from:"Supratik Goswami via FreeIPA\-users"

[Freeipa-users] Why "w" does not list AD users

2017-08-16 Thread Supratik Goswami via FreeIPA-users

I have configured trust between AD and IPA and Linux machines are member of
IPA domain.
When I log into any of the Linux machine and type "w" it does not list the
user AD user with which I just logged in.

Is this a expected behaviour or am I missing something?

-- 
Warm Regards

Supratik
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

[Freeipa-users] Re: ID view is not overriding user attributes

2017-08-08 Thread Supratik Goswami via FreeIPA-users

(Wed Aug  9 04:20:14 2017) [sssd[be[ipa.corp.example.com]]]
[sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with
[(&(objectClass=ipaUserOverride)(uid=supratik.goswami))][cn=Default Trust
View,cn=views,cn=accounts,dc=ipa,dc=corp,dc=example,dc=com]

What I could see here is that it is searching as 'supratik.goswami' and not
'supratik.gos...@ad.corp.example.com' which is the ID View user in the IPA.

How do I fix this?

On Wed, Aug 9, 2017 at 8:53 AM, Supratik Goswami 
wrote:

> Hello everyone,
>
> I have a trust setup between AD and IPA, I have created a user in the
> "Default Trust View" and
> updated the ssh public keys for that user.
>
> When I am trying to login to any Linux system using the ad user it is not
> able to find the keys.
>
> Here is the sshd debug log.
>
> Aug  9 03:04:01 host01 sshd[20102]: debug3: Running AuthorizedKeysCommand:
> "/usr/bin/sss_ssh_authorizedkeys supratik.gosw...@ad.corp.example.com" as
> "nobody"
> Aug  9 03:04:01 host01 sshd[20102]: debug1: restore_uid: 0/0
> Aug  9 03:04:01 host01 sshd[20102]: debug1: temporarily_use_uid: 99/99
> (e=0/0)
> Aug  9 03:04:01 host01 sshd[20106]: debug3: sshd_selinux_setup_variables:
> setting execution context
> Aug  9 03:04:01 host01 sshd[20102]: debug2: key not found
> Aug  9 03:04:01 host01 sshd[20102]: debug1: restore_uid: 0/0
>
> My sshd_config file has the following entries
>
> AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys
> AuthorizedKeysCommandUser nobody
>
> What could be the issue?
>
>
> Thanks
>
> --
> Warm Regards
>
> Supratik
>



-- 
Warm Regards

Supratik
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

[Freeipa-users] Re: ID view is not overriding user attributes

2017-08-09 Thread Supratik Goswami via FreeIPA-users

Can someone please help me to figure out the issue?

Please let me know if any other information is required

On Wed, Aug 9, 2017 at 9:54 AM, Supratik Goswami 
wrote:

> (Wed Aug  9 04:20:14 2017) [sssd[be[ipa.corp.example.com]]]
> [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with
> [(&(objectClass=ipaUserOverride)(uid=supratik.goswami))][cn=Default Trust
> View,cn=views,cn=accounts,dc=ipa,dc=corp,dc=example,dc=com]
>
> What I could see here is that it is searching as 'supratik.goswami' and
> not 'supratik.gos...@ad.corp.example.com' which is the ID View user in
> the IPA.
>
> How do I fix this?
>
> On Wed, Aug 9, 2017 at 8:53 AM, Supratik Goswami  > wrote:
>
>> Hello everyone,
>>
>> I have a trust setup between AD and IPA, I have created a user in the
>> "Default Trust View" and
>> updated the ssh public keys for that user.
>>
>> When I am trying to login to any Linux system using the ad user it is not
>> able to find the keys.
>>
>> Here is the sshd debug log.
>>
>> Aug  9 03:04:01 host01 sshd[20102]: debug3: Running
>> AuthorizedKeysCommand: "/usr/bin/sss_ssh_authorizedkeys
>> supratik.gosw...@ad.corp.example.com" as "nobody"
>> Aug  9 03:04:01 host01 sshd[20102]: debug1: restore_uid: 0/0
>> Aug  9 03:04:01 host01 sshd[20102]: debug1: temporarily_use_uid: 99/99
>> (e=0/0)
>> Aug  9 03:04:01 host01 sshd[20106]: debug3: sshd_selinux_setup_variables:
>> setting execution context
>> Aug  9 03:04:01 host01 sshd[20102]: debug2: key not found
>> Aug  9 03:04:01 host01 sshd[20102]: debug1: restore_uid: 0/0
>>
>> My sshd_config file has the following entries
>>
>> AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys
>> AuthorizedKeysCommandUser nobody
>>
>> What could be the issue?
>>
>>
>> Thanks
>>
>> --
>> Warm Regards
>>
>> Supratik
>>
>
>
>
> --
> Warm Regards
>
> Supratik
>



