Hash: SHA1

On 03/08/2011 02:43 PM, Steven Jones wrote:
> 8><------
> So how do I fault find? where do I start?
> ie Where do I start to look to determine why a user cannot login to a
> client via freeipa? 
> How can I be more clear? because so far the replies have been not very
> productive.

Steven, sorry you're having such a hard time with this. Let me see if I
can help point you in the right direction.

I'm trying to look at the history of this thread, but I'm coming into it
late, so please forgive me if I retread any ground that's already been

First, I need to verify that I understand the state from which you're
working. Have you installed FreeIPA from the jdennis.fedorapeople.org
yum repository?

What version of the RPM packages for freeipa-server, freeipa-client and
sssd do you have? (rpm -q)

I noticed that you mentioned in an earlier email that you were editing
nslcd.conf. This is not the preferred mechanism for setting up a FreeIPA
client (any more). We now use SSSD (and ipa-client-install should be
setting this up for you).

So what I need to see are the following configuration files:
1) /etc/nsswitch.conf
2) /etc/sssd/sssd.conf
3) /etc/pam.d/system-auth
4) /etc/pam.d/password-auth (if using GDM)

Also, to start debugging login problems, the best place to look is in
/var/log/secure, which should report any PAM modules that are denying
access to the account (and the reason why it's being denied).

Please provide us with the above information and we'll see what we can
do to get you up and running.

Also, for much faster triage and debugging, you can join the #freeipa
and/or #sssd IRC channels on the irc.freenode.net IRC server and speak
with us directly. My nick on those channels is 'sgallagh'.

- -- 
Stephen Gallagher
RHCE 804006346421761

Delivering value year after year.
Red Hat ranks #1 in value among software vendors.
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/


Freeipa-users mailing list

Reply via email to