On 2017-04-07 10:28, Sumit Bose wrote:
[...] I'm not aware of any limitation here. Have you tried to run 'ipa trust-fetch-domains ad.forest.root' to update the list?If this does not help please add 'log level = 100' to /usr/share/ipa/smb.conf.empty so that it looks like: [global] log level = 100 and run trust-fetch-domains again. The debug output can then be found in /var/log/httpd/error_log. [...]
Not one error in the error_log - absolutely nothing. Our AD guys confirmed that there are many more UPN suffixes than the five I can see when I run ipa trust-find.
Can somebody confirm that this UPN suffix mismatch is exactly the problem preventing password-based login in my case?
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
