Thanks for taking time to find a solution.

1. Location of log files is /var/log/sssd , I just didn`t know that each section of sssd.conf file produced its own log file:


/var/log/sssd/sssd_<your.domain>.log
/var/log/sssd/sssd_nss.log

2. For the client side, here again the list of snapshots taken from my FreeBSD VM when I installed necessary ports, maybe these snapshots will provide some additional info on sssd behavior:

clean_install
starting_sssd_install
krb5_choice_added_LDAP
openldap24-sasl-client_choice_added_FETCH_GSSAPI
cyrus-sasl2_choice_defaults
bind_choice_added_GSSAPI_MIT
sssd_installation_finished
sudo_installed_with_INSULTS_LDAP_SSSD
cyrus-sasl2-gssapi_choice_added_MIT
all_ports_installed_directories_created
all_configs_applied_sssd_started

3. For the server side, one thing that I had to do differently when adding the client to the server, is I used the "--force" option, as the server complained about the host not having a DNS A record (I don`t run DNS server on IPA server).

14-Oct-14 12:48, Fraser Tweedale пишет:
On Tue, Oct 14, 2014 at 12:34:09PM +0500, Orkhan Gasimov wrote:
With help from Alexander Bokovoy I found correct log destinations:

sssd-domain-log:
https://cloud.mail.ru/public/1e803a00989e%2Fsssd_eurosel.az.log
sssd-nss-log: https://cloud.mail.ru/public/ae41ae3b44b6%2Fsssd_nss.log

These files are from my second Fedora - FreeBSD setup, they have different
domain name, but everything else is identical.

Interestingly enough, there are lines in sssd_nss.log telling that there are
no users or groups in the domain. But as I said, I can ssh to the IPA server
as an IPA user.

Hi Orkhan,

Thanks for the logs.  What were their actual locations?

I'm going to try and reproduce your setup and see whether I get the
same outcome.  I have been building and installing the ports as
indicated in the forum post, and one thing I have noticed is that
there are a lot of configuration options on some of the important
ports - perhaps there was an important option that the author forgot
to mention.

It is the end of the day for me, but sssd is now installed so I
should let you know tomorrow whether I am running into the same
issues as you, or whether I find success.

(As a side node: once I get to a working setup I will create and
publish a pkg(8) repo with the needed ports built with the correct
options and make.conf variables.  This should make it easier and
certainly quicker to use FreeBSD as a FreeIPA client.)

Cheers,

Fraser

14-Oct-14 00:32, Lukas Slebodnik пишет:
On (13/10/14 20:33), Jakub Hrozek wrote:
On Mon, Oct 13, 2014 at 10:10:12PM +0400, Орхан Касумов wrote:
  Good day to everybody.
There`s a post on how to make a FreeBSD client work with a FreeIPA server:  
https://forums.freebsd.org/viewtopic.php?f=39&t=46526&p=260146#p260146
For some reason the instructions in that post don`t lead to a working solution.
Getent passwd/group return no data from the IPA server, although ldapsearch 
works fine.
I followed the instructions exactly (+ configured ldap.conf & started sssd) and 
didn`t get errors anywhere, all steps completed successfully.
My setup: 2 VMs, one is the FreeIPA server (on Fedora 20), the other is a 
FreeBSD client (on FreeBSD 10.0).
IPA server is configured as written in the IPA Quick Start Quide, it has no 
integrated DNS server.
Both VMs have identical /etc/hosts file:

::1                    localhost
127.0.0.1         localhost
192.168.1.10   ipa1.mydomain.com ipa1
192.168.1.30   bsd1.mydomain.com bsd1

Seems like some instructions in etc/nsswitch.conf file, like "group: files sss" and 
"passwd: files sss" have no effect.
Does anybody tried this setup, what could be wrong with it?
I can provide outputs of any commands if necessary.
If I shouldn`t have asked this question here, please advise me where to ask.
Any hint on what to do will be highly appreciated!
Hi,

I think SSSD logs would be the best start..

Put debug_level=7 into the [domain] section, restart SSSD and then check
out /var/log/sssd/*.log

"debug_level = 7" can be put into "nss" section as well.
Could you share your sssd configuration file /usr/local/etc/sssd.conf?

LS

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project

Reply via email to