Roberto Cornacchia wrote:
> Hi Rob,
> 
> Yes, sssd is running and this is sssd.conf:
> 
> [domain/hq.example.com <http://hq.example.com>]
> debug_level=9
> cache_credentials = True
> krb5_store_password_if_offline = True
> ipa_domain = hq.example.com <http://hq.example.com>
> id_provider = ipa
> auth_provider = ipa
> access_provider = ipa
> ipa_hostname = meson.hq.example.com
> chpass_provider = ipa
> ipa_server = _srv_, ipa.hq.example.com
> ldap_tls_cacert = /etc/ipa/ca.crt
> [sssd]
> services = nss, sudo, pam, ssh
> config_file_version = 2
> 
> domains = hq.example.com
> [nss]
> homedir_substring = /home
> debug_level=9
> 
> [pam]
> 
> [sudo]
> 
> [autofs]
> 
> [ssh]
> 
> [pac]
> 
> [ifp]

Ok, that's good. Maybe authconfig didn't do the right thing. I'd add sss
to these values in /etc/nsswitch.conf, grepp'd from mine:

passwd:     files sss
shadow:     files sss
group:      files sss
services:   files sss
netgroup:   files sss
automount:  files sss
sudoers:    sss

You've got quite a mix of odd things happening during install. It seems
like DNS and firewall can be ruled out given that lots of other
operations are working fine, and you've confirmed that NTP works
pre-install.

I guess working on a cleanish system, the things I'd look for on both
client and server are the system logs to see if any errors are being
thrown to syslog or service-specific logs.

And I'd check for SELinux errors on the client if you're in enforcing mode.

rob

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to