-- 
Warm Regards

Supratik
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

[Freeipa-users] Re: ID view is not overriding user attributes

2017-08-09 Thread Supratik Goswami via FreeIPA-users

Hi Jakub,

Thanks for looking into the issue, please find the details you have
requested.

1. ipa idoverrideuser-show "Default Trust View"
supratik.gosw...@ad.corp.example.com
  Anchor to override: supratik.gosw...@ad.corp.example.com
  Login shell: /bin/bash
  SSH public key: ssh-rsa

B3NzaC1yc2EDAQABAAABAQDzeYIANc6N/96ko+cxz3aZVvGnttWjA8+939hb2eWFfM+2SKhVJylU0GPrHpKDRuE2letQxdPE+jI4gabiM3p0x7BeuxDPrPtQ5CoOK9JmYrEuom89p6UPs9tZCtx2glWSybeSENtPLj9pxfZN7dJvYtrGwSrgYHNtJ9dyEVN34ho1ZEsw3ARJW0sV4ccBJNuKEeswotCvWJag9L4yBQf7mUEJpKAcKfrPocP4BC1PiTQ5mgtykcd88dakd0zATpVS99t+JABH95MhXt4kKYgLg1wiqg8NKxz5Nkn9k1BGxM9NNZ3lA0zrijJVcwdsRDvl6rFyXUCHXaDJZR5Pehdv
  supratik@Supratiks-MacBook-Pro.local

2. ipa idoverrideuser-show "Default Trust View"
supratik.gosw...@ad.corp.example.com --all --raw
  dn:
ipaanchoruuid=:SID:S-1-5-21-3704658179-702631923-1581593159-1129,cn=Default
Trust View,cn=views,cn=accounts,dc=ipa,dc=corp,dc=example,dc=com
  ipaanchoruuid: :SID:S-1-5-21-3704658179-702631923-1581593159-1129
  loginshell: /bin/bash
  ipasshpubkey:
c3NoLXJzYSBBQUFBQjNOemFDMXljMkVBQUFBREFRQUJBQUFCQVFEemVZSUFOYzZOLzk2a28rY3h6M2FaVnZHbnR0V2pBOCs5MzloYjJlV0ZmTSsyU0toVkp5bFUwR1BySHBLRFJ1RTJsZXRReGRQRStqSTRnYWJpTTNwMHg3QmV1eERQclB0UTVDb09LOUptWXJFdW9tODlwNlVQczl0WkN0eDJnbFdTeWJlU0VOdFBMajlweGZaTjdkSnZZdHJHd1NyZ1lITnRKOWR5RVZOMzRobzFaRXN3M0FSSlcwc1Y0Y2NCSk51S0Vlc3dvdEN2V0phZzlMNHlCUWY3bVVFSnBLQWNLZnJQb2NQNEJDMVBpVFE1bWd0eWtjZDg4ZGFrZDB6QVRwVlM5OXQrSkFCSDk1TWhYdDRrS1lnTGcxd2lxZzhOS3h6NU5rbjlrMUJHeE05Tk5aM2xBMHpyaWpKVmN3ZHNSRHZsNnJGeVhVQ0hYYURKWlI1UGVoZHYgc3VwcmF0aWtAU3VwcmF0aWtzLU1hY0Jvb2stUHJvLmxvY2Fs
  ipaoriginaluid: supratik.gosw...@ad.corp.example.com
  objectClass: ipaOverrideAnchor
  objectClass: top
  objectClass: ipaUserOverride
  objectClass: ipasshuser
  objectClass: ipaSshGroupOfPubKeys
  sshpubkeyfp: 1A:6E:50:EC:5C:DD:9F:80:39:B2:81:C3:49:61:73:67
supratik@Supratiks-MacBook-Pro.local (ssh-rsa)

