I have a newly installed OEL 7.1 server (7.0 DVD, then yum updated to 7.1)
The ipa-client is installed, making this server an ipa host.

> getent passwd xxxx

is successful for ipa users.  -->OK

However I cannot log on to the host with ipa users (direct or ssh). -->NOT


When logged on as root (local user), I can “su -“ to my ipa user. -->OK

"> systemctl status sssd" and "> kinit"

both show:

“Invalid UID in persistent keyring name while getting default cache.”

Having googled with this error, I saw some indications that it could be

related to the kernel.



For a fresh OEL install, the default kernel is the uek version. "Aha" I

thought, let’s change back to the standard RHEL kernel.

After a reboot with the RHEL kernel, I was still not able to log in with my

ipa user.

I then logged on as root, and changed to my ipa user via su.

> klist -l


KEYRING:persistent:93397:krb_cache_76B9lf2 (Expired)

I therefore deleted the key:

> kdestroy -A

Then I stopped the sssd service, and cleared the cache in /var/lib/sss/db/,

then restarted sssd

After that I was now able to log on with my ipa user (both direct and via


However I cannot get any other ipa users to logon to this host!  --> NOT OK

The same users can successfully logon to other ipa hosts in the same


My ipa user was the one used to enroll the host.

Any ideas?

sssd version = 1.12.2 58.el7_1.18

ipa-client version = 4.1.0 18.0.1.el7_1.4


Oracle Linux Server, with Unbreakable Enterprise Kernel


Oracle Linux Server, with Linux 3.10.0-229.20.1.el7.x86_64
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to