hmmm It suddenly started to work.....weird. On both servers I changed dns_lookup_realm = true (was false) stoped sssd and cleared the sssd cache rm /var/lib/sss/db/* started sssd and it works now
But I find it hard to believe that was the cause. Is there a cache involved somewhere ? Rob Verduijn 2016-01-28 13:26 GMT+01:00 Rob Verduijn <[email protected]>: > Hello, > > I've set up an ipa-server with an one way trust to a windows 2012r2 > controller. > All works on this server. > I can login with ad accounts on this server. > > I added an ipa replica, and checked it all worked. > > Now I tried > ipa-trust-add --add-agents on the first ipa server. > restarted ipa on both servers > > but this did not help > then i did a > ipa-adtrust-install on the second ipa server > and a ipa trust-add --type=ad windows.domain > > all dns queries from the docs work > https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Windows_Integration_Guide/trust-requirements.html#verify-dns-configuration > > I get both ipa servers returned in the queries. > On the windows server and the ipa server. > > On the first ipaserver I can issue : id WINDOWS.DOMAIN\\ad-user > and get an answer > On the second I get : unknown user > > What could be the cause of this, why does the second server not do > ad-authentication ? > > Rob Verduijn -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
