On (19/03/16 21:58), pgb205 wrote:
>I have enabled debugging withdebug_level = 7 in sssd.conf
>Receive following error messages:Marking server 'ipa-server' as 'name
>resolved'[be_resolve_server_process] (0x0200): Found address for server
>ipa-server
>[get_port_status] (0x1000): Port status of por
yes the space was indeed the culprit... i cleaned up some and login works
fine now..
Thanks !!
On Tue, Mar 15, 2016 at 1:55 PM, Sumit Bose wrote:
> On Mon, Mar 14, 2016 at 05:50:34PM +0530, Rakesh Rajasekharan wrote:
> > I set up freeipa in my environment and works perfectly.
> >
> > But just o
On Mon, Mar 14, 2016 at 05:50:34PM +0530, Rakesh Rajasekharan wrote:
> I set up freeipa in my environment and works perfectly.
>
> But just on one host , I am not able to authenticate. I get a permission
> denied eror.
>
> The sssd version I have is 1.12
>
> the krb5_child log does point to some
For the error in the krb5_child.log
(Tue Mar 15 04:35:51 2016) [[sssd[krb5_child[13708
[sss_child_krb5_trace_cb] (0x4000): [13708] 1458016551.87210: Received
error from KDC: -1765328359/Additional pre-authentication required
I deleted the sssd cache as well as the /tmp/krb5* and restarted sssd
Simo Sorce wrote:
- Original Message -
Fri Mar 11 12:47:41 2011) [sssd[be[ipa.ac.nz]]]
[sss_krb5_verify_keytab_ex] (0): Principal
[host/fed14-64-ipacl03.ipa.ac...@ipa.ac
.NZ] not found in keytab [default]
(Fri Mar 11 12:47:41 2011) [sssd[be[ipa.ac.nz]]] [setup_child] (0):
Could not verif
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 03/10/2011 07:26 PM, Dmitri Pal wrote:
> On 03/10/2011 06:30 PM, Steven Jones wrote:
>> My problem is "To troubleshoot we need logs. There are all sorts of
>> logs and configuration files on the server and on the client."
> On the client:
>
> Confi
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 03/10/2011 06:30 PM, Steven Jones wrote:
> My problem is "To troubleshoot we need logs. There are all sorts of
> logs and configuration files on the server and on the client."
>
> Thats just it.I dont know where to look.its simply not
> doc
- Original Message -
> Fri Mar 11 12:47:41 2011) [sssd[be[ipa.ac.nz]]]
> [sss_krb5_verify_keytab_ex] (0): Principal
> [host/fed14-64-ipacl03.ipa.ac...@ipa.ac
> .NZ] not found in keytab [default]
> (Fri Mar 11 12:47:41 2011) [sssd[be[ipa.ac.nz]]] [setup_child] (0):
> Could not verify keytab
On 03/10/2011 06:30 PM, Steven Jones wrote:
> My problem is "To troubleshoot we need logs. There are all sorts of logs and
> configuration files on the server and on the client."
On the client:
Config:
1) /etc/sssd/sssd.conf
2) /etc/pam.d/system-auth-ac
3) /etc/nsswitch.conf
Logs
/var/log/sssd
T
] on
behalf of Dmitri Pal [d...@redhat.com]
Sent: Friday, 11 March 2011 11:58 a.m.
To: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] Unable to authenticate a client user against IPA
On 03/10/2011 05:37 PM, Steven Jones wrote:
> I have run the in-install script and it wont delete the cli
On 03/10/2011 06:30 PM, Steven Jones wrote:
> My problem is "To troubleshoot we need logs. There are all sorts of logs and
> configuration files on the server and on the client."
>
> Thats just it.I dont know where to look.its simply not
> documentedso what I need is for someone to te
My problem is "To troubleshoot we need logs. There are all sorts of logs and
configuration files on the server and on the client."
Thats just it.I dont know where to look.its simply not documentedso
what I need is for someone to tell me what logs you needand how to make the
syst
On 03/10/2011 05:37 PM, Steven Jones wrote:
> I have run the in-install script and it wont delete the client in the
ipa system, so again I had to delete it via the web guiI will try
re-installing.
>
> A release candidate?
>
> I dont see howfor me a release candidate should pretty much work
even Jones [steven.jo...@vuw.ac.nz]
Sent: Friday, 11 March 2011 11:17 a.m.
To: Stephen Gallagher; freeipa-users@redhat.com
Subject: Re: [Freeipa-users] Unable to authenticate a client user against IPA
third client wont authenticate either
So I guess its a problem around the install script if n
, 11 March 2011 11:06 a.m.