3. date; sss_ssh_authorizedkeys supratik.gos...@ad.corp.example.com; date
Wed Aug  9 13:58:13 UTC 2017
Error looking up public keys
Wed Aug  9 13:58:13 UTC 2017

(Wed Aug  9 13:58:12 2017) [sssd[be[ipa.corp.example.com]]] [sbus_dispatch]
(0x4000): dbus conn: 0x23ff770
(Wed Aug  9 13:58:12 2017) [sssd[be[ipa.corp.example.com]]] [sbus_dispatch]
(0x4000): Dispatching.
(Wed Aug  9 13:58:12 2017) [sssd[be[ipa.corp.example.com]]]
[sbus_message_handler] (0x2000): Received SBUS method
org.freedesktop.sssd.service.ping on path /org/freedesktop/sssd/service
(Wed Aug  9 13:58:12 2017) [sssd[be[ipa.corp.example.com]]]
[sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit
(Wed Aug  9 13:58:13 2017) [sssd[be[ipa.corp.example.com]]] [sbus_dispatch]
(0x4000): dbus conn: 0x2420ca0
(Wed Aug  9 13:58:13 2017) [sssd[be[ipa.corp.example.com]]] [sbus_dispatch]
(0x4000): Dispatching.
(Wed Aug  9 13:58:13 2017) [sssd[be[ipa.corp.example.com]]]
[sbus_message_handler] (0x2000): Received SBUS method
org.freedesktop.sssd.dataprovider.getAccountInfo on path
/org/freedesktop/sssd/dataprovider
(Wed Aug  9 13:58:13 2017) [sssd[be[ipa.corp.example.com]]]
[sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit
(Wed Aug  9 13:58:13 2017) [sssd[be[ipa.corp.example.com]]]
[be_get_account_info] (0x0200): Got request for
[0x1][1][name=supratik.goswai]
(Wed Aug  9 13:58:13 2017) [sssd[be[ipa.corp.example.com]]]
[be_req_set_domain] (0x0400): Changing request domain from
[ipa.corp.example.com]
to [ad.corp.example.com]
(Wed Aug  9 13:58:13 2017) [sssd[be[ipa.corp.example.com]]]
[acctinfo_callback] (0x0100): Request processed. Returned 1,11,Offline
(Wed Aug  9 13:58:22 2017) [sssd[be[ipa.corp.example.com]]] [sbus_dispatch]
(0x4000): dbus conn: 0x23ff770
(Wed Aug  9 13:58:22 2017) [sssd[be[ipa.corp.example.com]]] [sbus_dispatch]
(0x4000): Dispatching.
(Wed Aug  9 13:58:22 2017) [sssd[be[ipa.corp.example.com]]]
[sbus_message_handler] (0x2000): Received SBUS method
org.freedesktop.sssd.service.ping on path /org/freedesktop/sssd/service
(Wed Aug  9 13:58:22 2017) [sssd[be[ipa.corp.example.com]]]
[sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit

On Wed, Aug 9, 2017 at 6:43 PM, Jakub Hrozek via FreeIPA-users <
freeipa-users@lists.fedorahosted.org> wrote:

