On Mon, Oct 21, 2013 at 01:34:17PM -0400, Rob Crittenden wrote: > Andrew Holway wrote: > >>It is a bit strange that your ipa_domain and ipa_hostname are the same. I > >>think the domain should be just local. > >> > >>I'd run klist -kt /etc/krb5.keytab to see what principals are in there. > > > >ipa_hostname = 192-168-0-110.local > >ipa_server = _srv_, 192-168-0-100.local > > > >Hi, > > > >I'm a little confused. They are not the same and these values were > >created by the "ipa-client-install" utility. > > > >I think there is some extra magic needed so that I get get sudo > >working with ipa...The redhat docs are a little bit lacking for the > >less advanced... > > > >https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Deployment_Guide/sssd-ldap-sudo.html > > Sure, but first we need to make sssd talk to IPA at all, which it isn't. > > Like I said, it looks like your sssd configuration is wrong. You can > always un-enroll and re-enroll the client in order to reset things. > > rob
Sorry I didn't notice the sssd keyword until now. I think Rob is right, ipa_domain and ipa_hostname being the same seems wrong. Was this config generated by ipa-client-install at all? If you put debug_level=6 into the [domain] section of sssd.conf and restart the sssd, you'd be able to inspect more verbose debugging in /var/log/sssd/*.log But first I'd try re-enrolling the client as Rob says. You should end up with a valid sssd.conf _______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
