On Fri, Dec 3, 2021 at 10:18 AM tizo <tizone(a)gmail.com> wrote:
We have a test environment with a FreeIPA server with a cross forest
trust
with an AD (that is in fact a Samba AD DC). Both servers are Rocky Linux 8.
Everything works fine when we try to login to the FreeIPA server with an
AD user (and with IPA users too). However, in another Rocky Linux 8 acting
as an IPA client, we cannot do that. In this case, we can login with IPA
users (admin for example), but we cannot login with AD users.
More details:
* "id userad(a)ad.xx.xx" and "getent passwd user(a)ad.xx.xx" are not
working
in IPA client.
* Both are working for IPA users in IPA client.
* "kinit userad(a)ad.xx.xx" is working in IPA client. It is also working
for IPA users.
* Everything is working on IPA server.
Any help is appreciated,
tizo
Our mistake. The problem was that the principal group of the user we were
using did not exist (ie: there wasn't a group with that GID).
Thanks very much!