Sorry, I forgot this. It works fine for the wibble.com linux domain.
[r...@ipa.wibble.com log]# ldapsearch -x -ZZ -H ldap://localhost -b
dc=prattle,dc=com
# extended LDIF
#
# LDAPv3
# base <dc=prattle,dc=com> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#
# search result
search: 3
result: 32 No such object
# numResponses: 1
On 2 January 2014 20:06, Andrew Holway <andrew.hol...@gmail.com> wrote:
>> As for AD users we need to look at the client and see what is going on
>> there. What is your client? Version and component? Is it using latest SSSD?
>> If not additional steps might be needed. Please provide the details
>> about the clients. Please start with trying AD users on the IPA server
>> itself, looking at the logs and seeing what is going on.
>
> /var/log/secure
> Jan 2 19:27:46 ipa sshd[8252]: pam_unix(sshd:auth): check pass; user unknown
> Jan 2 19:27:46 ipa sshd[8252]: pam_succeed_if(sshd:auth): error
> retrieving information about user b...@prattle.com
> Jan 2 19:27:49 ipa sshd[8252]: Failed password for invalid user
> b...@prattle.com from 192.168.202.12 port 51537 ssh2
>
> /var/log/messages (not sure if related. this error is going off every 20s)
> Jan 2 19:52:18 ipa smbd[7279]: [2014/01/02 19:52:18.895536, 0]
> ../source3/rpc_server/epmapper/srv_epmapper.c:378(_epm_Insert)
> Jan 2 19:52:18 ipa smbd[7279]: dcesrv_interface_register: interface
> 'lsarpc' already registered on endpoint
> Jan 2 19:52:18 ipa smbd[7279]: [2014/01/02 19:52:18.896121, 0]
> ../source3/rpc_server/epmapper/srv_epmapper.c:378(_epm_Insert)
> Jan 2 19:52:18 ipa smbd[7279]: dcesrv_interface_register: interface
> 'samr' already registered on endpoint
> Jan 2 19:52:18 ipa smbd[7279]: [2014/01/02 19:52:18.896616, 0]
> ../source3/rpc_server/epmapper/srv_epmapper.c:378(_epm_Insert)
> Jan 2 19:52:18 ipa smbd[7279]: dcesrv_interface_register: interface
> 'netlogon' already registered on endpoint
> Jan 2 19:53:18 ipa smbd[7279]: [2014/01/02 19:53:18.913794, 0]
> ../source3/rpc_server/epmapper/srv_epmapper.c:378(_epm_Insert)
> Jan 2 19:53:18 ipa smbd[7279]: dcesrv_interface_register: interface
> 'lsarpc' already registered on endpoint
> Jan 2 19:53:18 ipa smbd[7279]: [2014/01/02 19:53:18.914377, 0]
> ../source3/rpc_server/epmapper/srv_epmapper.c:378(_epm_Insert)
> Jan 2 19:53:18 ipa smbd[7279]: dcesrv_interface_register: interface
> 'samr' already registered on endpoint
> Jan 2 19:53:18 ipa smbd[7279]: [2014/01/02 19:53:18.914853, 0]
> ../source3/rpc_server/epmapper/srv_epmapper.c:378(_epm_Insert)
> Jan 2 19:53:18 ipa smbd[7279]: dcesrv_interface_register: interface
> 'netlogon' already registered on endpoint
>
> /var/log/krb5kdc.log
> Jan 02 19:27:37 ipa.wibble.com krb5kdc[6611](info): AS_REQ (4 etypes
> {18 17 16 23}) 10.51.120.1: NEEDED_PREAUTH:
> host/ipa.wibble....@wibble.com for krbtgt/wibble....@wibble.com,
> Additional pre-authentication required
> Jan 02 19:27:37 ipa.wibble.com krb5kdc[6611](info): AS_REQ (4 etypes
> {18 17 16 23}) 10.51.120.1: ISSUE: authtime 1388690857, etypes {rep=18
> tkt=18 ses=18}, host/ipa.wibble....@wibble.com for
> krbtgt/wibble....@wibble.com
> Jan 02 19:27:37 ipa.wibble.com krb5kdc[6611](info): TGS_REQ (4 etypes
> {18 17 16 23}) 10.51.120.1: ISSUE: authtime 1388690857, etypes {rep=18
> tkt=18 ses=18}, host/ipa.wibble....@wibble.com for
> ldap/ipa.wibble....@wibble.com
>
> /var/log/sssd/*
> this is using bob@host (prattle.com is the windows domain)
> https://gist.github.com/anonymous/ff817a251948ff58bdb1
>
> this is using b...@prattle.com@host (prattle.com is the windows domain)
> https://gist.github.com/anonymous/885d8bfd6cf7d224de93
>
>
>>
>> Thanks
>> Dmitri
>>
>>>
>>> Ta,
>>>
>>> Andrew
>>
>>
>> --
>> Thank you,
>> Dmitri Pal
>>
>> Sr. Engineering Manager for IdM portfolio
>> Red Hat Inc.
>>
>>
>> -------------------------------
>> Looking to carve out IT costs?
>> www.redhat.com/carveoutcosts/
>>
>>
>>
_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
