----- Original Message -----
> Steven Jones wrote:
> > Ok,
> >
> > However I cant LDAP/Ipa authenticate still....on either
> > client..........
> >
> > So what next?
> sssd handles logins, you can try turning up the log level on that
> (though I suspect it wasn't the reboot that fixed this but restarting
> sssd).

If sssd was never used before then what was needed was a restart of the 
services using it (sshd, gdm), as nsswitch.conf is never re-read by glibc, you 
can't use the new users until those services are restarted after nsswitch.conf 
is modified.

I think we also offer to restart the client after ipa-client-install exactly as 
a way to restart all services that may depend on picking up this change. That 
reboot is not necessary if you manually restart all services after that, but if 
you don't than you better do a reboot as we suggest.

> As part of ipa-client-install sssd is restarted and tested via 'getent
> passwd admin'. This should be visible in
> /var/log/ipaclient-install.log.
> Did this command succeed?

Even if this succeed, authentication via gdm or ssh can still fail until the 
services are restarted.

Just pointing out this fact as a help point for other users testing 
ipa-client-install in future.


Simo Sorce * Red Hat, Inc. * New York

Freeipa-users mailing list

Reply via email to