Wow, that took me a long time to get to. Sorry to go incommunicado for so long.
I tried your plan and it seemed to work without any hiccup at all. I had an "id -a user" set to run every 0.2s and not even a single one missed. It also is definitely enrolled in the non-split part of the cluster. Before, ssh couldn't use GSSAPI for authentication or delegate credentials to the orphaned host, and that started working after the steps you provided. Thanks! This definitely looks like a possible viable solution. -- William Faulk -- _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