To: Stephen Gallagher; freeipa-users@redhat.com
Subject: Re: [Freeipa-users] Unable to authenticate a client user against IPA
While installing my third client selinux popped up a warning it was blocking
access to krb5so Im wondering if the reason teh install of the
...@redhat.com] on
behalf of Stephen Gallagher [sgall...@redhat.com]
Sent: Friday, 11 March 2011 4:31 a.m.
To: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] Unable to authenticate a client user against IPA
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 03/10/2011 10:10 AM, Simo Sorce wrote
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 03/10/2011 10:10 AM, Simo Sorce wrote:
> - Original Message -
>> Steven Jones wrote:
>>> Ok,
>>>
>>> However I cant LDAP/Ipa authenticate stillon either
>>> client..
>>>
>>> So what next?
>>
>> sssd handles logins, you can tr
- Original Message -
> Steven Jones wrote:
> > Ok,
> >
> > However I cant LDAP/Ipa authenticate stillon either
> > client..
> >
> > So what next?
>
> sssd handles logins, you can try turning up the log level on that
> (though I suspect it wasn't the reboot that fixed this but r
Steven Jones wrote:
Ok,
However I cant LDAP/Ipa authenticate stillon either client..
So what next?
sssd handles logins, you can try turning up the log level on that
(though I suspect it wasn't the reboot that fixed this but restarting sssd).
As part of ipa-client-install sssd i
.com
Cc: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] Unable to authenticate a client user against IPA
8><---
> 4) Install client again
>
> Everything should work.
> If not please send us the logs.
Not sure which logs as Im losing track of so many
suggestions/t
: [Freeipa-users] Unable to authenticate a client user against IPA
Steven Jones wrote:
> Hi,
>
> I have gone into the webgui and manually removed the no1 client/host, it
> has now joined successfully...
>
> So Yes, the next issue
>
> regards
>
I'm going to try to co
8><---
> 4) Install client again
>
> Everything should work.
> If not please send us the logs.
Not sure which logs as Im losing track of so many
suggestions/threadsbut,
On the client the sssd.log is zero length, the sssd_ipa.ac.nz.log is
zero length
I just tried to add a local user
Steven Jones wrote:
Hi,
I have gone into the webgui and manually removed the no1 client/host, it
has now joined successfully...
So Yes, the next issue
regards
I'm going to try to consolidate a few things here from some other responses.
* You do not need to pre-create the host in order
On 03/09/2011 03:09 PM, Steven Jones wrote:
> On Wed, 2011-03-09 at 14:42 -0500, Dmitri Pal wrote:
>> On 03/09/2011 02:21 PM, Steven Jones wrote:
>>> Hi,
>>>
>>> I had/have already done the uninstall...and re-install.
>>>
>>> Also I registered a brand new 2nd client...that hasnt worked
>>> either..
Hi,
I have gone into the webgui and manually removed the no1 client/host, it
has now joined successfully...
So Yes, the next issue
regards
On Wed, 2011-03-09 at 14:51 -0500, Stephen Gallagher wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> On 03/09/2011 02:45 PM, Steven Jon
On Wed, 2011-03-09 at 14:42 -0500, Dmitri Pal wrote:
> On 03/09/2011 02:21 PM, Steven Jones wrote:
> > Hi,
> >
> > I had/have already done the uninstall...and re-install.
> >
> > Also I registered a brand new 2nd client...that hasnt worked
> > either..
> >
> How did you create the host record f
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 03/09/2011 02:45 PM, Steven Jones wrote:
> I have setup a 2nd client I have the same resultbut it looks like
> the keytab is correct? however LDAP logins still dont work...
>
>
> Keytab name: WRFILE:/etc/krb5.keytab
> KVNO Principal
>
>
I have setup a 2nd client I have the same resultbut it looks like
the keytab is correct? however LDAP logins still dont work...
Keytab name: WRFILE:/etc/krb5.keytab
KVNO Principal
--
1 host/fed14-64-ipacl02.ipa.a
On 03/09/2011 02:21 PM, Steven Jones wrote:
> Hi,
>
> I had/have already done the uninstall...and re-install.
>
> Also I registered a brand new 2nd client...that hasnt worked
> either..
>
How did you create the host record for it on the server?
> regards
>
>
> On Tue, 2011-03-08 at 23:29 -05
Hi,
I had/have already done the uninstall...and re-install.
