After i restarted SSSD nothing changed - still cannot login via ssh/su. I have increased debug level to 6: https://gist.github.com/anonymous/9081367 (krb5_child was empty)
Thank you. 2014-02-18 11:38 GMT+02:00 Sumit Bose <sb...@redhat.com>: > On Tue, Feb 18, 2014 at 01:11:38AM +0200, Genadi Postrilko wrote: > > Thank you for the help! > > I have preformed downgrade: > > > > yum downgrade samba4* > > > > [root@ipaserver1 ~]# rpm -qa | grep samb > > samba4-python-4.0.0-58.el6.rc4.x86_64 > > samba4-winbind-4.0.0-58.el6.rc4.x86_64 > > samba4-common-4.0.0-58.el6.rc4.x86_64 > > samba4-winbind-clients-4.0.0-58.el6.rc4.x86_64 > > samba4-libs-4.0.0-58.el6.rc4.x86_64 > > samba4-client-4.0.0-58.el6.rc4.x86_64 > > samba4-4.0.0-58.el6.rc4.x86_64 > > > > And it worked ! > > > > *I am now able to perform login via "ssh" and su on to the ipaserver with > > AD users:* > > > > [root@ipaserver1 ~]# su gen...@adexample.com > > sh-4.1$ > > > > *and wbinfo and getent return values:* > > > > [root@ipaserver1 ~]# wbinfo -u > > ADEXAMPLE\administrator > > ADEXAMPLE\guest > > ADEXAMPLE\genadi > > ADEXAMPLE\krbtgt > > ADEXAMPLE\linux$ > > ADEXAMPLE\daniel > > > > [root@ipaserver1 ~]# wbinfo -g > > admins > > editors > > default smb group > > ad_users > > ADEXAMPLE\domain computers > > ADEXAMPLE\domain controllers > > ADEXAMPLE\schema admins > > ADEXAMPLE\enterprise admins > > ADEXAMPLE\domain admins > > ADEXAMPLE\domain users > > ADEXAMPLE\domain guests > > ADEXAMPLE\group policy creator owners > > ADEXAMPLE\read-only domain controllers > > ADEXAMPLE\enterprise read-only domain controllers > > ADEXAMPLE\dnsupdateproxy > > > > [root@ipaserver1 ~]# getent passwd gen...@adexample.com > > gen...@adexample.com:*:699001000:699001000::/home/adexample.com/genadi: > > Thanks a lot for confirming that -58 is working on the FreeIPA server. > > > > > *After this success, i have tried to execute a login on client machine > > (using AD user), but it did not work:* > > > > [root@ipaclient1 ~]# su gen...@adexample.com > > su: user gen...@adexample.com does not exist > > > > *Also wbinfo and getent do not return value:* > > > > [root@ipaclient1 ~]# wbinfo -u > > [root@ipaclient1 ~]# wbinfo -g > > [root@ipaclient1 ~]# getent passwd gen...@adexample.com > > Winbind is not running on the IPA client. SSSD running on the IPA client > use a LDAP extended operation to get the basic data about AD users and > group. Please try to restart SSSD on the client. If this does not help, > please send me the client's SSSD log files. > > bye, > Sumit >
_______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
