On Mon, Jul 14, 2014 at 02:02:16PM -0300, tizo wrote: > On Mon, Jul 14, 2014 at 5:57 AM, Jakub Hrozek <[email protected]> wrote: > > > On Fri, Jul 11, 2014 at 05:22:59PM -0300, tizo wrote: > > > On Fri, Jul 11, 2014 at 4:54 PM, Dmitri Pal <[email protected]> wrote: > > > > > > > On 07/11/2014 03:27 PM, tizo wrote: > > > > > > > > > > > > On Fri, Jul 4, 2014 at 5:09 PM, tizo <[email protected]> wrote: > > > > > > > >> I have seen in > > > >> > > http://www.freeipa.org/page/Howto/IPAv3_AD_trust_setup#Trusts_and_Windows_Server_2003_R2 > > > >> that trusts can be configured with Windows Server 2003 R2. > > > >> > > > >> We have a Windows Server 2003 (not R2). Before starting to make some > > > >> tests, does anyone know if trusts can be configured with this version > > of > > > >> Windows Server 2003?. > > > >> > > > >> Thanks very much. > > > >> > > > >> > > > > As I have not received any answer, I decided to give it a try. I > > follow > > > > the document step by step with our Windows 2003, and everything looks > > good, > > > > except when I try to login to the FreeIPA server with an AD user (ssh > > or > > > > tty). > > > > > > > > Does anyone know how could I debug this problem?. > > > > > > > > > > > > Sorry that you did not get a response. It is a hot time, a lot of > > people > > > > on vacation and we also got 4.0 just out of the door. > > > > > > > > Set debug_level to 10 in the sssd.conf. It will create a lot of output > > and > > > > this might give you a hint of what is going on. From there you will see > > > > whether the user is processed by SSSD or SSH is not configured and > > user do > > > > not hit SSSD at all (unlikely), and if user is processed what the > > problem > > > > is. > > > > > > > > > > > Thanks Dmitri. I set the debug_level to 10, and the file > > > sssd_my.domain.com.log is telling something about the AD user trying to > > > connect with SSH. I am sending it to you privately, because it contains > > > some sensitive information. > > > > Hi, > > > > I realize you were following our own documentation, which originated > > from this thread: > > https://www.redhat.com/archives/freeipa-users/2013-June/msg00119.html > > > > Maybe it would be helpful to read it, too, at least to see how some other > > users were setting up the trust and what their problems were. > > > > -- > > Manage your subscription for the Freeipa-users mailing list: > > https://www.redhat.com/mailman/listinfo/freeipa-users > > Go To http://freeipa.org for more info on the project > > > > > Dmitri and Jakub, thanks very much for your help. > > Jakub, I took a look in the thread, but I couldn't find anything that could > help us with our problem. > > I am attaching the logs from sssd with the sensitive information removed. > Any help is really appreciated; I don't really know where should I continue > searching for the problem.
Thanks, the logs don't show what the error is, but do tell us that the error is on the server side: > (Fri Jul 11 17:19:27 2014) [sssd[be[lan.xxx.com.uy]]] [ipa_s2n_exop_send] > (0x0400): Executing extended operation > (Fri Jul 11 17:19:27 2014) [sssd[be[lan.xxx.com.uy]]] [ipa_s2n_exop_send] > (0x2000): ldap_extended_operation sent, msgid = 8 > (Fri Jul 11 17:19:27 2014) [sssd[be[lan.xxx.com.uy]]] [sdap_process_result] > (0x2000): Trace: sh[0x2293ed0], connected[1], ops[0x2293680], ldap[0x2293b40] > (Fri Jul 11 17:19:27 2014) [sssd[be[lan.xxx.com.uy]]] [sdap_process_message] > (0x4000): Message type: [LDAP_RES_EXTENDED] > (Fri Jul 11 17:19:27 2014) [sssd[be[lan.xxx.com.uy]]] [ipa_s2n_exop_done] > (0x0400): ldap_extended_operation result: Operations error(1), (null) > (Fri Jul 11 17:19:27 2014) [sssd[be[lan.xxx.com.uy]]] [ipa_s2n_get_user_done] > (0x0040): s2n exop request failed. What IPA version are you testing with? The debugging procedure differs for versions with winbind on the server side and with sssd.. -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
