[Freeipa-users] Issues creating trust with AD.
Sumit Bose
sbose at redhat.com
Tue Feb 18 09:38:45 UTC 2014
On Tue, Feb 18, 2014 at 01:11:38AM +0200, Genadi Postrilko wrote:
> Thank you for the help!
> I have preformed downgrade:
>
> yum downgrade samba4*
>
> [root at ipaserver1 ~]# rpm -qa | grep samb
> samba4-python-4.0.0-58.el6.rc4.x86_64
> samba4-winbind-4.0.0-58.el6.rc4.x86_64
> samba4-common-4.0.0-58.el6.rc4.x86_64
> samba4-winbind-clients-4.0.0-58.el6.rc4.x86_64
> samba4-libs-4.0.0-58.el6.rc4.x86_64
> samba4-client-4.0.0-58.el6.rc4.x86_64
> samba4-4.0.0-58.el6.rc4.x86_64
>
> And it worked !
>
> *I am now able to perform login via "ssh" and su on to the ipaserver with
> AD users:*
>
> [root at ipaserver1 ~]# su Genadi at ADEXAMPLE.COM
> sh-4.1$
>
> *and wbinfo and getent return values:*
>
> [root at ipaserver1 ~]# wbinfo -u
> ADEXAMPLE\administrator
> ADEXAMPLE\guest
> ADEXAMPLE\genadi
> ADEXAMPLE\krbtgt
> ADEXAMPLE\linux$
> ADEXAMPLE\daniel
>
> [root at ipaserver1 ~]# wbinfo -g
> admins
> editors
> default smb group
> ad_users
> ADEXAMPLE\domain computers
> ADEXAMPLE\domain controllers
> ADEXAMPLE\schema admins
> ADEXAMPLE\enterprise admins
> ADEXAMPLE\domain admins
> ADEXAMPLE\domain users
> ADEXAMPLE\domain guests
> ADEXAMPLE\group policy creator owners
> ADEXAMPLE\read-only domain controllers
> ADEXAMPLE\enterprise read-only domain controllers
> ADEXAMPLE\dnsupdateproxy
>
> [root at ipaserver1 ~]# getent passwd Genadi at ADEXAMPLE.COM
> genadi at adexample.com:*:699001000:699001000::/home/adexample.com/genadi:
Thanks a lot for confirming that -58 is working on the FreeIPA server.
>
> *After this success, i have tried to execute a login on client machine
> (using AD user), but it did not work:*
>
> [root at ipaclient1 ~]# su Genadi at ADEXAMPLE.COM
> su: user Genadi at ADEXAMPLE.COM does not exist
>
> *Also wbinfo and getent do not return value:*
>
> [root at ipaclient1 ~]# wbinfo -u
> [root at ipaclient1 ~]# wbinfo -g
> [root at ipaclient1 ~]# getent passwd Genadi at ADEXAMPLE.COM
Winbind is not running on the IPA client. SSSD running on the IPA client
use a LDAP extended operation to get the basic data about AD users and
group. Please try to restart SSSD on the client. If this does not help,
please send me the client's SSSD log files.
bye,
Sumit
More information about the Freeipa-users
mailing list