ok I managed to fix it by running:
yum remove pam_ldap; sed -i '/pam_ldap/d' /etc/pam.d/*
Thanks for pointing me to the dns problem though, that was the real deal.
Is there a way to setup ipa-client without messing up with resolv.conf?
like disabling the discovery or using just a forwarder?
On F
On Fri, 10 Jul 2015, Angelo Pantano wrote:
ok I managed to fix it by running:
yum remove pam_ldap; sed -i '/pam_ldap/d' /etc/pam.d/*
Thanks for pointing me to the dns problem though, that was the real deal.
Is there a way to setup ipa-client without messing up with resolv.conf?
like disabling t
On Fri, 10 Jul 2015, Angelo Pantano wrote:
I still had it because I am in the middle of a PoC for a migration, the
legacy used pam_ldap and if I just remove it not only the error does not go
away, but in the secure logs you also see this new error:
Jul 10 14:08:17 ip-10-237-186-172 sshd[7361]: P
I still had it because I am in the middle of a PoC for a migration, the
legacy used pam_ldap and if I just remove it not only the error does not go
away, but in the secure logs you also see this new error:
Jul 10 14:08:17 ip-10-237-186-172 sshd[7361]: PAM unable to
dlopen(/lib64/security/pam_ldap.
On Fri, 10 Jul 2015, Angelo Pantano wrote:
I removed the stanza, but anyway I found one problem was the DNS. I needed
to setup the nameserver in resolv.conf with the ip of the ipa server. I can
kinit now but ssh is still failing, connection gets closed instead of
letting me in:
secure.log says:
I removed the stanza, but anyway I found one problem was the DNS. I needed
to setup the nameserver in resolv.conf with the ip of the ipa server. I can
kinit now but ssh is still failing, connection gets closed instead of
letting me in:
secure.log says:
Jul 10 13:19:01 ip-10-237-186-172 sshd[5581]
On Fri, 10 Jul 2015, Angelo Pantano wrote:
I am using sssd and from ipa clients the authentication is not working
(works fine if I ssh on the ipa-server). I thought it could be due to the
external groups being empty and not mapping the AD users.
Anyway this is the krb5.conf on the ipa client:
#
On Fri, 10 Jul 2015, Angelo Pantano wrote:
and this is the error I see in krb5_child.log
(Fri Jul 10 12:38:05 2015) [[sssd[krb5_child[13235 [main] (0x0400):
Will perform online auth
(Fri Jul 10 12:38:05 2015) [[sssd[krb5_child[13235 [get_and_save_tgt]
(0x0400): Attempting kinit for realm
I am using sssd and from ipa clients the authentication is not working
(works fine if I ssh on the ipa-server). I thought it could be due to the
external groups being empty and not mapping the AD users.
Anyway this is the krb5.conf on the ipa client:
#File modified by ipa-client-install
included
On Fri, 10 Jul 2015, Angelo Pantano wrote:
I have a freeipa server trusting an active directory domain, if I ssh to
the ipa server everything works, but if I try to ssh on an ipa client the
authentication fails.
I noticed on the server that the wbinfo -n 'AD\Domain Users' is failing:
failed to
10 matches
Mail list logo
