I have a IPA server, NFS4 Server sharing home directories with autofs and krb5p 
as only valid authentication.
Mail Postfix/Dovecot both with startTLS and GSSAPI.
All servers and clients are Red Hat 6.3 and updated with latest kernel and 
everything else.

If i start and log in locally as user1 on a IPA Client machine everything works 
perfect including mail and home directory initially.
I then start experience errors when trying to ssh other servers as ssh 
Nothing happens, no password question, nothing until i have to ctrl-c (tried 
leaving it overnight - still same).
Mail stops working, thunderbird complain about expired credentials.
If i use ssh as root to the server and then try either: su user1 or su - user1 
both get same result as ssh user1.
Sometimes a su have actually worked and i can browse to my mounted home 
directory but get permission denied when trying to access.
id works and permissions on home directory shows ok but can't access anyway.

The only thing i have found helping is to logout user1 on the client, login 
root and then ssh as user1.
In that case i get password question and it works with home directory.
If i logout root then, login user1 then mail, ssh and su works again for some 

I guess the credential renewal works in that case.

Firewalls turned off, tried setenforce=0 and autofs on debug log mode but find 

Even sshd logging on and verbose ssh shows nothing wrong.
It is like everything works but a expired ticket or something similar generate 
the error, tickets are new though and should be valid.

Only error messages i have been able to find is:

IPA server /var/log/messages show:
rpc.gssd[1116]: Error doing stat on file '/tmp/krb5cc_48'

automount[1197]: sasl_log_func:98: GSSAPI Error: Unspecified GSS failure. Minor 
code may provide more information (Ticket expired)

Anyone have a idea what this could be and how to solve it?

I am really thankful for any help.


Freeipa-users mailing list

Reply via email to