[Freeipa-users] Re: Replica can ipa-find but can't id

CentOS 7.5 ipa --version VERSION: 4.5.4, API_VERSION: 2.228 When on my replica, and I use ipa idoverrideuser-find 'Default Trust View' <user> I get the expected results: -------------------------- 1 User ID override matched -------------------------- Anchor to override: :SID:S-1-5-21-55386287-1424373824-1154838474-51686 User login: <user> UID: 1503 GECOS: User Name GID: 1503 Home directory: /home/uname Login shell: /bin/bash ---------------------------- Number of entries returned 1 ---------------------------- But when I do id <user> I get id: uname: no such user What have I done wrong? I've also seen the error listed on this thread - could it be that my replica is not a trust agent? https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho... Having read https://bugzilla.redhat.com/show_bug.cgi?id=1206613 and https://pagure.io/freeipa/issue/7410 I see that I can test this [root@ipa-replica ~]# ipa server-show Server name: ipa-master.company.com Server name: ipa-master.company.com Managed suffixes: domain, ca Min domain level: 0 Max domain level: 1 Enabled server roles: CA server, NTP server, AD trust agent, AD trust controller [root@ipa-replica ~]# ipa server-show Server name: ipa-replica.company.com Server name: ipa-replica.company.com Managed suffixes: domain, ca Min domain level: 0 Max domain level: 1 Enabled server roles: CA server, NTP server It's not a trust agent or controller. I presume it should be? Yes, having now read to the end of ticket 7410 I see that I should have set the replica up with --setup-adtrust

https://github.com/freeipa/freeipa/pull/1825 And from here https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho... it looks like I need to run ipa-adtrust-install --add-agents on the master and follow the prompts?