Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1318169
Created attachment 1136927 trust console log Description of problem: Tree-root domains in a trusted AD forest aren't marked as reachable via the forest root Version-Release number of selected component (if applicable): [root@host2 ~]# cat /etc/redhat-release Red Hat Enterprise Linux Server release 7.2 (Maipo) ipa-server-dns-4.2.0-15.el7_2.10.x86_64 ipa-server-trust-ad-4.2.0-15.el7_2.10.x86_64 ipa-server-4.2.0-15.el7_2.10.x86_64 sssd-1.13.0-40.el7_2.2.x86_64 How reproducible:Always Steps to Reproduce: 1. Setup forest i.e pne.qe 2. Setup child domain i.e chd.pne.qe 3. Setup a tree domain i.e test.qa 4. Installed IPA. ipa-adtrust-install 5. Setup two-way trust 6. Ensure child domain and tree-root domain is listed. 7. run id <username@tree-rootdomain> on IPA server Actual results: "id <username>" when executed on IPA server/client doesn't display users present in the tree domain. [root@host2 ~]# id user5@test.qa id: user5@test.qa: no such user [root@host2 ~]# id user6@test.qa id: user6@test.qa: no such user Expected results: id <username> output should display users present in the tree domain as well. Additional info: Attaching the console logs and sssd logs.
master:
ipa-4-3:
ipa-4-2:
Metadata Update from @pvoborni: - Issue assigned to abbra - Issue set to the milestone: FreeIPA 4.2.5
Login to comment on this ticket.