On 10/27/2014 07:38 PM, Craig White wrote:
RHEL 6.5 -- new install
On the master, I get nothing
[root@ipa001 log]# getent passwd admin
But it works on the replica as expected
[root@ipa002nadev01 ~]# getent passwd admin
I am used to using PADL / NSSWITCH with OpenLDAP and I am rather
surprised that on both, 'getent passwd' and 'getent group' return only
entries from local files but then again, I've never used sssd before.
Partial from /etc/sssd/sssd.conf
cache_credentials = True
krb5_store_password_if_offline = True
ipa_domain = stt.local
id_provider = ipa
auth_provider = ipa
access_provider = ipa
ipa_hostname = ipa001nadev01.stt.local
chpass_provider = ipa
ipa_server = ipa001nadev01.stt.local
ldap_tls_cacert = /etc/ipa/ca.crt
services = nss, sudo, pam, ssh
config_file_version = 2
domains = stt.local
debug_level = 6
Shouldn't I be seeing both local files and IPA defined users with
'getent passwd' and IPA defined users with 'getent group' commands?
What could cause 'getent passwd admin' not to work on the master
server now when I know I tested it when I first set it up and it
worked? I have done little more than import users and groups from
OpenLDAP and configure HBAC, sudo stuff in the IPA web UI.
Please check on master:
1. Installation logs. Client on the server is installed last and may be
there is something that went wrong at this stage but the rest of the
server is OK.
2. DNS. Can you resolve the host properly?
3. Firewall. Can you kinit admin or or do an ldap search?
SkyTouch Technology 4225 E. Windrose Dr. Phoenix, AZ 85032
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.
Manage your subscription for the Freeipa-users mailing list:
Go To http://freeipa.org for more info on the project