[Freeipa-users] ipa-client auth with windomain account

Dmitri Pal dpal at redhat.com
Mon Sep 23 14:07:10 UTC 2013 

On 09/20/2013 03:21 PM, Михаил А wrote:
> hi! TRUST OK!
> dig SRV _ldap._tcp.wiindomain-------ok win serv SRV
> dig SRV _ldap._tcp.ipadomain.wiindomain------ok serv SRV
> dns1:ipaserver1
> dns2:winserv1
> sorry for my english

Please do not reply to me directly, reply to the list.
This way people would be able too see and continue conversation.
When I asked about DNS, I was asking about the relation between windows
DNS and IPA. AFAIU in the setup you delegate a DNS zone from AD DNS to
IPA. Is that the case?

Also on the client please change the debug_level in sssd.conf to 9 or
use a bitmask (see `man sssd.conf` on the client and search for
debug_level), restart sssd and provide sssd logs to the list. Do not
forget to sanitize them.

We will be able to see what is going on in SSSD and why it does not get
the user.
BTW, have you restarted SSSD after adding trust? If so sssd might not
yet know that the trust was added. We have a ticket about it. Please try
restarting SSSD.

Thanks
Dmitri
>
>
> 2013/9/20 Dmitri Pal <dpal at redhat.com <mailto:dpal at redhat.com>>
>
>     On 09/18/2013 11:42 AM, Михаил А wrote:
>>     Hi,
>>      Do I need network access to ports from the ipa-client to the server-
>>      windows for authentication with windomain accounts?
>>      ipa-server fedora19
>>      ipa-client fedora19
>>      winserver win2012
>>      the ipa-client is located in another network
>>      within the network ipa-server, ipa-client and windows-server
>>      authentication works
>>      to the ipa-client:
>>      #id windomainuser at windomain
>>      id: windomainuser at windomain: No such user
>>      please tell me what I'm doing wrong
>>
>>
>>     _______________________________________________
>>     Freeipa-users mailing list
>>     Freeipa-users at redhat.com <mailto:Freeipa-users at redhat.com>
>>     https://www.redhat.com/mailman/listinfo/freeipa-users
>
>     We need to understand more about your setup.
>     Are you using trusts?
>     What is your DNS configuration?
>
>     Generally if you are using trusts than clients should be able to
>     resolve AD server and connect to it.
>
>     -- 
>     Thank you,
>     Dmitri Pal
>
>     Sr. Engineering Manager for IdM portfolio
>     Red Hat Inc.
>
>
>     -------------------------------
>     Looking to carve out IT costs?
>     www.redhat.com/carveoutcosts/ <http://www.redhat.com/carveoutcosts/>
>
>
>
>     _______________________________________________
>     Freeipa-users mailing list
>     Freeipa-users at redhat.com <mailto:Freeipa-users at redhat.com>
>     https://www.redhat.com/mailman/listinfo/freeipa-users
>
>


-- 
Thank you,
Dmitri Pal

Sr. Engineering Manager for IdM portfolio
Red Hat Inc.


-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20130923/00c79020/attachment.htm>

More information about the Freeipa-users mailing list