[Freeipa-users] Re: AD trust setup woes

[Igor Sever via FreeIPA-users]

I have the same error.
I established two-way trust with AD which went fine.
Authentication with Kerberos to AD is working.
Since I have one test FreeIPA which is working correctly (relatively) I 
compared logs and pinpointed problem to strange LDAP search which is FreeIPA 
sending to DC:
(&(sAMAccountName=domain\20admins)(objectClass=group)(sAMAccountName=*)(&(gidNumber=*)(!(gidNumber=0))))
This LDAP query is of course not working on AD. I don’t know why FreeIPA is 
sending this kind of query to AD in this case?
Only difference that I can think of in this case is that I didn’t establish 
trust in two steps, but in one step from FreeIPA using command switch 
--two-way=true.
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org