On pe, 16 elo 2019, Martijn Bakkes via FreeIPA-users wrote:
We have a one way trust set up on our IPA with our AD. ( IPA trusting AD ). I am able to add domain local groups as external member is an IPA group. However, when I try to add a domain global group I receive the error:
invalid 'trusted domain object': no trusted domain matched the specified flat name
Has anybody run in to this issue. I can only find this error referenced in cases where the trust wasn't working.
Without logs it is hard to say what you are seeing because domain local groups should not be mappable, for sure.
Please follow SSSD troubleshooting guide to produce SSSD debug logs for your attempt to map users: https://docs.pagure.org/SSSD.sssd/users/troubleshooting.html