[Freeipa-users] Password-based authentication with AD users does not work
Ronald Wimmer
ronaldw at ronzo.at
Mon Apr 10 09:49:05 UTC 2017
On 2017-04-07 10:28, Sumit Bose wrote:
> [...]
> I'm not aware of any limitation here. Have you tried to run 'ipa
> trust-fetch-domains ad.forest.root' to update the list?
>
> If this does not help please add 'log level = 100' to
> /usr/share/ipa/smb.conf.empty so that it looks like:
>
> [global]
> log level = 100
>
> and run trust-fetch-domains again. The debug output can then be found
> in /var/log/httpd/error_log. [...]
Not one error in the error_log - absolutely nothing. Our AD guys
confirmed that there are many more UPN suffixes than the five I can see
when I run ipa trust-find.
Can somebody confirm that this UPN suffix mismatch is exactly the
problem preventing password-based login in my case?
More information about the Freeipa-users
mailing list