On 12/31/20 12:51 AM, Suchismita Panda via FreeIPA-users wrote:
Hi,
We have a pair of FreeIPA servers (1 master and 1 replica)
Freeipa server version 4.6.8
Recently when we are trying to enroll any new freeipa client to the
server, the installation goes successful, but AD user login does
not work. Even the client fails to retrieve AD user information using id
command. This works fine on the FreeIPA server.
Hi,
Is the IdM replica configured as trust controller / trust agent or not
configured with any trust role? If the replica is neither controller not
agent, this may explain the behavior that you are seeing. For more
information please refer to the "Trust Controllers and Trust Agents"
chapter [1].
HTH,
flo
[1]
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/windows_integration_guide/active-directory-trust#trust-controller-agent
Freeipa local user login is working fine on the client.
There are other FreeIPA clients, where the AD user login is working
fine. We generally use Ansible to join FreeIPA. So the installation
process is also the same for all servers. Not sure why, recently it does
not work. Any advice would be really helpful.
Freeipa client version 4.8.6
In the logs mostly I am seeing below error -
[ipa_s2n_get_user_done] (0x0040): s2n exop request failed.
Thanks
Suchi
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