>
> On 9 Aug 2017, at 14:37, Supratik Goswami via FreeIPA-users <
> freeipa-users@lists.fedorahosted.org> wrote:
>
> Can someone please help me to figure out the issue?
>
> Please let me know if any other information is required
>
>
> Describing how you set up the idview and providing SSSD logs is a good
> start.
>
> -  idoverrideuser-show “Default Trust View” supratik.gos...@ad.corp.
> example.com
> - the same with —all —raw
> - enable sssd logs on the client
> - run: date; sss_ssh_authorizedkeys supratik.gos...@ad.corp.example.com;
> date
> - attach the sssd logs
>
> On Wed, Aug 9, 2017 at 9:54 AM, Supratik Goswami <supratiksek...@gmail.com
> > wrote:
>
>

[Freeipa-users] Re: Unable to SSH into Linux machine using AD user

2017-08-07 Thread Supratik Goswami via FreeIPA-users

SSSD version: sssd-1.13.0-40.7.amzn1.x86_64
Linux OS: Amazon Linux

I am seeing only these messages repeated continuously.

(Mon Aug  7 08:37:49 2017) [sssd[be[ipa.corp.example.com]]]
[sbus_message_handler] (0x2000): Received SBUS method
org.freedesktop.sssd.service.ping on path /org/freedesktop/sssd/service
(Mon Aug  7 08:37:49 2017) [sssd[be[ipa.corp.example.com]]]
[sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit
(Mon Aug  7 08:37:59 2017) [sssd[be[ipa.corp.example.com]]] [sbus_dispatch]
(0x4000): dbus conn: 0x12e4650
(Mon Aug  7 08:37:59 2017) [sssd[be[ipa.corp.example.com]]] [sbus_dispatch]
(0x4000): Dispatching.


On Mon, Aug 7, 2017 at 1:52 PM, Jakub Hrozek <jhro...@redhat.com> wrote:

> Which sssd version is this on what OS?
>
> stracing the sssd processes might help, using this in the [domain] section:
> command = strace -ff -o /tmp/sssd_be_strace /usr/libexec/sssd/sssd_be
> --debug-level=10 --domain ipa.example.com --uid=0 --gid=0
> (You’d need to substitute ipa.example.com for your domain, just see how
> the processes are invoked normally in systemctl status sssd)
>
> On 7 Aug 2017, at 08:37, Supratik Goswami <supratiksek...@gmail.com>
> wrote:
>
> Hi Jakub
>
> /tmp directory has permission
>
> drwxrwxrwt 7 root root 4096 Aug  7 05:46 /tmp
>
> On Mon, Aug 7, 2017 at 11:57 AM, Jakub Hrozek <jhro...@redhat.com> wrote:
>
>>
>> > On 7 Aug 2017, at 07:38, Supratik Goswami via FreeIPA-users <
>> freeipa-users@lists.fedorahosted.org> wrote:
>> >
>> > 
>>
>> Judging by:
>> (Mon Aug  7 05:30:14 2017) [[sssd[krb5_child[26789 [create_ccache]
>> (0x0020): 735: [13][Permission denied]
>>
>> I would check the permissions on the /tmp directory.
>>
>>
>
>
> --
> Warm Regards
>
> Supratik
>
>
>


-- 
Warm Regards

Supratik
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

[Freeipa-users] Re: Unable to SSH into Linux machine using AD user

2017-08-07 Thread Supratik Goswami via FreeIPA-users

Hi Jakub

/tmp directory has permission

drwxrwxrwt 7 root root 4096 Aug  7 05:46 /tmp

On Mon, Aug 7, 2017 at 11:57 AM, Jakub Hrozek <jhro...@redhat.com> wrote:

>
> > On 7 Aug 2017, at 07:38, Supratik Goswami via FreeIPA-users <
> freeipa-users@lists.fedorahosted.org> wrote:
> >
> > 
>
> Judging by:
> (Mon Aug  7 05:30:14 2017) [[sssd[krb5_child[26789 [create_ccache]
> (0x0020): 735: [13][Permission denied]
>
> I would check the permissions on the /tmp directory.
>
>


-- 
Warm Regards

Supratik
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

[Freeipa-users] Unable to SSH into Linux machine using AD user

2017-08-06 Thread Supratik Goswami via FreeIPA-users

Hi

I am using trust between AD and IPA

AD domain: ad.corp.example.com
IPA domain: ipa.corp.example.com

I am able to login using SSH to the IPA server using the AD user, when I am
trying to login using
SSH to the Linux client which is a member of the IPA domain it does not
work.

