On Tue, 14 Oct 2014, Orkhan Gasimov wrote:
Thanks to both of you for the interest.
Here`s the info you asked:
1. Putting "debug_level = 7" either in [domain] or/and [nss] section
of the /usr/local/etc/sssd/sssd.conf file gives nothing in the log.
The log file located at /var/log/sssd/sssd.log is only populated with
data when I make some errors in sssd.conf & sssd process fails to
start. But that`s the case only if I deliberately introduce some
errors; with current configuration sssd starts successfully.
SSSD writes separate log files per each section, so you need to look at
/var/log/sssd/sssd_mydomain.com.log for [domain/mydomain.com] and
/var/log/sssd/sssd_nss.log for nss section.
3. The users created at the IPA server can`t locally log in to the
server, but it`s possible to ssh to the server as an IPA user from the
FreeBSD host. However, there are some interesting behaviors (again,
this is what happens when just following the IPA Quick Start Quide for
the server side & the post from FreeBSD forums for the client side):
- home directories are not automatically created on the IPA server;
- "id" command output shows correct uid, but the group of any IPA
user doesn`t show as "ipausers" - instead, the group name is the same
as username, + something like
In FreeIPA in Fedora we switched off ipausers being a POSIX group.
FreeIPA supports POSIX and non-POSIX groups; the latter is for grouping
purposes as groups can be nested in FreeIPA. 'ipausers' is the group
every user is a member of but it is not a POSIX group anymore so it has
less effect on performance in large deployments (tens of thousands
users in the same group).
So it is expected. The group named as a username is a user-private group
which is maintained automatically per each user. It has the same GID as
/ Alexander Bokovoy
Manage your subscription for the Freeipa-users mailing list:
Go To http://freeipa.org for more info on the project