On 2017-04-07 10:28, Sumit Bose wrote:
[...]
I'm not aware of any limitation here. Have you tried to run 'ipa
trust-fetch-domains ad.forest.root' to update the list?
If this does not help please add 'log level = 100' to
/usr/share/ipa/smb.conf.empty so that it looks like:
[global]
log level = 100
and run trust-fetch-domains again. The debug output can then be found
in /var/log/httpd/error_log. [...]
Not one error in the error_log - absolutely nothing. Our AD guys
confirmed that there are many more UPN suffixes than the five I can see
when I run ipa trust-find.
Can somebody confirm that this UPN suffix mismatch is exactly the
problem preventing password-based login in my case?
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project