Dear All I am having difficulty getting freeipa server (centos 7..3) and clients (centos7.3 and debian 9) to working.
Scenario ipasvr2.inetcom.lan (centos7.3 hosting freeipa server) nfs2.inetcom.lan (centos 7.3 freeipa client also running nfs server) vpn.inetcom.lan (debian 9 freeipa client hosting open vpn) Clients are are to realm and I cal acquire and list tickets on both clients and server. The issue is userdirs mapping is not working when user logs into the ipasvr2 or vpn hosts. They are able to login but their userdirs are not mapped. However the directories are mounted when they login to the nfs2 host. Below are the logs from /var/log/krb5kdc.log Aug 26 03:14:24 ipasvr2.inetcom.lan krb5kdc[2454](info): closing down fd 12 Aug 26 03:14:24 ipasvr2.inetcom.lan krb5kdc[2453](info): TGS_REQ (3 etypes {18 1 23}) 10.7.7.4: ISSUE: authtime 1503717264, etypes {rep=18 tkt=18 ses=18}, host/ipasvr2.inetcom....@inetcom.lan for ldap/ipasvr2.inetcom....@inetcom.lan Aug 26 03:14:24 ipasvr2.inetcom.lan krb5kdc[2453](info): closing down fd 12 Aug 26 03:14:38 ipasvr2.inetcom.lan krb5kdc[2456](info): AS_REQ (3 etypes {18 1 23}) 10.7.7.8: NEEDED_PREAUTH: host/nfs2.inetcom....@inetcom.lan for krbtgt/inetcom....@inetcom.lan, Additional pre-authentication required Aug 26 03:14:38 ipasvr2.inetcom.lan krb5kdc[2456](info): closing down fd 12 Aug 26 03:14:38 ipasvr2.inetcom.lan krb5kdc[2454](info): AS_REQ (3 etypes {18 1 23}) 10.7.7.8: ISSUE: authtime 1503717278, etypes {rep=18 tkt=18 ses=18}, host/nfs2.inetcom....@inetcom.lan for krbtgt/inetcom....@inetcom.lan Aug 26 03:14:38 ipasvr2.inetcom.lan krb5kdc[2454](info): closing down fd 12 Aug 26 03:14:38 ipasvr2.inetcom.lan krb5kdc[2455](info): TGS_REQ (3 etypes {18 1 23}) 10.7.7.8: ISSUE: authtime 1503717278, etypes {rep=18 tkt=18 ses=18}, host/nfs2.inetcom....@inetcom.lan for ldap/ipasvr2.inetcom....@inetcom.lan Aug 26 03:14:38 ipasvr2.inetcom.lan krb5kdc[2455](info): closing down fd 12 and this from /var/log/messages Aug 26 03:18:41 ipasvr2 automount[1228]: handle_packet_missing_indirect: token 93, name admin, request pid 3113 Aug 26 03:18:41 ipasvr2 automount[1228]: dev_ioctl_send_fail: token = 93 Aug 26 03:18:41 ipasvr2 automount[1228]: handle_packet: type = 3 Aug 26 03:18:41 ipasvr2 automount[1228]: handle_packet_missing_indirect: token 94, name admin, request pid 3113 Aug 26 03:18:41 ipasvr2 automount[1228]: dev_ioctl_send_fail: token = 94 Freeipa version 4.4.0 grateful to assist to resolve issue. cheers
_______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org