[Freeipa-users] wbinfo cannot pull Active Directory domain users
Alexander Bokovoy
abokovoy at redhat.com
Fri Jul 10 19:29:22 UTC 2015
On Fri, 10 Jul 2015, Angelo Pantano wrote:
>I have a freeipa server trusting an active directory domain, if I ssh to
>the ipa server everything works, but if I try to ssh on an ipa client the
>authentication fails.
>
>I noticed on the server that the wbinfo -n 'AD\Domain Users' is failing:
>
>failed to call wbcLookupName: WBC_ERR_DOMAIN_NOT_FOUND
>
>Also in the logs I see:
>
>log.winbindd-dc-connect: get_sorted_dc_list: attempting lookup for name
>ad.local (sitename NULL)
>
>everything else works though, I can getent users and group just fine.
>
>Can you please help me?
We don't use wbinfo and don't recommend it with FreeIPA AD trusts -- at
least with Fedora 18+ and RHEL7+. When your FreeIPA server is deployed
on those platforms, SSSD is used to resolve users, not winbindd.
Winbindd is only used to manage forest topology.
--
/ Alexander Bokovoy
More information about the Freeipa-users
mailing list