[Freeipa-users] client cannot authenticate or su

Sun, 03 Mar 2019 11:33:11 -0800 

Hi, 

I've installed ipa-client on my laptop without issues, it did found domain 
properly.
kinit connects to ipa but I am unable to su any user or even login:

(root)$ su my_user
su: user my_user does not exist

(root)$ cat /var/log/sssd/sssd_nss.log
(Sun Mar  3 09:54:41 2019) [sssd[nss]] [nss_getby_id] (0x0400): Input ID: 0
(Sun Mar  3 09:54:41 2019) [sssd[nss]] [cache_req_set_plugin] (0x2000): CR 
#219: Setting "User by ID" plugin
(Sun Mar  3 09:54:41 2019) [sssd[nss]] [cache_req_send] (0x0400): CR #219: New 
request 'User by ID'
(Sun Mar  3 09:54:41 2019) [sssd[nss]] [cache_req_select_domains] (0x0400): CR 
#219: Performing a multi-domain search
(Sun Mar  3 09:54:41 2019) [sssd[nss]] [cache_req_search_domains] (0x0400): CR 
#219: Search will check the cache and check the data provider
(Sun Mar  3 09:54:41 2019) [sssd[nss]] [sss_ncache_check_str] (0x2000): 
Checking negative cache for [NCE/DOM_LOCATE_TYPE/implicit_files/User by ID]
(Sun Mar  3 09:54:41 2019) [sssd[nss]] [sss_ncache_check_str] (0x2000): 
Checking negative cache for [NCE/DOM_LOCATE_TYPE/home.mydomain.com/User by ID]
(Sun Mar  3 09:54:41 2019) [sssd[nss]] [cache_req_validate_domain_type] 
(0x2000): Request type POSIX-only for domain implicit_files type POSIX is valid
(Sun Mar  3 09:54:41 2019) [sssd[nss]] [cache_req_set_domain] (0x0400): CR 
#219: Using domain [implicit_files]
(Sun Mar  3 09:54:41 2019) [sssd[nss]] [cache_req_search_send] (0x0400): CR 
#219: Looking up UID:0@implicit_files
(Sun Mar  3 09:54:41 2019) [sssd[nss]] [cache_req_search_ncache] (0x0400): CR 
#219: Checking negative cache for [UID:0@implicit_files]
(Sun Mar  3 09:54:41 2019) [sssd[nss]] [sss_ncache_check_str] (0x2000): 
Checking negative cache for [NCE/UID/implicit_files/0]
(Sun Mar  3 09:54:41 2019) [sssd[nss]] [sss_ncache_check_str] (0x2000): 
Checking negative cache for [NCE/UID/0]
(Sun Mar  3 09:54:41 2019) [sssd[nss]] [cache_req_search_ncache] (0x0400): CR 
#219: [UID:0@implicit_files] does not exist (negative cache)
(Sun Mar  3 09:54:41 2019) [sssd[nss]] [cache_req_validate_domain_type] 
(0x2000): Request type POSIX-only for domain home.mydomain.com type POSIX is 
valid
(Sun Mar  3 09:54:41 2019) [sssd[nss]] [cache_req_set_domain] (0x0400): CR 
#219: Using domain [home.mydomain.com]
(Sun Mar  3 09:54:41 2019) [sssd[nss]] [cache_req_search_send] (0x0400): CR 
#219: Looking up UID:[email protected]
(Sun Mar  3 09:54:41 2019) [sssd[nss]] [cache_req_search_ncache] (0x0400): CR 
#219: Checking negative cache for [UID:[email protected]]
(Sun Mar  3 09:54:41 2019) [sssd[nss]] [sss_ncache_check_str] (0x2000): 
Checking negative cache for [NCE/UID/home.mydomain.com/0]
(Sun Mar  3 09:54:41 2019) [sssd[nss]] [sss_ncache_check_str] (0x2000): 
Checking negative cache for [NCE/UID/0]
(Sun Mar  3 09:54:41 2019) [sssd[nss]] [cache_req_search_ncache] (0x0400): CR 
#219: [UID:[email protected]] does not exist (negative cache)
(Sun Mar  3 09:54:41 2019) [sssd[nss]] [cache_req_process_result] (0x0400): CR 
#219: Finished: Not found
(Sun Mar  3 09:54:41 2019) [sssd[nss]] [client_recv] (0x0200): Client 
disconnected!
(Sun Mar  3 09:54:41 2019) [sssd[nss]] [client_close_fn] (0x2000): Terminated 
client [0x5565caddc630][31]
(Sun Mar  3 09:54:41 2019) [sssd[nss]] [client_recv] (0x0200): Client 
disconnected!
(Sun Mar  3 09:54:41 2019) [sssd[nss]] [client_close_fn] (0x2000): Terminated 
client [0x5565cadddc60][30]

(root)$ id $my_user
uid=0(root) gid=0(root) groups=0(root) 
context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023

(root)$ kinit my_user
Password for [email protected]: 
(root)$ ipa user-find my_user
--------------
1 user matched
--------------
  User login: my_user
  First name: MyUserName
  Last name: MyUserSurname
  Home directory: /home/my_user
  Login shell: /bin/sh
  Principal name: [email protected]
  Principal alias: [email protected]
  Email address: [email protected], [email protected]
  UID: 1907400004
  GID: 1907400003
  SSH public key fingerprint: 
SHA256:############################################# [email protected] 
(ssh-rsa)
  Account disabled: False
----------------------------
Number of entries returned 1
----------------------------

I've cleared /var/lib/sss/db/*
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/[email protected]

Reply via email to