> On Thu, Aug 22, 2019 at 01:11:28PM -0000, Martijn Bakkes via FreeIPA-users
> wrote:
>
> At this time the client will ask the server for the user data ...
>
>
> ... but this seems to be fast this time.
>
>
> Additionally SSSD tries to figure out which authenti
> On Wed, Aug 21, 2019 at 07:10:50PM -0000, Martijn Bakkes via FreeIPA-users
> wrote:
> ...
>
> Hi,
>
> here everything happened in 14:08:28, so there is no visible delay in the
> logs. Did you see a delay on the client for this attempt?
>
> Can you try again and
> On Wed, Aug 21, 2019 at 04:15:38PM -0000, Martijn Bakkes via FreeIPA-users
> wrote:
>
> Can you send me the versions of some related packages:
>
> rpm -qa sssd
> rpm -qa libtalloc
> rpm -qa libtdb
> rpm -qa libldb
> rpm -
> On Wed, Aug 21, 2019 at 01:57:30PM -0000, Martijn Bakkes via FreeIPA-users
> wrote:
> ...
> SSSD_NSS SERVER logs
> ...
> ...
>
> Those are lookups in the local cache and there should be even an index
> on those attributes. Is there an application on the I
sssd_nss logs from the client
(Wed Aug 21 09:01:09 2019) [sssd[nss]] [sss_dp_get_reply] (0x0010): The Data
Provider returned an error [org.freedesktop.sssd.Error.DataProvider.Offline]
(Wed Aug 21 09:01:09 2019) [sssd[nss]] [sss_dp_get_reply] (0x0010): The Data
Provider returned an error
Thank you.
When I was getting the SSSD logs it pointed me to an ID range error. I had
adjusted the ID ranges as required but it turns out that sss_cache -E doesn't
properly clear the SSSD cache. After I deleted the cache files and restarted
SSSD I was able to add the global group to an external
> because domain local
> groups should not be mappable, for sure.
>
You're saying our IdM is functioning in a technically impossible way?
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to
We have a one way trust set up on our IPA with our AD. ( IPA trusting AD ).
I am able to add domain local groups as external member is an IPA group.
However, when I try to add a domain global group I receive the error:
invalid 'trusted domain object': no trusted domain matched the specified flat
