On pe, 15 kesä 2018, Lachlan Musicman via FreeIPA-users wrote:
CentOS 7.5
ipa --version VERSION: 4.5.4, API_VERSION: 2.228
When on my replica, and I use
ipa idoverrideuser-find 'Default Trust View' <user> I get the expected
results:
--------------------------
1 User ID override matched
--------------------------
Anchor to override: :SID:S-1-5-21-55386287-1424373824-1154838474-51686
User login: <user>
UID: 1503
GECOS: User Name
GID: 1503
Home directory: /home/uname
Login shell: /bin/bash
----------------------------
Number of entries returned 1
----------------------------
But when I do
id <user>
I get
id: uname: no such user
What have I done wrong?
I've also seen the error listed on this thread - could it be that my
replica is not a trust agent?
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho...
Having read
https://bugzilla.redhat.com/show_bug.cgi?id=1206613
and
https://pagure.io/freeipa/issue/7410
I see that I can test this
[root@ipa-replica ~]# ipa server-show
Server name:
ipa-master.company.com
Server name:
ipa-master.company.com
Managed suffixes: domain, ca
Min domain level: 0
Max domain level: 1
Enabled server roles: CA server, NTP server, AD trust agent, AD trust
controller
[root@ipa-replica ~]# ipa server-show
Server name:
ipa-replica.company.com
Server name:
ipa-replica.company.com
Managed suffixes: domain, ca
Min domain level: 0
Max domain level: 1
Enabled server roles: CA server, NTP server
It's not a trust agent or controller. I presume it should be? Yes, having
now read to the end of ticket 7410 I see that I should have set the replica
up with --setup-adtrust
No, you don't need that. You need it to be a trust
agent, not a trust
controller.
Exactly.
--
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland