On Fri, Nov 20, 2015 at 04:44:38PM +0100, Karl Forner wrote:
> My server runs ubuntu 14.04 and uses sssd 1.12.5-1~trusty1.
> The freeipa server runs inside a docker (an adelton/freeipa-server), and
> the docker host pretends to be the freeIPA server by forwarding the
> appropriate ports.

Is the Docker host the same machine that runs that sssd
1.12.5-1~trusty1 and that you try to ssh to?

Assuming it's the same machine, when you IPA-enrolled the host
machine, was Docker container's internal (172.*) IP address used or
the public interface of the host?

> I'm unable to connect using ssh onto it, using any kind of local or freeIPA
> accounts onto it.

What does ssh -v root@the-host say? Do you fail to connect or do you
fail to authenticate? How do you try to authenticate -- Kerberos ticket
(kinit on client) or using password on sshd prompt?

> The DNS server (provided by freeIPA) works kine though (i.e. nslookup
> server server works).

And does it return the correct IP address, the public address of the

> Fortunately, I have the monit web app running on the server that allows to
> restart the ssh service.
> After restarting ssh remotely. I am now able to connect to the server.
> It seems that all works fine again once I restart sssd on the server.

Do you restart the sshd service, sssd service, or both?

Jan Pazdziora
Senior Principal Software Engineer, Identity Management Engineering, Red Hat

Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to