[Freeipa-users] AD trust relationship is established, but IPA cannot see AD users
Alexander Bokovoy
abokovoy at redhat.com
Tue Mar 3 17:42:31 UTC 2015
On Tue, 03 Mar 2015, Guertin, David S. wrote:
>> Can you show us your sssd.conf? When SSSD runs on IPA master it should
>> not use extdom (ipa_s2n_exop_send and friends) at all.
>
>Sure, here's my sssd.conf:
>
>[domain/csns.middlebury.edu]
>
>cache_credentials = True
>krb5_store_password_if_offline = True
>ipa_domain = csns.middlebury.edu
>id_provider = ipa
>auth_provider = ipa
>access_provider = ipa
>ipa_hostname = ipa1.csns.middlebury.edu
>chpass_provider = ipa
>ipa_server = ipa1.csns.middlebury.edu
>ldap_tls_cacert = /etc/ipa/ca.crt
>subdomains_provider = ipa
>debug_level = 10
>[sssd]
>services = nss, sudo, pam, ssh, pac
>config_file_version = 2
>debug_level = 5
>domains = csns.middlebury.edu
>[nss]
>homedir_substring = /home
>debug_level = 5
>[pam]
>debug_level = 10
>[sudo]
>debug_level = 5
>[autofs]
>debug_level = 5
>[ssh]
>debug_level = 5
>[pac]
>debug_level = 5
>[ifp]
>debug_level = 5
Ok, thanks.
I gather that you are running some version of RHEL 6.x (you never stated
your exact setup). What do you get with
wbinfo -m
wbinfo -i 'AD\user'
for some AD\user from active directory.
--
/ Alexander Bokovoy
More information about the Freeipa-users
mailing list