That patch will require some backporting effort as it depends on other
changes done before in that 1-13 branch.
--
You received this bug notification because you are a member of Ubuntu
Server, which is subscribed to sssd in Ubuntu.
https://bugs.launchpad.net/bugs/1775636
Title:
It looks like this could be https://pagure.io/SSSD/sssd/issue/2977
Can you try adding this line to the [domain/] section of xenial's
/etc/sssd/sssd.conf:
ldap_user_certificate = noSuchAttribute
and then restart sssd:
sudo service sssd restart
It worked around the problem here. Next I'm going
Yeah, ipa-client-install worked.
Ok, problem confirmed on xenial, and working on trusty:
root@xenial-freeipaclient:~# sss_ssh_authorizedkeys andreas
Error looking up public keys
root@xenial-freeipaclient:~#
root@trusty-freeipaclient:~# sss_ssh_authorizedkeys andreas
ssh-rsa
I'm trying on trusty and just found out realmd there segfaults when
joining
On Fri, Jun 8, 2018, 12:30 4tro <1775...@bugs.launchpad.net> wrote:
> Yes, seems right.
>
> I have setup a system with ubuntu 18.04, and the problem doesn't show up
> there.
>
> --
> You received this bug notification
How did you add the certificate to the user? Following
https://www.freeipa.org/page/Howto/Client_Certificate_Authentication_with_LDAP
perhaps? Is that howto still up-to-date for your deployment?
--
You received this bug notification because you are a member of Ubuntu
Server, which is subscribed
I'm also taking a look at reproducing this.
--
You received this bug notification because you are a member of Ubuntu
Server, which is subscribed to sssd in Ubuntu.
https://bugs.launchpad.net/bugs/1775636
Title:
sss_ssh_authorizedkeys fails with: Error looking up public keys when
client cert
** Changed in: charm-ceph-mon
Assignee: (unassigned) => James Page (james-page)
** Changed in: charms.ceph
Assignee: (unassigned) => James Page (james-page)
** Changed in: charm-ceph-mon
Status: Triaged => In Progress
** Changed in: charms.ceph
Status: Triaged => In
OK figured this one out - the cephx keys are missing a permission which
allows them to see blacklisted clients - as a result they can't deal
with a hard crash:
mon 'allow command "osd blacklist"'
This is a charm issue after all.
As a workaround you can manually update the existing client keys
Raising bug tasks for ceph and qemu as I think this is where the issue
lies; nova generates the same libvirt xml disk stanzas for versions that
work and versions that have this issue.
** Also affects: ceph (Ubuntu)
Importance: Undecided
Status: New
** Also affects: qemu (Ubuntu)