[Freeipa-users] ipa replica is ad trust controller but refuses ad users
Rob Verduijn
rob.verduijn at gmail.com
Thu Jan 28 12:26:42 UTC 2016
Hello,
I've set up an ipa-server with an one way trust to a windows 2012r2 controller.
All works on this server.
I can login with ad accounts on this server.
I added an ipa replica, and checked it all worked.
Now I tried
ipa-trust-add --add-agents on the first ipa server.
restarted ipa on both servers
but this did not help
then i did a
ipa-adtrust-install on the second ipa server
and a ipa trust-add --type=ad windows.domain
all dns queries from the docs work
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Windows_Integration_Guide/trust-requirements.html#verify-dns-configuration
I get both ipa servers returned in the queries.
On the windows server and the ipa server.
On the first ipaserver I can issue : id WINDOWS.DOMAIN\\ad-user
and get an answer
On the second I get : unknown user
What could be the cause of this, why does the second server not do
ad-authentication ?
Rob Verduijn
More information about the Freeipa-users
mailing list