It did. I just needed the motivation to figure out which version was correct. So I experimented on my own workstation this morning before anyone else got in and rolled out a corrected version.

Thanks for your help, everyone!

On 01/16/2014 11:52 AM, Jan Cholasta wrote:
I think you can just comment out the whole [domain/] section in sssd.conf and restart sssd. Does that solve the problem? If not, could you please post your sssd.conf here?

On 16.1.2014 11:21, Bret Wortman wrote:
Yes, though there should be only one. We ended up somehow with and and I'm not sure how to reduce us properly to just

Bret Wortman

On Jan 16, 2014, at 4:42 AM, Jan Cholasta <> wrote:

OK, there is definitely something going on in the client then. Are there multiple domains configured in sssd.conf?

On 15.1.2014 13:56, Bret Wortman wrote:
The fingerprint does match.

On 01/15/2014 03:33 AM, Jan Cholasta wrote:

On 14.1.2014 12:34, Bret Wortman wrote:
The key in /etc/ssh/ matches what's in IPA for the host in question. It should not have had any connectivity issues; it's
co-located with several of our IPA masters.

Can you also check if the MD5 fingerprint reported by ssh (e.g.
2a:1e:1c:87:33:44:fb:87:ab:6f:ee:80:d5:21:7e:ab in your original post)
matches the MD5 fingerprint for the host in IPA?

Jan Cholasta

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

Freeipa-users mailing list

Reply via email to