Please find my /etc/krb5.conf in the client machine below

[libdefaults]
  #default_realm = IPA.CORP.EXAMPLE.COM
  dns_lookup_realm = false
  dns_lookup_kdc = false
  rdns = false
  ticket_lifetime = 24h
  forwardable = yes
  udp_preference_limit = 0
#  default_ccache_name = KEYRING:persistent:%{uid}


[realms]
  IPA.CORP.EXAMPLE.COM = {
kdc = ipa01.ipa.corp.example.com:88
master_kdc = ipa01.ipa.corp.example.com:88
admin_server = ipa01.ipa.corp.example.com:749
#default_domain = ipa.corp.example.com
pkinit_anchors = FILE:/etc/ipa/ca.crt
auth_to_local = RULE:[1:$1@$0](^.*@AD.CORP.EXAMPLE.COM$)s/@
AD.CORP.EXAMPLE.COM/@ad.corp.example.com/
auth_to_local = DEFAULT

  }

  AD.CORP.EXAMPLE.COM = {
kdc = ad01.ad.corp.example.com:88
master_kdc = ad01.ad.corp.example.com:88
  }

[domain_realm]
 .ipa.corp.example.com = IPA.CORP.EXAMPLE.COM
 ipa.corp.example.com = IPA.CORP.EXAMPLE.COM
 .ad.corp.example.com = AD.CORP.EXAMPLE.COM
 ad.corp.example.com = AD.CORP.EXAMPLE.COM


Please find my SSD config below

[sssd]
config_file_version = 2
services = nss, sudo, pam, ssh
domains = ipa.corp.exampl.com

[nss]
homedir_substring = /home

[domain/ipa.corp.example.com]
debug_level = 9
krb5_store_password_if_offline = True
id_provider = ipa
auth_provider = ipa
access_provider = ipa
cache_credentials = True
krb5_store_password_if_offline = True
ipa_domain = ipa.corp.example.com
ipa_hostname = host01.ipa.corp.example.com
ipa_server = _srv_, ipa01.ipa.corp.example.com
chpass_provider = ipa
ldap_tls_cacert = /etc/ipa/ca.crt
dns_discovery_domain = ipa.corp.example.com

[pam]

[sudo]

[autofs]

[ssh]

[pac]

[ifp]


Please find the krb5_child.log attached.

Please help me to understand what I am missing here or what may be the
issue.

Thanks

-- 
Warm Regards

Supratik


krb5_child.log
Description: Binary data
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

[Freeipa-users] Re: Why "w" does not list AD users

2017-08-18 Thread Supratik Goswami via FreeIPA-users

Hi Jakub

I was trying to login to the box as usern...@addomain.com
<usern...@adserver.addomain.com>.

After some research I came across this post https://www.freeipa.org/
page/V4/AD_User_Short_Names and I am able to to now login using the user
short name
it is also now showing after I type "w" but now in the "ps" output it is
listing the user id but not the user name.

Any pointers would be greatly appreciated

Thanks!


On Wed, Aug 16, 2017 at 5:59 PM, Jakub Hrozek via FreeIPA-users <
freeipa-users@lists.fedorahosted.org> wrote:

> On Wed, Aug 16, 2017 at 01:04:05PM +0530, Supratik Goswami via
> FreeIPA-users wrote:
> > I have configured trust between AD and IPA and Linux machines are member
> of
> > IPA domain.
> > When I log into any of the Linux machine and type "w" it does not list
> the
> > user AD user with which I just logged in.
>
> How exactly did you log in?
>
> I'm not sure if my knowledge of these details is correct, but I thought
> that programs like "w" look at the utmp file which is these days handled
> by systemd-logind. So I would say that whether the user should be listed
> also depends on whether the login creates a logind session. Notably "su"
> does not create a session, but e.g. ssh or login through the text
> console does.
>
> Typing "loginctl" should give some info as well.
> ___
> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
> To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
>



-- 
Warm Regards

Supratik
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

[Freeipa-users] Re: Why "w" does not list AD users

2017-08-23 Thread Supratik Goswami via FreeIPA-users

Hi Jakub

The logs are captured at the same time from both servers, you are seeing
this difference because of different timezone setting.
IPA server was at EDT and the Linux machine is set to UTC, I have made that
fix now. Do you want me to send the logs again?



On Mon, Aug 21, 2017 at 8:12 PM, Jakub Hrozek <jhro...@redhat.com> wrote:

> The client and server logs are 4 hours apart, do you have log files that
> capture the same time interval?
>
> On Fri, Aug 18, 2017 at 07:52:44PM +0530, Supratik Goswami wrote:
> > Yes, sorry my mistake.
> >
> > Please find the log entries from both server and client
> >
> > On Fri, Aug 18, 2017 at 7:46 PM, Jakub Hrozek <jhro...@redhat.com>
> wrote:
> >
> > > On Fri, Aug 18, 2017 at 07:38:21PM +0530, Supratik Goswami wrote:
> > > > Here is my sssd.conf file
> > > >
> > > > [sssd]
> > > > config_file_version = 2
> > > > services = nss, sudo, pam, ssh
> > > > domains = ipadomain.com
> > > > default_domain_suffix = adadomain.com
> > > > full_name_format = %1$s
> > > >
> > > > [nss]
> > > > homedir_substring = /home
> > >
> > > --> the debug_level goes here
> > >
> > > >
> > > > [domain/ipadomain.com]
> > > > krb5_use_enterprise_principal = True
> > > >
> > > > debug_level = 9
> > > > krb5_store_password_if_offline = True
> > > > id_provider = ipa
> > > > auth_provider = ipa
> > > > access_provider = ipa
> > > > cache_credentials = True
> > > > krb5_store_password_if_offline = True
> > > > ipa_domain = ipadomain.com
> > > > ipa_hostname = ef01.ipadomain.com
> > > > ipa_server = ipa01.ipadomain.com
> > > > chpass_provider = ipa
> > > > ldap_tls_cacert = /etc/ipa/ca.crt
> > > > dns_discovery_domain = ipadomain.com
> > > >
> > > > entry_cache_timeout = 60
> > > > [pam]
> > > >
> > > > [sudo]
> > > >
> > > > [autofs]
> > > >
> > > > [ssh]
> > > >
> > > > [pac]
> > > >
> > > > [ifp]
> > > >
> > > > On Fri, Aug 18, 2017 at 7:28 PM, Supratik Goswami <
> > > supratiksek...@gmail.com>
> > > > wrote:
> > > >
> > > > >
> > > > >
> > > > > On Fri, Aug 18, 2017 at 7:20 PM, Jakub Hrozek via FreeIPA-users <
> > > > > freeipa-users@lists.fedorahosted.org> wrote:
> > > > >
> > > > >> On Fri, Aug 18, 2017 at 07:13:13PM +0530, Supratik Goswami via
> > > > >> FreeIPA-users wrote:
> > > > >> > When executed in the server I get the below logs
> > > > >> >
> > > > >> > (Fri Aug 18 08:18:26 2017) [sssd[nss]] [orderly_shutdown]
> (0x0010):
> > > > >> > SIGTERM: killing children
> > > > >> > (Fri Aug 18 08:20:04 2017) [sssd[nss]] [orderly_shutdown]
> (0x0010):
> > > > >> > SIGTERM: killing children
> > > > >> > (Fri Aug 18 08:20:11 2017) [sssd[nss]] [orderly_shutdown]
> (0x0010):
> > > > >> > SIGTERM: killing children
> > > > >> > (Fri Aug 18 08:23:32 2017) [sssd[nss]] [orderly_shutdown]
> (0x0010):
> > > > >> > SIGTERM: killing children
> > > > >> >
> > > > >> > In the client side the log file is empty
> > > > >>
> > > > >> Well, we don't log anything by default, you need to increase the
> debug
> > > > >> level. See https://docs.pagure.org/SSSD.
> sssd/users/troubleshooting.
> > > html
> > > > >>
> > > > >>
> > > > > I have set the debug level to 9 but still does not log anything.
> > > > >
> > > > > debug_level = 9
> > > > >
> > > > >
> > > > >> >
> > > > >> > I also looked at the option full_name_format to see if I can
> use the
> > > > >> > username and ignore the domain altogether for displaying.
> > > > >> > As per the documentation "full_name_format parameter sets how
> the
> > > user
> > > > >> name
> > > > >> > and domain name (once determined) are displayed".
> > > > >> > But when I set it to *full_name_format = %1$s*  I am not able to
> > > login
> > > > >>
> > > > >> This won't work on the server at least, but should work on the
> > > clients.
> > > > >> But I would suggest to not change the defaults much and only
> deviate
> > > > >> from the defaults once the baseline works.
> > > > >>
> > > > >
> > > > > I am trying at the client side but after I update this parameter
> login
> > > > > breaks completely.
> > > > >
> > > > >
> > > > >
> > > > >> ___
> > > > >> FreeIPA-users mailing list -- freeipa-users@lists.
> fedorahosted.org
> > > > >> To unsubscribe send an email to freeipa-users-le...@lists.fedo
> > > > >> rahosted.org
> > > > >>
> > > > >
> > > > >
> > > > >
> > > > > --
> > > > > Warm Regards
> > > > >
> > > > > Supratik
> > > > >
> > > >
> > > >
> > > >
> > > > --
> > > > Warm Regards
> > > >
> > > > Supratik
> > >
> >
> >
> >
> > --
> > Warm Regards
> >
> > Supratik
>
>
>
>


