tt ." , Janelle
Cc: "freeipa-users@redhat.com"
Date: 03.08.2015 08:49
Subject: Re: [Freeipa-users] Admin password not accepted during replica
install
Sent by:freeipa-users-boun...@redhat.com
When this command failed for me, it usually was a proble
When this command failed for me, it usually was a problem with SSSD on the
master. The service was down, offline or simply something wrong was with it.
On the master, I would try:
$ id admin
$ ssh admin@localhost # (with password)
If that works, try manual
$ ssh admin@ipa.master.server # with p
I even checked working version (IPA clusters) and they don't even have
this AllowGroups.
Am I missing something ?
2015-08-01 22:52 GMT+02:00 Janelle :
> which points to the configuration of sssd.conf and/or nsswitch.conf
> It is in there. If you say there are no AllowGroups in sshd, it has to be
which points to the configuration of sssd.conf and/or nsswitch.conf
It is in there. If you say there are no AllowGroups in sshd, it has to
be in one of those 2 places.
~J
On 8/1/15 1:26 PM, Matt . wrote:
kinit admin works perfectly, that is such strange.
2015-08-01 22:15 GMT+02:00 Janelle :
kinit admin works perfectly, that is such strange.
2015-08-01 22:15 GMT+02:00 Janelle :
> lastly -- on the master - do you get the same error if you "kinit admin"?
> ~J
>
>
> On 8/1/15 1:05 PM, Matt . wrote:
>>
>> This actually the most important part, and the GSS Failure concerns me:
>>
>> debug1
lastly -- on the master - do you get the same error if you "kinit admin"?
~J
On 8/1/15 1:05 PM, Matt . wrote:
This actually the most important part, and the GSS Failure concerns me:
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /root/.ssh/id_rsa ((nil)),
debug2: key: /root/.ssh/id_dsa (
This actually the most important part, and the GSS Failure concerns me:
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /root/.ssh/id_rsa ((nil)),
debug2: key: /root/.ssh/id_dsa ((nil)),
debug2: key: /root/.ssh/id_ecdsa ((nil)),
debug2: key: /root/.ssh/id_ed25519 ((nil)),
debug1: Authenticat
What is in the logs on the machine that is failing? Can you login to
admin from anywhere? Logs are you best friend.
Also, a simply "ssh -vvv" will help.
~J
On 8/1/15 12:51 PM, Matt . wrote:
Hi,
This didn't fix it yet.
I wonder if there are any checks I can do as in the very past I was
able
Hi,
This didn't fix it yet.
I wonder if there are any checks I can do as in the very past I was
able to do a simple replica without any issues.
Matt
2015-08-01 21:34 GMT+02:00 Janelle :
> Double check you do not have "AllowGroups" set in your /etc/ssh/sshd_config
> file. If you do, add the "adm
