[Freeipa-users] sssd options ignored?
Alexander Bokovoy
abokovoy at redhat.com
Wed Mar 18 13:48:47 UTC 2015
On Wed, 18 Mar 2015, Gould, Joshua wrote:
>On 3/18/15, 4:28 AM, "Alexander Bokovoy" <abokovoy at redhat.com> wrote:
>
>>On Wed, 18 Mar 2015, Gould, Joshua wrote:
>>>
>>>
>>>I¹ll be happy to remove the AD section from the sssd.conf file and test
>>>but I think there¹s more going on. The AD section was generated from the
>>>IPA client install. I never manually added anything other than ³pac² to
>>>the services line under the [sssd] section and the two ldap_idmap_range
>>>options.
>>Show your /var/log/ipaclient-install.log. ipa-client-install has no
>>support to generate sections for AD at all.
>
>I think then it would have to be the “ipa trust-add” command which
>generates those sections then? The command that I used was:
No, it is not. We don't have *any* code that could have generated that
section in FreeIPA.
># ipa trust-add --type=ad TEST.OSUWMC ―-admin=farus ―password
>--range-type=ipa-ad-trust
>Active Directory domain administrator's password:
>ipa: ERROR: AD DC was unable to reach any IPA domain controller. Most
>likely it is a DNS or firewall issue
>
>
>The trust was created even with that error message and seems to work.
Do you get something like
$ kdestroy -A
$ kinit admin
$ kvno -S cifs <hostname of AD DC>
$ klist -ef
working?
--
/ Alexander Bokovoy
More information about the Freeipa-users
mailing list