Hi, I have a IPA server, NFS4 Server sharing home directories with autofs and krb5p as only valid authentication. Mail Postfix/Dovecot both with startTLS and GSSAPI. All servers and clients are Red Hat 6.3 and updated with latest kernel and everything else.
If i start and log in locally as user1 on a IPA Client machine everything works perfect including mail and home directory initially. I then start experience errors when trying to ssh other servers as ssh us...@mail.example.com. Nothing happens, no password question, nothing until i have to ctrl-c (tried leaving it overnight - still same). Mail stops working, thunderbird complain about expired credentials. If i use ssh as root to the server and then try either: su user1 or su - user1 both get same result as ssh user1. Sometimes a su have actually worked and i can browse to my mounted home directory but get permission denied when trying to access. id works and permissions on home directory shows ok but can't access anyway. The only thing i have found helping is to logout user1 on the client, login root and then ssh as user1. In that case i get password question and it works with home directory. If i logout root then, login user1 then mail, ssh and su works again for some time. I guess the credential renewal works in that case. Firewalls turned off, tried setenforce=0 and autofs on debug log mode but find nothing. Even sshd logging on and verbose ssh shows nothing wrong. It is like everything works but a expired ticket or something similar generate the error, tickets are new though and should be valid. Only error messages i have been able to find is: IPA server /var/log/messages show: rpc.gssd[1116]: Error doing stat on file '/tmp/krb5cc_48' automount[1197]: sasl_log_func:98: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Ticket expired) Anyone have a idea what this could be and how to solve it? I am really thankful for any help. Regards, Johan.
_______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