Also I registered a brand new 2nd client...that hasnt worked
either..
regards
On Tue, 2011-03-08 at 23:29 -0500, Rob Crittenden wrote:
> Steven Jones wrote:
> > Hi,
> >
> > Log,
> >
>
> The error is "Host is already joined" so no
Steven Jones wrote:
Hi,
Log,
The error is "Host is already joined" so no keytab is requested. The
enrollment failed.
ipa-client-install --uninstall should unenroll the client (you can
verify that Keytab is False in ipa host-show on the IPA
server.
If so running ipa-client-install on t
Hi,
I have just done another F14 client and I have the same issue.
regards
regards
On Tue, 2011-03-08 at 19:28 -0500, Simo Sorce wrote:
> On Tue, 8 Mar 2011 19:05:45 -0500 (EST)
> Stephen Gallagher wrote:
>
> >
> >
> > On Mar 8, 2011, at 5:45 PM, Steven Jones
> > wrote:
> >
> > > Keytab n
Hi,
Log,
2011-03-04 15:08:58,725 DEBUG /usr/sbin/ipa-client-install was invoked
with options: {'conf_ntp': True, 'domain': None, 'uninstall': False,
'force': True, 'sssd': True, 'hostname': None, 'permit': False,
'server': None, 'prompt_password': False, 'realm_name': None,
'dns_upda
On Tue, 8 Mar 2011 19:05:45 -0500 (EST)
Stephen Gallagher wrote:
>
>
> On Mar 8, 2011, at 5:45 PM, Steven Jones
> wrote:
>
> > Keytab name: WRFILE:/etc/krb5.keytab
> > KVNO Principal
> >
> > --
> >
> > 8><-
On Mar 8, 2011, at 5:45 PM, Steven Jones wrote:
> Keytab name: WRFILE:/etc/krb5.keytab
> KVNO Principal
>
> --
>
> 8><-
>>
>>
>>
>>
Looks like you have no host key in the keytab. That's the root of the pr
Keytab name: WRFILE:/etc/krb5.keytab
KVNO Principal
--
8><-
>
> Well, here's your problem. The SSSD isn't starting up successfully
> because you don't have a host principal for this server in your
> /etc/krb5.key
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 03/08/2011 04:40 PM, Steven Jones wrote:
> On Tue, 2011-03-08 at 15:50 -0500, Rob Crittenden wrote:
>> Steven Jones wrote:
>>> 8><--
>>>
>>>
>>> So how do I fault find? where do I start?
>>>
>>> ie Where do I start to look to determine why a use
On Tue, 2011-03-08 at 15:50 -0500, Rob Crittenden wrote:
> Steven Jones wrote:
> > 8><--
> >
> >
> > So how do I fault find? where do I start?
> >
> > ie Where do I start to look to determine why a user cannot login to a
> > client via freeipa?
> >
> > How can I be more clear? because so far th
Steven Jones wrote:
8><--
So how do I fault find? where do I start?
ie Where do I start to look to determine why a user cannot login to a
client via freeipa?
How can I be more clear? because so far the replies have been not very
productive.
regards
Add debug_level = 9 to the ipa prov
8><
>
> Steven, sorry you're having such a hard time with this. Let me see if I
> can help point you in the right direction.
>
> I'm trying to look at the history of this thread, but I'm coming into it
> late, so please forgive me if I retread any ground that's already been
> covered.
>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 03/08/2011 02:43 PM, Steven Jones wrote:
> 8><--
>
>
> So how do I fault find? where do I start?
>
> ie Where do I start to look to determine why a user cannot login to a
> client via freeipa?
>
> How can I be more clear? because so far the
8><--
So how do I fault find? where do I start?
ie Where do I start to look to determine why a user cannot login to a
client via freeipa?
How can I be more clear? because so far the replies have been not very
productive.
regards
___
Freeipa-u
8><-
> >
> > getent passwd "user" however only returns one line, not the two I should
> > expect?
>
> Why do you expect two lines? It should only return one, for that user.
>
> >
> > It also returns very fastlike its not even looking remotely.
>
> Is the user in /etc/passwd too?
>
Whe
Steven Jones wrote:
I can do a ldapsearch -x -b "dc=ipa,dc=ac,dc=nz' |more
Which returns LDAP infothat looks finethe query looks OK
getent passwd "user" however only returns one line, not the two I should
expect?
Why do you expect two lines? It should only return one, for that us
I can do a ldapsearch -x -b "dc=ipa,dc=ac,dc=nz' |more
Which returns LDAP infothat looks finethe query looks OK
getent passwd "user" however only returns one line, not the two I should
expect?
It also returns very fastlike its not even looking remotely.
