I have a one-way trust configured to AD. It has been working for a long time but has
stopped and I can't track down what has happened.
`getent passwd user` works on users in IPA, but fails (nothing returned) on AD users.
**** Contents of sssd.conf on client:
[
domain/ipa.domain.edu]
cache_credentials = True
krb5_store_password_if_offline = True
ipa_domain =
ipa.domain.edu
id_provider = ipa
auth_provider = ipa
access_provider = ipa
ipa_hostname =
test.ipa.domain.edu
chpass_provider = ipa
ipa_server =
_srv_,ipa.ipa.grinnell.edu
ipa_server_mode = true
ldap_tls_cacert = /etc/ipa/ca.crt
krb5_validate = False
debug_level=8
[sssd]
services = nss, sudo, pam, ssh
domains =
ipa.domain.edu
[nss]
homedir_substring = /home
****
`ipa trustdomain-find` returns the trusted AD domain
I haven't found anything I can make sense of in the logs, but this might be a clue to
someone else:
**** From the sssd_ipa.domain.edu.log
(Thu Feb 11 12:07:19 2021) [sssd[be[ipa.domain.edu]]] [sss_domain_get_state] (0x1000):
Domain
ipa.domain.edu is Active
(Thu Feb 11 12:07:19 2021) [sssd[be[ipa.domain.edu]]] [sss_domain_get_state] (0x1000):
Domain
domain.edu is Active
(Thu Feb 11 12:07:19 2021) [sssd[be[ipa.domain.edu]]] [ipa_srv_ad_acct_lookup_step]
(0x0400): Looking up AD account
(Thu Feb 11 12:07:19 2021) [sssd[be[ipa.domain.edu]]] [sss_domain_get_state] (0x1000):
Domain
ipa.domain.edu is Active
(Thu Feb 11 12:07:19 2021) [sssd[be[ipa.domain.edu]]] [sss_domain_get_state] (0x1000):
Domain
domain.edu is Active
(Thu Feb 11 12:07:19 2021) [sssd[be[ipa.domain.edu]]] [be_mark_dom_offline] (0x1000):
Marking subdomain
domain.edu offline
(Thu Feb 11 12:07:19 2021) [sssd[be[ipa.domain.edu]]] [be_mark_subdom_offline] (0x1000):
Marking subdomain
domain.edu as inactive
(Thu Feb 11 12:07:19 2021) [sssd[be[ipa.domain.edu]]] [ipa_srv_ad_acct_lookup_done]
(0x0040): ipa_get_*_acct request failed: [22]: Invalid argument.
(Thu Feb 11 12:07:19 2021) [sssd[be[ipa.domain.edu]]] [ipa_subdomain_account_done]
(0x0040): ipa_get_*_acct request failed: [22]: Invalid argument.
(Thu Feb 11 12:07:19 2021) [sssd[be[ipa.domain.edu]]] [dp_req_done] (0x0400): DP Request
[Account #20]: Request handler finished [0]: Success
(Thu Feb 11 12:07:19 2021) [sssd[be[ipa.domain.edu]]] [_dp_req_recv] (0x0400): DP Request
[Account #20]: Receiving request data.
(Thu Feb 11 12:07:19 2021) [sssd[be[ipa.domain.edu]]] [dp_req_reply_list_success]
(0x0400): DP Request [Account #20]: Finished. Success.
(Thu Feb 11 12:07:19 2021) [sssd[be[ipa.domain.edu]]] [dp_req_reply_std] (0x1000): DP
Request [Account #20]: Returning [Internal Error]: 3,22,Invalid argument
(Thu Feb 11 12:07:19 2021) [sssd[be[ipa.domain.edu]]] [dp_table_value_destructor]
(0x0400): Removing [0:1:0x0001:1::domain.edu:name=connerms@domain.edu] from reply table
****