[Freeipa-users] AD trust problem
Alexander Bokovoy
abokovoy at redhat.com
Fri Jun 5 11:19:05 UTC 2015
On Fri, 05 Jun 2015, Alexander Frolushkin wrote:
>1. Thank you for this information, but "offline domain" this is only a
>correlation fact - real problem is that a number of user groups of AD
>account missing.
wbinfo has nothing to do with the actual system state because we don't
use winbindd in RHEL 7 to resolve users/groups from trusted domains.
>2. sssd in debug mode showing only Doman Users group on hbac stage.
-EPARSE. Show logs or it did not happen :)
>Am I understanding correctly that currently on ipa server there is no
>way to check trusts or AD servers connectivity? Because it seems like
>problem is site-related, only servers in two regions have problem with
>AD user groups...
No, you are not understanding correctly. If you enable debugging
information in SSSD configuration, you'll see all what SSSD thinks about
connectivity towards AD DCs.
--
/ Alexander Bokovoy
More information about the Freeipa-users
mailing list