMp+NR7KxxG27ESxQtgwM8pFxF=k_62b184-c9TOztA0OiQ@mail.gmail.com"
type="cite">
<div dir="ltr">hi! TRUST OK!
<div>dig SRV _ldap._tcp.wiindomain-------ok win serv SRV</div>
<div>dig SRV _ldap._tcp.ipadomain.wiindomain------ok serv SRV<br>
</div>
<div>dns1:ipaserver1</div>
<div>dns2:winserv1</div>
<div>sorry for my english</div>
</div>
</blockquote>
<br>
Please do not reply to me directly, reply to the list.<br>
This way people would be able too see and continue conversation.<br>
When I asked about DNS, I was asking about the relation between
windows DNS and IPA. AFAIU in the setup you delegate a DNS zone from
AD DNS to IPA. Is that the case?<br>
<br>
Also on the client please change the debug_level in sssd.conf to 9
or use a bitmask (see `man sssd.conf` on the client and search for
debug_level), restart sssd and provide sssd logs to the list. Do not
forget to sanitize them.<br>
<br>
We will be able to see what is going on in SSSD and why it does not
get the user.<br>
BTW, have you restarted SSSD after adding trust? If so sssd might
not yet know that the trust was added. We have a ticket about it.
Please try restarting SSSD.<br>
<br>
Thanks<br>
Dmitri<br>
<blockquote
cite="mid:CALtTMp+NR7KxxG27ESxQtgwM8pFxF=k_62b184-c9TOztA0OiQ@mail.gmail.com"
type="cite">
<div dir="ltr">
</div>
<div class="gmail_extra"><br>
<br>
<div class="gmail_quote">2013/9/20 Dmitri Pal <span dir="ltr"><<a
moz-do-not-send="true" href="mailto:dpal@redhat.com"
target="_blank">dpal@redhat.com</a>></span><br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
<div>
<div class="h5"> On 09/18/2013 11:42 AM, íÉČÁÉĚ á wrote:
</div>
</div>
<blockquote type="cite">
<div>
<div class="h5">
<div dir="ltr">
<div>Hi,</div>
<span
style="font-family:arial,sans-serif;font-size:12.727272033691406px">šDo
I need network access to ports from the
ipa-client to the server-</span><br
style="font-family:arial,sans-serif;font-size:12.727272033691406px">
<span
style="font-family:arial,sans-serif;font-size:12.727272033691406px">šwindows
for authentication with windomain accounts?</span><br
style="font-family:arial,sans-serif;font-size:12.727272033691406px">
<span
style="font-family:arial,sans-serif;font-size:12.727272033691406px">šipa-server
fedora19</span><br
style="font-family:arial,sans-serif;font-size:12.727272033691406px">
<span
style="font-family:arial,sans-serif;font-size:12.727272033691406px">šipa-client
fedora19</span><br
style="font-family:arial,sans-serif;font-size:12.727272033691406px">
<span
style="font-family:arial,sans-serif;font-size:12.727272033691406px">šwinserver
win2012</span><br
style="font-family:arial,sans-serif;font-size:12.727272033691406px">
<span
style="font-family:arial,sans-serif;font-size:12.727272033691406px">šthe
ipa-client is located in another network</span><br
style="font-family:arial,sans-serif;font-size:12.727272033691406px">
<span
style="font-family:arial,sans-serif;font-size:12.727272033691406px">šwithin
the network ipa-server, ipa-client and
windows-server</span><br
style="font-family:arial,sans-serif;font-size:12.727272033691406px">
<span
style="font-family:arial,sans-serif;font-size:12.727272033691406px">šauthentication
works</span><br
style="font-family:arial,sans-serif;font-size:12.727272033691406px">
<span
style="font-family:arial,sans-serif;font-size:12.727272033691406px">što
the ipa-client:</span><br
style="font-family:arial,sans-serif;font-size:12.727272033691406px">
<span
style="font-family:arial,sans-serif;font-size:12.727272033691406px">š#id
windomainuser@windomain</span><br
style="font-family:arial,sans-serif;font-size:12.727272033691406px">
<span
style="font-family:arial,sans-serif;font-size:12.727272033691406px">šid:
windomainuser@windomain: No such user</span><br
style="font-family:arial,sans-serif;font-size:12.727272033691406px">
<span
style="font-family:arial,sans-serif;font-size:12.727272033691406px">šplease
tell me what I'm doing wrong</span><br>
</div>
<br>
<fieldset></fieldset>
<br>
</div>
</div>
<pre>_______________________________________________
Freeipa-users mailing list
<a moz-do-not-send="true" href="mailto:Freeipa-users@redhat.com" target="_blank">Freeipa-users@redhat.com</a>
<a moz-do-not-send="true" href="https://www.redhat.com/mailman/listinfo/freeipa-users" target="_blank">https://www.redhat.com/mailman/listinfo/freeipa-users</a></pre>
</blockquote>
<br>
We need to understand more about your setup.<br>
Are you using trusts?<br>
What is your DNS configuration?<br>
<br>
Generally if you are using trusts than clients should be
able to resolve AD server and connect to it.<span
class="HOEnZb"><font color="#888888"><br>
<br>
<pre cols="72">--
Thank you,
Dmitri Pal
Sr. Engineering Manager for IdM portfolio
Red Hat Inc.
-------------------------------
Looking to carve out IT costs?
<a moz-do-not-send="true" href="http://www.redhat.com/carveoutcosts/" target="_blank">www.redhat.com/carveoutcosts/</a>
</pre>
</font></span></div>
<br>
_______________________________________________<br>
Freeipa-users mailing list<br>
<a moz-do-not-send="true"
href="mailto:Freeipa-users@redhat.com">Freeipa-users@redhat.com</a><br>
<a moz-do-not-send="true"
href="https://www.redhat.com/mailman/listinfo/freeipa-users"
target="_blank">https://www.redhat.com/mailman/listinfo/freeipa-users</a><br>
</blockquote>
</div>
<br>
</div>
</blockquote>
<br>
<br>
<pre class="moz-signature" cols="72">--
Thank you,
Dmitri Pal
Sr. Engineering Manager for IdM portfolio
Red Hat Inc.
-------------------------------
Looking to carve out IT costs?
<a class="moz-txt-link-abbreviated" href="http://www.redhat.com/carveoutcosts/">www.redhat.com/carveoutcosts/</a>
</pre>
</body>
</html>