-- 
Warm Regards

Supratik
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

[Freeipa-users] Re: Why "w" does not list AD users

2017-08-18 Thread Supratik Goswami via FreeIPA-users

Here is my sssd.conf file

[sssd]
config_file_version = 2
services = nss, sudo, pam, ssh
domains = ipadomain.com
default_domain_suffix = adadomain.com
full_name_format = %1$s

[nss]
homedir_substring = /home

[domain/ipadomain.com]
krb5_use_enterprise_principal = True

debug_level = 9
krb5_store_password_if_offline = True
id_provider = ipa
auth_provider = ipa
access_provider = ipa
cache_credentials = True
krb5_store_password_if_offline = True
ipa_domain = ipadomain.com
ipa_hostname = ef01.ipadomain.com
ipa_server = ipa01.ipadomain.com
chpass_provider = ipa
ldap_tls_cacert = /etc/ipa/ca.crt
dns_discovery_domain = ipadomain.com

entry_cache_timeout = 60
[pam]

[sudo]

[autofs]

[ssh]

[pac]

[ifp]

On Fri, Aug 18, 2017 at 7:28 PM, Supratik Goswami <supratiksek...@gmail.com>
wrote:

>
>
> On Fri, Aug 18, 2017 at 7:20 PM, Jakub Hrozek via FreeIPA-users <
> freeipa-users@lists.fedorahosted.org> wrote:
>
>> On Fri, Aug 18, 2017 at 07:13:13PM +0530, Supratik Goswami via
>> FreeIPA-users wrote:
>> > When executed in the server I get the below logs
>> >
>> > (Fri Aug 18 08:18:26 2017) [sssd[nss]] [orderly_shutdown] (0x0010):
>> > SIGTERM: killing children
>> > (Fri Aug 18 08:20:04 2017) [sssd[nss]] [orderly_shutdown] (0x0010):
>> > SIGTERM: killing children
>> > (Fri Aug 18 08:20:11 2017) [sssd[nss]] [orderly_shutdown] (0x0010):
>> > SIGTERM: killing children
>> > (Fri Aug 18 08:23:32 2017) [sssd[nss]] [orderly_shutdown] (0x0010):
>> > SIGTERM: killing children
>> >
>> > In the client side the log file is empty
>>
>> Well, we don't log anything by default, you need to increase the debug
>> level. See https://docs.pagure.org/SSSD.sssd/users/troubleshooting.html
>>
>>
> I have set the debug level to 9 but still does not log anything.
>
> debug_level = 9
>
>
>> >
>> > I also looked at the option full_name_format to see if I can use the
>> > username and ignore the domain altogether for displaying.
>> > As per the documentation "full_name_format parameter sets how the user
>> name
>> > and domain name (once determined) are displayed".
>> > But when I set it to *full_name_format = %1$s*  I am not able to login
>>
>> This won't work on the server at least, but should work on the clients.
>> But I would suggest to not change the defaults much and only deviate
>> from the defaults once the baseline works.
>>
