On Mon, Jan 04, 2021 at 09:48:54AM -0800, Suchismita Panda via FreeIPA-users wrote:
Hi,
Thanks for the reply.
Yes the replica has been configured with AD Trust Agent. Any other pointer
would be really helpful.
Hi,
please add more log context, 's2n exop request failed.' might have
different reasons, e.g. timeouts, object wan not found etc.
Does the 'id' for an AD user command fail on all clients? In this case
please check the output of the same 'id' command on the master or
replica if all groups can be resolved. If there is a GID in the output
without a matching group-name you should add a matching group so that
all group can be resolved.
bye,
Sumit
Thanks
Suchi
On Mon, Jan 4, 2021 at 12:47 AM Florence Blanc-Renaud via FreeIPA-users <
freeipa-users(a)lists.fedorahosted.org> wrote:
> On 12/31/20 12:51 AM, Suchismita Panda via FreeIPA-users wrote:
> > Hi,
> >
> > We have a pair of FreeIPA servers (1 master and 1 replica)
> > Freeipa server version 4.6.8
> >
> > Recently when we are trying to enroll any new freeipa client to the
> > server, the installation goes successful, but AD user login does
> > not work. Even the client fails to retrieve AD user information using id
> > command. This works fine on the FreeIPA server.
> >
> Hi,
>
> Is the IdM replica configured as trust controller / trust agent or not
> configured with any trust role? If the replica is neither controller not
> agent, this may explain the behavior that you are seeing. For more
> information please refer to the "Trust Controllers and Trust Agents"
> chapter [1].
>
> HTH,
> flo
>
> [1]
>
>
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/...
> > Freeipa local user login is working fine on the client.
> >
> > There are other FreeIPA clients, where the AD user login is working
> > fine. We generally use Ansible to join FreeIPA. So the installation
> > process is also the same for all servers. Not sure why, recently it does
> > not work. Any advice would be really helpful.
> >
> > Freeipa client version 4.8.6
> >
> > In the logs mostly I am seeing below error -
> >
> > [ipa_s2n_get_user_done] (0x0040): s2n exop request failed.
> >
> > Thanks
> > Suchi
> >
> > _______________________________________________
> > FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
> > To unsubscribe send an email to
> freeipa-users-leave(a)lists.fedorahosted.org
> > Fedora Code of Conduct:
>
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> > List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
> > List Archives:
>
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho...
> >
> _______________________________________________
> FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
> To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org
> Fedora Code of Conduct:
>
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
>
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho...
>
_______________________________________________
FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho...