On Fri, Nov 20, 2015 at 04:44:38PM +0100, Karl Forner wrote: > > My server runs ubuntu 14.04 and uses sssd 1.12.5-1~trusty1. > The freeipa server runs inside a docker (an adelton/freeipa-server), and > the docker host pretends to be the freeIPA server by forwarding the > appropriate ports.
Is the Docker host the same machine that runs that sssd 1.12.5-1~trusty1 and that you try to ssh to? Assuming it's the same machine, when you IPA-enrolled the host machine, was Docker container's internal (172.*) IP address used or the public interface of the host? > I'm unable to connect using ssh onto it, using any kind of local or freeIPA > accounts onto it. What does ssh -v root@the-host say? Do you fail to connect or do you fail to authenticate? How do you try to authenticate -- Kerberos ticket (kinit on client) or using password on sshd prompt? > The DNS server (provided by freeIPA) works kine though (i.e. nslookup > server server works). And does it return the correct IP address, the public address of the host? > Fortunately, I have the monit web app running on the server that allows to > restart the ssh service. > > After restarting ssh remotely. I am now able to connect to the server. > It seems that all works fine again once I restart sssd on the server. Do you restart the sshd service, sssd service, or both? -- Jan Pazdziora Senior Principal Software Engineer, Identity Management Engineering, Red Hat -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