>
> I am trying at the client side but after I update this parameter login
> breaks completely.
>
>
>
>> ___
>> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
>> To unsubscribe send an email to freeipa-users-le...@lists.fedo
>> rahosted.org
>>
>
>
>
> --
> Warm Regards
>
> Supratik
>



-- 
Warm Regards

Supratik
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

[Freeipa-users] Re: Why "w" does not list AD users

2017-08-18 Thread Supratik Goswami via FreeIPA-users

In server the ps version is procps-ng version 3.3.10
In the other boxes ps version is procps version 3.2.8



On Fri, Aug 18, 2017 at 5:52 PM, Supratik Goswami 
wrote:

> In the IPA server I am getting in the below format
>
> suprati+  4360  0.0  0.0 172676  2484 ?D08:20   0:00 sshd:
> supra...@addomain.com@pts/1
> suprati+  4361  0.0  0.0 125688  2092 pts/1Ss   08:20   0:00 -bash
> suprati+  4383  0.0  0.0 161360  1828 pts/1R+   08:20   0:00 ps aux
>
> On Fri, Aug 18, 2017 at 3:22 PM, Jakub Hrozek  wrote:
>
>> On Fri, Aug 18, 2017 at 03:09:05PM +0530, Supratik Goswami wrote:
>> > >
>> > > What do you mean by user ID? The numeric UID? How do you invoke ps?
>> >
>> >
>> > Yes, numeric UID. When I type "ps aux" I get the following output
>> >
>> > 1759001108 2375 0.0  0.4 146900  4084 ?S08:55   0:00 sshd:
>> > testu...@addomain.com@pts/0
>> > 1759001108 2376 0.0  0.3 127800  3536 pts/0Ss   08:55   0:00 -sh
>> > 1759001108 2399 0.0  0.2 129656  2544 pts/0R+   08:55   0:00 ps aux
>> >
>> > I want to see "testuser" instead of "1759001108". How can I achieve it?
>>
>> Well, that should work. For some reason, the ID-to-name resolution is
>> not working. Does it work at least on the server?
>>
>
>
>
> --
> Warm Regards
>
> Supratik
>



-- 
Warm Regards

Supratik
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

[Freeipa-users] Why "w" does not list AD users

[Freeipa-users] Re: ID view is not overriding user attributes

[Freeipa-users] Re: ID view is not overriding user attributes

[Freeipa-users] Re: ID view is not overriding user attributes

[Freeipa-users] Re: Unable to SSH into Linux machine using AD user

[Freeipa-users] Re: Unable to SSH into Linux machine using AD user

[Freeipa-users] Unable to SSH into Linux machine using AD user

[Freeipa-users] Re: Why "w" does not list AD users

[Freeipa-users] Re: Why "w" does not list AD users

[Freeipa-users] Re: Why "w" does not list AD users

[Freeipa-users] Re: Why "w" does not list AD users

11 matches

Site Navigation

Mail list logo

Footer information