On Fri, Nov 20, 2015 at 04:44:38PM +0100, Karl Forner wrote:
> 
> My server runs ubuntu 14.04 and uses sssd 1.12.5-1~trusty1.
> The freeipa server runs inside a docker (an adelton/freeipa-server), and
> the docker host pretends to be the freeIPA server by forwarding the
> appropriate ports.

Is the Docker host the same machine that runs that sssd
1.12.5-1~trusty1 and that you try to ssh to?

Assuming it's the same machine, when you IPA-enrolled the host
machine, was Docker container's internal (172.*) IP address used or
the public interface of the host?

> I'm unable to connect using ssh onto it, using any kind of local or freeIPA
> accounts onto it.

What does ssh -v root@the-host say? Do you fail to connect or do you
fail to authenticate? How do you try to authenticate -- Kerberos ticket
(kinit on client) or using password on sshd prompt?

> The DNS server (provided by freeIPA) works kine though (i.e. nslookup
> server server works).

And does it return the correct IP address, the public address of the
host?

> Fortunately, I have the monit web app running on the server that allows to
> restart the ssh service.
> 
> After restarting ssh remotely. I am now able to connect to the server.
> It seems that all works fine again once I restart sssd on the server.

Do you restart the sshd service, sssd service, or both?

-- 
Jan Pazdziora
Senior Principal Software Engineer, Identity Management Engineering, Red Hat

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to