>To see why the login fails it would be good to >know how you try to log in (I assume ssh) and which authentication method >is used (password, ssh key, Kerberos ticket). >Additionally the SSSD log files might be needed, most important here are the >logs from the PAM and PAC responders and the domain log.
Yes, this is SSH. There are a few hints in the log files on the client: sssd_ipa.middlebury.edu.log: (Fri Mar 27 09:29:14 2015) [sssd[be[ipa.middlebury.edu]]] [ipa_s2n_exop_send] (0x0400): Executing extended operation (Fri Mar 27 09:29:14 2015) [sssd[be[ipa.middlebury.edu]]] [ipa_s2n_exop_send] (0x2000): ldap_extended_operation sent, msgid = 12 (Fri Mar 27 09:29:14 2015) [sssd[be[ipa.middlebury.edu]]] [sdap_process_result] (0x2000): Trace: sh[0xe7f410], connected[1], ops[0xe80680], ldap[0xe641d0] (Fri Mar 27 09:29:14 2015) [sssd[be[ipa.middlebury.edu]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_EXTENDED] (Fri Mar 27 09:29:14 2015) [sssd[be[ipa.middlebury.edu]]] [ipa_s2n_exop_done] (0x0400): ldap_extended_operation result: Protocol error(2), (null) (Fri Mar 27 09:29:14 2015) [sssd[be[ipa.middlebury.edu]]] [ipa_s2n_get_user_done] (0x0040): s2n exop request failed. (Fri Mar 27 09:29:14 2015) [sssd[be[ipa.middlebury.edu]]] [sdap_id_op_done] (0x4000): releasing operation connection (Fri Mar 27 09:29:14 2015) [sssd[be[ipa.middlebury.edu]]] [acctinfo_callback] (0x0100): Request processed. Returned 3,1432158221,Account info lookup failed (Fri Mar 27 09:29:14 2015) [sssd[be[ipa.middlebury.edu]]] [sdap_process_result] (0x2000): Trace: sh[0xe7f410], connected[1], ops[(nil)], ldap[0xe641d0] Sssd_nss.log: (Fri Mar 27 09:29:14 2015) [sssd[nss]] [sss_dp_issue_request] (0x0400): Issuing request for [0x418850:1:ju...@middlebury.edu] (Fri Mar 27 09:29:14 2015) [sssd[nss]] [sss_dp_get_account_msg] (0x0400): Creating request for [middlebury.edu][4097][1][name=juser] (Fri Mar 27 09:29:14 2015) [sssd[nss]] [sbus_add_timeout] (0x2000): 0x6b5a10 (Fri Mar 27 09:29:14 2015) [sssd[nss]] [sss_dp_internal_get_send] (0x0400): Entering request [0x418850:1:ju...@middlebury.edu] (Fri Mar 27 09:29:14 2015) [sssd[nss]] [sbus_remove_timeout] (0x2000): 0x6b5a10 (Fri Mar 27 09:29:14 2015) [sssd[nss]] [sbus_dispatch] (0x4000): dbus conn: 0x6b0aa0 (Fri Mar 27 09:29:14 2015) [sssd[nss]] [sbus_dispatch] (0x4000): Dispatching. (Fri Mar 27 09:29:14 2015) [sssd[nss]] [sss_dp_get_reply] (0x1000): Got reply from Data Provider - DP error code: 3 errno: 1432158221 error message: Account info lookup failed (Fri Mar 27 09:29:14 2015) [sssd[nss]] [nss_cmd_getby_dp_callback] (0x0040): Unable to get information from Data Provider Error: 3, 1432158221, Account info lookup failed Will try to return what we have in cache (Fri Mar 27 09:29:14 2015) [sssd[nss]] [sss_dp_req_destructor] (0x0400): Deleting request: [0x418850:1:ju...@middlebury.edu] I don't see any errors in sssd_pam.log, sssd_pac.log, or sssd_ssh.log. Is this an indication that something is wrong with the trust relationship? If so, why is it happening on this client but not the other one? Any why are the servers working properly? David Guertin -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
