[Freeipa-users] Clients are reading AD info inconsistently

[Guertin, David S.]

I have three IPA servers set up (master and two replicas) and they're all behaving normally. AD users can log in, AD group restrictions are honored, etc. Now I'm trying to set up clients, and running into problems. I have three clients set up, and all three behave differently.

On one of the clients, users can log in like they can on the servers. On the other two, users can't log in, but these two behave differently from each other.

Client 1 and servers (this is correct):

# id 'MIDD\juser'
uid=435021613(juser at middlebury.edu) gid=435021613(juser at middlebury.edu) groups=435021613(juser at middlebury.edu),435330225(computer science lab login at middlebury.edu),435231589(fmp_ms_eventschedule_users at middlebury.edu),435208664(miis labfiles everyone at middlebury.edu),435032463(mcms no rights at middlebury.edu),435000513(domain users at middlebury.edu),435286826(netoperators at middlebury.edu),435461517(ipa users at middlebury.edu<mailto:users at middlebury.edu>)

Client 2 (AD groups are not listed):

# id 'MIDD\juser'
uid=435021613(juser at middlebury.edu) gid=435021613(juser at middlebury.edu) groups=435021613(juser at middlebury.edu<mailto:juser at middlebury.edu>)

Client 3 (user not found):

# id 'MIDD\juser'
id: MIDD\juser: No such user

On each client I have cleared the sssd cache (rm -f /var/lib/sss/db/*) and restarted sssd, with no effect. I have also uninstalled and re-installed the client, also with no effect.

What else can I try?

David Guertin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150324/118f2b68/attachment.htm>