On Sun, May 15, 2016 at 11:11:27AM +1000, Lachlan Musicman wrote:
> We successfully installed ipa-server, and then successfully joined an AD in
> a one way trust.
> All in IPA are Centos 7.2 latest updates.
> I can successfully get info from AD by using: $id username on the server.
> I can successfully *join* the new ipa server with a client using
> ipa-client-install. (both on stdout and /var/log/ipaclient-install look
> I have followed these instructions to add an external mapped group, an
> internal group and a HBAC.
> But, for some reason I can't then login to that client using AD
> In fact, on the client in question, all indicators are that the username
> being used is "unknown". I see little to nothing in /var/log/sssd/*, a few
> lines, late, in /var/log/dirsrv/slapd..../. Most of the live logging of
> auth seems to be in /var/log/secure.
SSSD doesn't log anything except critical failures by default. Please
follow https://fedorahosted.org/sssd/wiki/Troubleshooting to see what's
going on on the client.
> My feeling is that the client successfully joins, but then isn't using sssd
> as it's authentication system.
> Where should I start looking? The logs aren't showing me anything of note.
> What should I test? How can I test?
> I have had this working previously on a test domain, but it's hard to know
> what I've done differently due to time and how long it took to get it
> working last time.
> The most dangerous phrase in the language is, "We've always done it this
> - Grace Hopper
> Manage your subscription for the Freeipa-users mailing list:
> Go to http://freeipa.org for more info on the project
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project