-----BEGIN PGP SIGNED MESSAGE-----
On 03/10/2011 10:10 AM, Simo Sorce wrote:
> ----- Original Message -----
>> Steven Jones wrote:
>>> However I cant LDAP/Ipa authenticate still....on either
>>> So what next?
>> sssd handles logins, you can try turning up the log level on that
>> (though I suspect it wasn't the reboot that fixed this but
>> restarting sssd).
> If sssd was never used before then what was needed was a restart of
> the services using it (sshd, gdm), as nsswitch.conf is never re-read
> by glibc, you can't use the new users until those services are
> restarted after nsswitch.conf is modified.
> I think we also offer to restart the client after ipa-client-install
> exactly as a way to restart all services that may depend on picking
> up this change. That reboot is not necessary if you manually restart
> all services after that, but if you don't than you better do a reboot
> as we suggest.
>> As part of ipa-client-install sssd is restarted and tested via
>> 'getent passwd admin'. This should be visible in
>> /var/log/ipaclient-install.log. Did this command succeed?
> Even if this succeed, authentication via gdm or ssh can still fail
> until the services are restarted.
> Just pointing out this fact as a help point for other users testing
> ipa-client-install in future.
FYI, while this might be an issue for sshd, GDM actually has a
workaround for this and doesn't need a restart. GDM just forks and
exec's the 'id' command instead of calling getpwent directly.
Delivering value year after year.
Red Hat ranks #1 in value among software vendors.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
-----END PGP SIGNATURE-----
Freeipa-users mailing list