[Freeipa-users] trouble adding users

Ryan Chase rchase at cs.vt.edu
Thu Jan 9 15:14:20 UTC 2014 

On 1/8/14 5:25 PM, Jakub Hrozek wrote:
> On Wed, Jan 08, 2014 at 03:12:35PM -0500, Ryan Chase wrote:
>> I've added a new user using the command "ipa user-add" from the ipa
>> server.  I can see correct user information when I run the commands
>> "ipa user-show" and "ipa user-status". However, I cannot see the
>> user when I run "getent passwd username" or even "id username". When
>> I run "id username" I get, "no such user".
>>    I feel this may be an issue with sssd, but I'm not 100% sure.
>> /etc/nsswitch.conf looks correct.
>>    Any ideas?
>>
>> --Ryan
>>
>> IPA server is CentOS 6 running freeipa version 3.0.0
>
> Hi Ryan,
>
> this indeed sounds like an issue with the SSSD.
>
> Given that you said nsswitch.conf looks OK, can you raise debug_level
> (let's start with 5 perhaps) in the [nss] and [domain/] sections,
> restart the SSSD and inspect the logs in /var/log/sssd/ for any errors?
>
> Is there anything in the syslog? Some errors, like invalid keytab are
> logged to the system logs as well as the SSSD debug logs.
>

Below is a snip from the sssd log with debug_level=5
This was an ssh attempt to the server.

(Thu Jan  9 09:52:45 2014) [sssd[be[csl.local]]] [be_get_account_info] 
(0x0100): Got request for [4097][1][name=username]
(Thu Jan  9 09:52:45 2014) [sssd[be[csl.local]]] [be_get_account_info] 
(0x0100): Request processed. Returned 1,11,Fast reply - offline
(Thu Jan  9 09:52:45 2014) [sssd[be[csl.local]]] 
[fo_resolve_service_send] (0x0100): Trying to resolve service 'IPA'
(Thu Jan  9 09:52:45 2014) [sssd[be[csl.local]]] [get_port_status] 
(0x0100): Reseting the status of port 0 for server 'server.csl.local'
(Thu Jan  9 09:52:45 2014) [sssd[be[csl.local]]] 
[be_resolve_server_process] (0x0200): Found address for server 
server.csl.local: [10.0.0.1] TTL 7200
(Thu Jan  9 09:52:45 2014) [sssd[be[csl.local]]] 
[fo_resolve_service_send] (0x0100): Trying to resolve service 'IPA'
(Thu Jan  9 09:52:45 2014) [sssd[be[csl.local]]] 
[be_resolve_server_process] (0x0200): Found address for server 
server.csl.local: [10.0.0.1] TTL 7200
(Thu Jan  9 09:52:45 2014) [sssd[be[csl.local]]] [sdap_kinit_done] 
(0x0100): Could not get TGT: 14 [Bad address]
(Thu Jan  9 09:52:45 2014) [sssd[be[csl.local]]] [fo_set_port_status] 
(0x0100): Marking port 0 of server 'server.csl.local' as 'not working'
(Thu Jan  9 09:52:45 2014) [sssd[be[csl.local]]] 
[fo_resolve_service_send] (0x0100): Trying to resolve service 'IPA'
(Thu Jan  9 09:52:45 2014) [sssd[be[csl.local]]] 
[fo_resolve_service_send] (0x0020): No available servers for service 'IPA'
(Thu Jan  9 09:52:45 2014) [sssd[be[csl.local]]] [child_sig_handler] 
(0x0100): child [16458] finished successfully.
(Thu Jan  9 09:52:45 2014) [sssd[be[csl.local]]] 
[sdap_id_op_connect_done] (0x0020): Failed to connect, going offline (5 
[Input/output error])
(Thu Jan  9 09:52:45 2014) [sssd[be[csl.local]]] [be_run_offline_cb] 
(0x0080): Going offline. Running callbacks.
(Thu Jan  9 09:52:45 2014) [sssd[be[csl.local]]] 
[remove_krb5_info_files] (0x0200): Could not remove 
[/var/lib/sss/pubconf/kpasswdinfo.CSL.LOCAL], [2][No such file or directory]

More information about the Freeipa-users mailing list