I have a IPA server, NFS4 Server sharing home directories with autofs and krb5p
as only valid authentication.
Mail Postfix/Dovecot both with startTLS and GSSAPI.
All servers and clients are Red Hat 6.3 and updated with latest kernel and
If i start and log in locally as user1 on a IPA Client machine everything works
perfect including mail and home directory initially.
I then start experience errors when trying to ssh other servers as ssh
Nothing happens, no password question, nothing until i have to ctrl-c (tried
leaving it overnight - still same).
Mail stops working, thunderbird complain about expired credentials.
If i use ssh as root to the server and then try either: su user1 or su - user1
both get same result as ssh user1.
Sometimes a su have actually worked and i can browse to my mounted home
directory but get permission denied when trying to access.
id works and permissions on home directory shows ok but can't access anyway.
The only thing i have found helping is to logout user1 on the client, login
root and then ssh as user1.
In that case i get password question and it works with home directory.
If i logout root then, login user1 then mail, ssh and su works again for some
I guess the credential renewal works in that case.
Firewalls turned off, tried setenforce=0 and autofs on debug log mode but find
Even sshd logging on and verbose ssh shows nothing wrong.
It is like everything works but a expired ticket or something similar generate
the error, tickets are new though and should be valid.
Only error messages i have been able to find is:
IPA server /var/log/messages show:
rpc.gssd: Error doing stat on file '/tmp/krb5cc_48'
automount: sasl_log_func:98: GSSAPI Error: Unspecified GSS failure. Minor
code may provide more information (Ticket expired)
Anyone have a idea what this could be and how to solve it?
I am really thankful for any help.
Freeipa-users mailing list