[Freeipa-users] really dumb question - is an IPA replica automatically a client as well?
Chris Dagdigian
dag at sonsorol.org
Thu Dec 22 14:36:10 UTC 2016
Working on a messy multi-AD / multi-child-domain environment ...
Just deployed my 1st replica server after the v4.4 upgrade
The IPA replica seems fine and "ipactl status" reports no issues. The
webUI clearly shows all of the values/config that came over from the master
However the replica server does not resolve or enumerate any users in
any of the trusted AD domains despite sssd.conf and krb5.com being
similar to the IPA master. No obvious errors or blocked traffic although
I have not yet enabled debug=10 logging yet.
Before I begin the standard krb5 and sssd troubleshooting I wanted to
ask the dumb question first -- does an IPA replica automatically get
enrolled as a managed client? Should I expect it to recognize the remote
AD user IDs by default?
Chris
More information about the Freeipa-users
mailing list