Sorry, I forgot this. It works fine for the wibble.com linux domain. [r...@ipa.wibble.com log]# ldapsearch -x -ZZ -H ldap://localhost -b dc=prattle,dc=com # extended LDIF # # LDAPv3 # base <dc=prattle,dc=com> with scope subtree # filter: (objectclass=*) # requesting: ALL # # search result search: 3 result: 32 No such object
# numResponses: 1 On 2 January 2014 20:06, Andrew Holway <andrew.hol...@gmail.com> wrote: >> As for AD users we need to look at the client and see what is going on >> there. What is your client? Version and component? Is it using latest SSSD? >> If not additional steps might be needed. Please provide the details >> about the clients. Please start with trying AD users on the IPA server >> itself, looking at the logs and seeing what is going on. > > /var/log/secure > Jan 2 19:27:46 ipa sshd[8252]: pam_unix(sshd:auth): check pass; user unknown > Jan 2 19:27:46 ipa sshd[8252]: pam_succeed_if(sshd:auth): error > retrieving information about user b...@prattle.com > Jan 2 19:27:49 ipa sshd[8252]: Failed password for invalid user > b...@prattle.com from 192.168.202.12 port 51537 ssh2 > > /var/log/messages (not sure if related. this error is going off every 20s) > Jan 2 19:52:18 ipa smbd[7279]: [2014/01/02 19:52:18.895536, 0] > ../source3/rpc_server/epmapper/srv_epmapper.c:378(_epm_Insert) > Jan 2 19:52:18 ipa smbd[7279]: dcesrv_interface_register: interface > 'lsarpc' already registered on endpoint > Jan 2 19:52:18 ipa smbd[7279]: [2014/01/02 19:52:18.896121, 0] > ../source3/rpc_server/epmapper/srv_epmapper.c:378(_epm_Insert) > Jan 2 19:52:18 ipa smbd[7279]: dcesrv_interface_register: interface > 'samr' already registered on endpoint > Jan 2 19:52:18 ipa smbd[7279]: [2014/01/02 19:52:18.896616, 0] > ../source3/rpc_server/epmapper/srv_epmapper.c:378(_epm_Insert) > Jan 2 19:52:18 ipa smbd[7279]: dcesrv_interface_register: interface > 'netlogon' already registered on endpoint > Jan 2 19:53:18 ipa smbd[7279]: [2014/01/02 19:53:18.913794, 0] > ../source3/rpc_server/epmapper/srv_epmapper.c:378(_epm_Insert) > Jan 2 19:53:18 ipa smbd[7279]: dcesrv_interface_register: interface > 'lsarpc' already registered on endpoint > Jan 2 19:53:18 ipa smbd[7279]: [2014/01/02 19:53:18.914377, 0] > ../source3/rpc_server/epmapper/srv_epmapper.c:378(_epm_Insert) > Jan 2 19:53:18 ipa smbd[7279]: dcesrv_interface_register: interface > 'samr' already registered on endpoint > Jan 2 19:53:18 ipa smbd[7279]: [2014/01/02 19:53:18.914853, 0] > ../source3/rpc_server/epmapper/srv_epmapper.c:378(_epm_Insert) > Jan 2 19:53:18 ipa smbd[7279]: dcesrv_interface_register: interface > 'netlogon' already registered on endpoint > > /var/log/krb5kdc.log > Jan 02 19:27:37 ipa.wibble.com krb5kdc[6611](info): AS_REQ (4 etypes > {18 17 16 23}) 10.51.120.1: NEEDED_PREAUTH: > host/ipa.wibble....@wibble.com for krbtgt/wibble....@wibble.com, > Additional pre-authentication required > Jan 02 19:27:37 ipa.wibble.com krb5kdc[6611](info): AS_REQ (4 etypes > {18 17 16 23}) 10.51.120.1: ISSUE: authtime 1388690857, etypes {rep=18 > tkt=18 ses=18}, host/ipa.wibble....@wibble.com for > krbtgt/wibble....@wibble.com > Jan 02 19:27:37 ipa.wibble.com krb5kdc[6611](info): TGS_REQ (4 etypes > {18 17 16 23}) 10.51.120.1: ISSUE: authtime 1388690857, etypes {rep=18 > tkt=18 ses=18}, host/ipa.wibble....@wibble.com for > ldap/ipa.wibble....@wibble.com > > /var/log/sssd/* > this is using bob@host (prattle.com is the windows domain) > https://gist.github.com/anonymous/ff817a251948ff58bdb1 > > this is using b...@prattle.com@host (prattle.com is the windows domain) > https://gist.github.com/anonymous/885d8bfd6cf7d224de93 > > >> >> Thanks >> Dmitri >> >>> >>> Ta, >>> >>> Andrew >> >> >> -- >> Thank you, >> Dmitri Pal >> >> Sr. Engineering Manager for IdM portfolio >> Red Hat Inc. >> >> >> ------------------------------- >> Looking to carve out IT costs? >> www.redhat.com/carveoutcosts/ >> >> >> _______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users