<html> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <style type="text/css" style="display:none;"></style> </head> <body dir="ltr"> <div id="divtagdefaultwrapper" style="font-size:12pt;color:#000000;background-color:#FFFFFF;font-family:Calibri,Arial,Helvetica,sans-serif;"> <p>Hello, </p> <p><br> </p> <p>We are running IPA version: 4.2.0, API_version: 2.156 on CentOS 7.2.1511 (Core)</p> <p><br> </p> <p><span style="font-size: 12pt;">Trust is configured with Windows 2008 R2 Enterprise Domain roottest1.com</span><br> </p> <p><br> </p> <p></p> <div>Below is output from ipa trustdomain-find</div> <div><br> </div> <div>Realm name: ROOTTEST1.COM</div> <div> Domain name: deluxetest1.com</div> <div> Domain NetBIOS name: DELUXETEST1</div> <div> Domain Security Identifier: S-1-5-21-254737954-3826080811-539560843</div> <div> Domain enabled: True</div> <div><br> </div> <div> Domain name: roottest1.com</div> <div> Domain NetBIOS name: ROOTTEST1</div> <div> Domain Security Identifier: S-1-5-21-3637171213-1932491363-3141112745</div> <div> Domain enabled: True</div> <div>----------------------------</div> <div>Number of entries returned 2</div> <div>----------------------------</div> <div><br> </div> <div>Users from roottest1.com domain work fine but users from deluxetest1.com domain can not authenticate. As root you can su to users from both domains and run id with the expected output. Below is output from running id from a user in each domain:</div> <div><br> </div> <div> <div>id t443167l@roottest1.com</div> <div>uid=908601177(t443167l@roottest1.com) gid=908601177(t443167l@roottest1.com) groups=908601177(t443167l@roottest1.com),908601174(hbac-on-root-global@roottest1.com),908601175(lsar-on-root-global@roottest1.com),908600513(domain users@roottest1.com),1114800007(hbac-on-root-global),1114800006(lsar-on-root-global)</div> <div><br> </div> <div> <div>id t443167@deluxetest1.com</div> <div>uid=959201836(t443167@deluxetest1.com) gid=959201836(t443167@deluxetest1.com) groups=959201836(t443167@deluxetest1.com),908601174(hbac-on-root-global@roottest1.com),908601175(lsar-on-root-global@roottest1.com),959202271(hbac-on-global@deluxetest1.com),959202270(lsar-on-global@deluxetest1.com),959200512(domain admins@deluxetest1.com),959200513(domain users@deluxetest1.com),1114800007(hbac-on-root-global),1114800006(lsar-on-root-global),1114800010(lsar-on-global),1114800009(hbac-on-global)</div> <div><br> </div> <div>I have tried to make the groups in AD universal groups and have the groups from deluxetest1 as members to the related groups in roottest1 with no change in the results. These groups can be seen in the output above.</div> <div><br> </div> <div>Is there a way to get users from deluxetest1.com domain to function with the same results as users from roottest1.com?</div> <div><br> </div> <div>Please let me know what other information you need.</div> <div><br> </div> <div>Thanks!</div> </div> <div><br> </div> </div> <p></p> <p><br> </p> <div id="Signature"> <div id="divtagdefaultwrapper" style="color:rgb(0,0,0); font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; background-color:rgb(255,255,255)"> <p><i>Roger Kimery</i></p> <p>Tech. Solutions Integration Engineer</p> <p><b><font color="#ff0000">D</font>eluxe Rewards</b> </p> <p>44747 Helm Ct Plymouth, Mi. 48170<br> <b></b></p> <p><span><b></b></span></p> <div><span style="font-size:12px"><span style="color:rgb(68,68,68)"><a href="tel:877-706-4321" target="_blank" value="+18777064321" id="LPNoLP"><b><font color="#1155cc">877-706-4321</font></b></a><b> ext 314912</b></span></span><span style="font-size:12px"><br> </span></div> <br> <p></p> </div> </div> </div> </body> </html>