Am Wed, Jun 30, 2021 at 01:29:48PM +0200 schrieb Ronald Wimmer via FreeIPA-users:
On 30.06.21 13:26, Sumit Bose via FreeIPA-users wrote:
> Am Wed, Jun 30, 2021 at 12:13:54PM +0200 schrieb Ronald Wimmer via FreeIPA-users:
> > Today I set up an IPA test web application in our IPA test environment. I
> > figured out that my AD user was resolved but the user of my colleague was
> > not. (getent passwd userA/userB)
> >
> > I stopped SSSD, cleared the cache with 'rm -rf /var/lib/sss/db/*' and
> > started SSSD again. After that I could not resolve any AD user. The sssd
> > logs showed an Network I/O error:
> >
> > ==> /var/log/sssd/sssd_ipatest.mydomain.at.log <==
> > (2021-06-30 11:46:14): [be[ipatest.mydomain.at]] [ipa_s2n_exop_done]
> > (0x0040): ldap_extended_operation result: Operations error(1), Failed to
> > handle the request.
> > .
> > (2021-06-30 11:46:14): [be[ipatest.mydomain.at]] [ipa_s2n_exop_done]
> > (0x0040): ldap_extended_operation failed, server logs might contain more
> > details.
>
> Hi,
>
> you should check on the IPA servers if the users and all the
> group-memberships can be resolved properly, i.e. 'id aduser(a)AD.DOMAIN'
> should display the user and all its groups with both name and ID. If
> some groups are only listed by GID you should check why the IPA server
> cannot resolve the name.
Resolving the users on an IPA server works properly.
Hi,
I'm afraid in this case you should point the client to a dedicated
server and check the SSSD nss logs for issues while the client is
sending the request to the server. If this does not give a hint then
enabling plugin debugging in the 389ds LDAP server might help.
bye,
Sumit
_______________________________________________
FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho...
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure