On Thu, Jan 09, 2014 at 10:14:20AM -0500, Ryan Chase wrote: > On 1/8/14 5:25 PM, Jakub Hrozek wrote: > >On Wed, Jan 08, 2014 at 03:12:35PM -0500, Ryan Chase wrote: > >>I've added a new user using the command "ipa user-add" from the ipa > >>server. I can see correct user information when I run the commands > >>"ipa user-show" and "ipa user-status". However, I cannot see the > >>user when I run "getent passwd username" or even "id username". When > >>I run "id username" I get, "no such user". > >> I feel this may be an issue with sssd, but I'm not 100% sure. > >>/etc/nsswitch.conf looks correct. > >> Any ideas? > >> > >>--Ryan > >> > >>IPA server is CentOS 6 running freeipa version 3.0.0 > > > >Hi Ryan, > > > >this indeed sounds like an issue with the SSSD. > > > >Given that you said nsswitch.conf looks OK, can you raise debug_level > >(let's start with 5 perhaps) in the [nss] and [domain/] sections, > >restart the SSSD and inspect the logs in /var/log/sssd/ for any errors? > > > >Is there anything in the syslog? Some errors, like invalid keytab are > >logged to the system logs as well as the SSSD debug logs. > > > > Below is a snip from the sssd log with debug_level=5 > This was an ssh attempt to the server. >
This log snippet is telling us about problems with keytab: > (Thu Jan 9 09:52:45 2014) [sssd[be[csl.local]]] [sdap_kinit_done] > (0x0100): Could not get TGT: 14 [Bad address] Perhaps /var/log/sssd/ldap_child.log would have more info? Can you kinit with your keytab (kinit -k or kinit -k host/$(hostname)) ? _______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
