Looks like you have a negative result on the NSS query for that user
I tried a few other users as well, those on the local domain all worked, those on the second domain didn't.
You posted in the Express forum, are you working with the freemium version of the product?
We're using centrify express, not the commercial version.
What happens when you do an `adquery user -A qwertyuiop` ?
adquery user qwertyuiop
qwertyuiop is not a zone user
adquery user qwertyuiop -A
Error: No such user qwertyuiop
Can you tell me the OS/version
# cat /etc/oracle-release
Oracle Linux Server release 7.3
and show me the passwd line of the /etc/nsswitch.conf file?
passwd: centrifydc files sss
It's worth checking, but I think if this was an nsswitch problem, local domain users wouldn't work either.
Does this happen in some or all systems?
Some and not all the time. We had 1 system that would « forget » about a user and after some adflush, adquery, he usually came back but might disapear again later. For some unknown reason, the problem eventually stopped happening on that machine.
Is your AD normalized? (e.g. is there a quertyuiop in another domain in the forest)
We have 2 forests each with 1 domain. Each user is unique accross forests and domains (except for some admins account that we don't use on Linux).
What happens when you rebuild the cache (adflush --force) and wait?
I suspect this might fix the problem but it might come back later or appear on another machine. I'm trying to figure out why this happens and if it's possible to do something so it doesn't happen anymore.
Thanks a lot for your help.
↧
Re: domain trust not working all the time
↧