On Срд, 18 чэр 2025, Cyrus via FreeIPA-users wrote:
Hello!
I'm having random login issues vía ssh (IPA managed servers, AD users) and
I realized that out of the two Free IPA servers, only one of them lists
winbibd and smb in "ipactl status"
Almost everything works on ipa02 (discovery vía DNS, kerberos via kinit)
but user resolution fails (id/getent)
Should I setup trust in both servers?
No. Once trust is established, it does not need to be re-established.
What you need to do is to make sure your other replicas have trust agent
role.
Please read the documentation:
https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/9/html/installing_trust_between_idm_and_ad/setting-up-a-trust_installing-trust-between-idm-and-ad#proc_creating-a-trust-agent_setting-up-a-trust
--
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland
--
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
