> On 22 Apr 2016, at 19:21, Rakesh Rajasekharan <rakesh.rajasekha...@gmail.com> > wrote: > > Hi Jakub > > > the child only had that much info.. > > from the domain logs. it looks that it was able to resolve the master . > However, the ldap results say found nothing. > > I was earlier running an openldap client on this host and then migrated to > IPA. > > /etc/openldap/ldap.conf was still pointing to the older ldap master.. > > #File modified by ipa-client-install > > URI ldaps://older-ldap-master.com:636/ > BASE dc=xyz,dc=com > TLS_CACERT /etc/ipa/ca.crt > > TLS_CACERTDIR /etc/openldap/cacerts] > > I corrected that to point to IPA and noticed that getent passwd now > successfully lists all the users. > However, the authentication does not work yet. ( ldapsearch -x though shows > all the users ). > > I re-tested it now... > below is the domain log > (Fri Apr 22 16:57:21 2016) [sssd[be[xyz.com]]] [ldb] (0x4000): start ldb > transaction (nesting: 3) > (Fri Apr 22 16:57:21 2016) [sssd[be[xyz.com]]] [ldb] (0x4000): Added timed > event "ltdb_callback": 0x118fab0 > > (Fri Apr 22 16:57:21 2016) [sssd[be[xyz.com]]] [ldb] (0x4000): Added timed > event "ltdb_timeout": 0x11925f0 > > (Fri Apr 22 16:57:21 2016) [sssd[be[xyz.com]]] [ldb] (0x4000): Running timer > event 0x118fab0 "ltdb_callback" > > (Fri Apr 22 16:57:21 2016) [sssd[be[xyz.com]]] [ldb] (0x4000): Destroying > timer event 0x11925f0 "ltdb_timeout" > > (Fri Apr 22 16:57:21 2016) [sssd[be[xyz.com]]] [ldb] (0x4000): Ending timer > event 0x118fab0 "ltdb_callback" > > (Fri Apr 22 16:57:21 2016) [sssd[be[xyz.com]]] [ldb] (0x4000): cancel ldb > transaction (nesting: 3) > (Fri Apr 22 16:57:21 2016) [sssd[be[xyz.com]]] [ldb] (0x4000): commit ldb > transaction (nesting: 2) > (Fri Apr 22 16:57:21 2016) [sssd[be[xyz.com]]] [ldb] (0x4000): commit ldb > transaction (nesting: 1) > (Fri Apr 22 16:57:21 2016) [sssd[be[xyz.com]]] [sdap_save_users] (0x4000): > User 0 processed! > (Fri Apr 22 16:57:21 2016) [sssd[be[xyz.com]]] [ldb] (0x4000): commit ldb > transaction (nesting: 0) > (Fri Apr 22 16:57:21 2016) [sssd[be[xyz.com]]] [sdap_get_users_done] > (0x4000): Saving 1 Users - Done > (Fri Apr 22 16:57:21 2016) [sssd[be[xyz.com]]] [sdap_id_op_done] (0x4000): > releasing operation connection > (Fri Apr 22 16:57:21 2016) [sssd[be[xyz.com]]] [ldb] (0x4000): Added timed > event "ltdb_callback": 0x118fd20 > > (Fri Apr 22 16:57:21 2016) [sssd[be[xyz.com]]] [ldb] (0x4000): Added timed > event "ltdb_timeout": 0x1182770 > > (Fri Apr 22 16:57:21 2016) [sssd[be[xyz.com]]] [ldb] (0x4000): Running timer > event 0x118fd20 "ltdb_callback" > > (Fri Apr 22 16:57:21 2016) [sssd[be[xyz.com]]] [ldb] (0x4000): Destroying > timer event 0x1182770 "ltdb_timeout" > > (Fri Apr 22 16:57:21 2016) [sssd[be[xyz.com]]] [ldb] (0x4000): Ending timer > event 0x118fd20 "ltdb_callback" > > (Fri Apr 22 16:57:21 2016) [sssd[be[xyz.com]]] [sdap_id_op_connect_step] > (0x4000): reusing cached connection > (Fri Apr 22 16:57:21 2016) [sssd[be[xyz.com]]] > [ipa_get_ad_override_connect_done] (0x4000): Searching for overrides in view > [Default Trust View] with filter > [(&(objectClass=ipaOverrideAnchor)(ipaAnchorUUID=:IPA:xyz.com:8c7e86dc-0536-11e6-94f8-0e49bd988575))]. > (Fri Apr 22 16:57:21 2016) [sssd[be[xyz.com]]] [sdap_print_server] (0x2000): > Searching 10.0.4.175 > (Fri Apr 22 16:57:21 2016) [sssd[be[xyz.com]]] [sdap_get_generic_ext_step] > (0x0400): calling ldap_search_ext with > [(&(objectClass=ipaOverrideAnchor)(ipaAnchorUUID=:IPA:xyz.com:8c7e86dc-0536-11e6-94f8-0e49bd988575))][cn=Default > Trust View,cn=views,cn=accounts,dc=xyz,dc=com]. > (Fri Apr 22 16:57:21 2016) [sssd[be[xyz.com]]] [sdap_get_generic_ext_step] > (0x2000): ldap_search_ext called, msgid = 105 > (Fri Apr 22 16:57:21 2016) [sssd[be[xyz.com]]] [sdap_process_result] > (0x2000): Trace: sh[0x1173050], connected[1], ops[0x115c810], ldap[0x1164b30] > (Fri Apr 22 16:57:21 2016) [sssd[be[xyz.com]]] [sdap_process_result] > (0x2000): Trace: ldap_result found nothing! > (Fri Apr 22 16:57:21 2016) [sssd[be[xyz.com]]] [sdap_process_result] > (0x2000): Trace: sh[0x1173050], connected[1], ops[0x115c810], ldap[0x1164b30 >
This log snippet is again completely unrelated to login. It just says there are no overrides applicable for this user. Please run: date; ssh $user@$host; date; and attach all logs between the two date outputs. -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project