I have run authconfig-tu
Hi,
Where does this log to?
regards
On Mon, 2011-03-07 at 12:33 -0500, Dmitri Pal wrote:
> On 03/06/2011 02:48 PM, Steven Jones wrote:
> > How do i turn on logging on the client and the server so as to start
> > troubleshooting this authentication failure?
> >
> > regards
> >
> > ___
On 03/06/2011 02:48 PM, Steven Jones wrote:
> How do i turn on logging on the client and the server so as to start
> troubleshooting this authentication failure?
>
> regards
>
> ___
> Freeipa-users mailing list
> Freeipa-users@redhat.com
> https://www.red
How do i turn on logging on the client and the server so as to start
troubleshooting this authentication failure?
regards
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
8><---
This didnt work...intuitive, no I guess not
regards
> Sorry but the doc might be incomplete. We are in the middle of reviewing
> it actually and adding information to it.
>
> Please go to your system-authconfig dialog and configure LDAP + Kerberos
> with the IPA server. It should b
Hi,
Well client to ipa server doesnt work..
regards
On Fri, 2011-03-04 at 10:45 -0500, Rob Crittenden wrote:
> Dmitri Pal wrote:
> > On 03/03/2011 02:53 PM, Steven Jones wrote:
> >> 8><
> >>
> >> I have no idea, Im trying to follow the ipa document (version 0.5)so
> >> if it says do
Dmitri Pal wrote:
On 03/04/2011 10:45 AM, Rob Crittenden wrote:
Dmitri Pal wrote:
On 03/03/2011 02:53 PM, Steven Jones wrote:
8><
I have no idea, Im trying to follow the ipa document (version
0.5)so
if it says do something I try and do itif it doesnt say do
something
wellit do
On 03/04/2011 10:45 AM, Rob Crittenden wrote:
> Dmitri Pal wrote:
>> On 03/03/2011 02:53 PM, Steven Jones wrote:
>>> 8><
>>>
>>> I have no idea, Im trying to follow the ipa document (version
>>> 0.5)so
>>> if it says do something I try and do itif it doesnt say do
>>> something
>>> well
Dmitri Pal wrote:
On 03/03/2011 02:53 PM, Steven Jones wrote:
8><
I have no idea, Im trying to follow the ipa document (version 0.5)so
if it says do something I try and do itif it doesnt say do something
wellit doesnt get done as I cant mind read.
What I want is encrypted conne
On 03/03/2011 02:53 PM, Steven Jones wrote:
> 8><
>
> I have no idea, Im trying to follow the ipa document (version 0.5)so
> if it says do something I try and do itif it doesnt say do something
> wellit doesnt get done as I cant mind read.
>
> What I want is encrypted connections on
On 03/04/2011 02:35 AM, Steven Jones wrote:
Hi,
Thanks, I think there maybe a dependency missing for the yum install of
the clientwhen I go to the system-auth, ipa is there as an option
but its missing a .so in nss-pam-ldapd and asks for it to be installed,
the dependency off that is nscd an
Hi,
Thanks, I think there maybe a dependency missing for the yum install of
the clientwhen I go to the system-auth, ipa is there as an option
but its missing a .so in nss-pam-ldapd and asks for it to be installed,
the dependency off that is nscd and pam_ldap
Hopefully this will workI
On 03/03/2011 02:31 PM, Dmitri Pal wrote:
> On 03/03/2011 02:21 PM, Steven Jones wrote:
>> I appear to have IPA running, I have run the install client on a fed14
>> KVM guest and that guest is in the IPA system, however the users in IPA
>> cannot authenticate via IPA and get onto the client. There
8><
I have no idea, Im trying to follow the ipa document (version 0.5)so
if it says do something I try and do itif it doesnt say do something
wellit doesnt get done as I cant mind read.
What I want is encrypted connections on all services / communications so
it is secure and safe.
"id thing" returns id: thing: no such user...
In iptraf there is a port 389 connection, suggesting its asking the ipa master
about user "thing"so its either asking the wrong Q
or the ipa master cant see the user "thing" yet its there in the gui.
One thing "thing" only exists on the ipa mas
On 03/03/2011 02:21 PM, Steven Jones wrote:
> I appear to have IPA running, I have run the install client on a fed14
> KVM guest and that guest is in the IPA system, however the users in IPA
> cannot authenticate via IPA and get onto the client. There appears to
> be traffic to port 389, so I assu
Steven Jones wrote:
I appear to have IPA running, I have run the install client on a fed14
KVM guest and that guest is in the IPA system, however the users in IPA
cannot authenticate via IPA and get onto the client. There appears to
be traffic to port 389, so I assume its "almost" workingbut
61 matches
Mail list logo