Roberto Cornacchia wrote: > Hi Rob, > > Yes, sssd is running and this is sssd.conf: > > [domain/hq.example.com <http://hq.example.com>] > debug_level=9 > cache_credentials = True > krb5_store_password_if_offline = True > ipa_domain = hq.example.com <http://hq.example.com> > id_provider = ipa > auth_provider = ipa > access_provider = ipa > ipa_hostname = meson.hq.example.com > chpass_provider = ipa > ipa_server = _srv_, ipa.hq.example.com > ldap_tls_cacert = /etc/ipa/ca.crt > [sssd] > services = nss, sudo, pam, ssh > config_file_version = 2 > > domains = hq.example.com > [nss] > homedir_substring = /home > debug_level=9 > > [pam] > > [sudo] > > [autofs] > > [ssh] > > [pac] > > [ifp]
Ok, that's good. Maybe authconfig didn't do the right thing. I'd add sss to these values in /etc/nsswitch.conf, grepp'd from mine: passwd: files sss shadow: files sss group: files sss services: files sss netgroup: files sss automount: files sss sudoers: sss You've got quite a mix of odd things happening during install. It seems like DNS and firewall can be ruled out given that lots of other operations are working fine, and you've confirmed that NTP works pre-install. I guess working on a cleanish system, the things I'd look for on both client and server are the system logs to see if any errors are being thrown to syslog or service-specific logs. And I'd check for SELinux errors on the client if you're in enforcing mode. rob -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
