RHEL 6.5 - new install
ipa-server-3.0.0-42.el6.x86_64
389-ds-base-1.2.11.15-47.el6.x86_64

On the master, I get nothing

[root@ipa001 log]# getent passwd admin
[root@ipa001 log]#

But it works on the replica as expected

[root@ipa002nadev01 ~]# getent passwd admin
admin:*:1140000000:1110000000:Administrator:/home/admin:/bin/bash

I am used to using PADL / NSSWITCH with OpenLDAP and I am rather surprised that 
on both, 'getent passwd' and 'getent group' return only entries from local 
files but then again, I've never used sssd before.

Partial from /etc/sssd/sssd.conf
[domain/stt.local]
cache_credentials = True
krb5_store_password_if_offline = True
ipa_domain = stt.local
id_provider = ipa
auth_provider = ipa
access_provider = ipa
ipa_hostname = ipa001nadev01.stt.local
chpass_provider = ipa
ipa_server = ipa001nadev01.stt.local
ldap_tls_cacert = /etc/ipa/ca.crt

[sssd]
services = nss, sudo, pam, ssh
config_file_version = 2
domains = stt.local
debug_level = 6

Shouldn't I be seeing both local files and IPA defined users with 'getent 
passwd' and IPA defined users with 'getent group' commands?

What could cause 'getent passwd admin' not to work on the master server now 
when I know I tested it when I first set it up and it worked?  I have done 
little more than import users and groups from OpenLDAP and configure HBAC, sudo 
stuff in the IPA web UI.

Craig White
System Administrator
O 623-201-8179   M 602-377-9752

[cid:image001.png@01CF86FE.42D51630]

SkyTouch Technology     4225 E. Windrose Dr.     Phoenix, AZ 85032

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project

Reply via email to