Miguel Angel Coa M. via FreeIPA-users wrote: > Hello, > I'm connect my Centos 5.6 to IPA server (VERSION: 4.5.0). The connection > with ipa-client is ok, but i try login with ipa user from server client > but say "...... user does not exist" > > > [..................] > [root@av125 ~]# su - pruebas.sistemas > su: user pruebas.sistemas does not exist > [..................] > > I try restart sssd service but i have the next error: > > [..................] > [root@av125 ~]# /etc/init.d/sssd restart > Stopping sssd: cat: /var/run/sssd.pid: No such file or directory > [FAILED] > Starting sssd: [FAILED] > [..................] > > > > My config file are: > > 1. /etc/sssd/sssd.conf: > > [..................] > [sssd] > config_file_version = 2 > services = nss, pam, sudo, ssh > > domains = example.com <http://example.com> > [nss] > > [pam] > > > [domain/example.com <http://example.com>] > cache_credentials = True > krb5_store_password_if_offline = True > ipa_domain = example.com <http://example.com> > id_provider = ipa > auth_provider = ipa > access_provider = ipa > chpass_provider = ipa > ipa_dyndns_update = True > ipa_server = _srv_, im.example.com <http://im.example.com> > ldap_tls_cacert = /etc/ipa/ca.crt > debug_level = 9 > [..................] > > 2. /etc/nsswitch.conf > > [..................] > ... > ... > /sudoers: files ldap/ > [..................]/ > / > > > 3. sudo-ldap.conf > > [..................] > sudoers_debug 2 > binddn uid=sudo,cn=sysaccounts,cn=etc,dc=example,dc=com > bindpw passWD.. > > ssl start_tls > tls_cacert /etc/ipa/ca.crt > tls_checkpeer yes > > uri ldap://im.example.com <http://im.example.com> > sudoers_base ou=sudoers,dc=example,dc=com > [..................] > > 4. /etc/krb5.con > > [..................] > #File modified by ipa-client-install > > [libdefaults] > default_realm = EXAMPLE.COM <http://EXAMPLE.COM> > dns_lookup_realm = true > dns_lookup_kdc = true > rdns = false > ticket_lifetime = 24h > forwardable = yes > > [realms] > EXAMPLE.COM <http://EXAMPLE.COM> = { > pkinit_anchors = FILE:/etc/ipa/ca.crt > } > > [domain_realm] > .example.com <http://example.com> = EXAMPLE.COM <http://EXAMPLE.COM> > example.com <http://example.com> = EXAMPLE.COM <http://EXAMPLE.COM> > [..................] >
I'd start with https://docs.pagure.org/SSSD.sssd/users/troubleshooting.html rob _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org