[Freeipa-users] Odd problem with SSSD and SSH keys
Jan Cholasta
jcholast at redhat.com
Thu Jan 16 17:47:44 UTC 2014
I'm glad that fixed it, but I would still be interested in what went
wrong. Could you tell me what was the difference between foo.com and
.foo.com domain configuration? I'm also curious how did such
configuration got into sssd.conf in the first place, ipa-client-install
should have created only one domain.
On 16.1.2014 18:19, Bret Wortman wrote:
> It did. I just needed the motivation to figure out which version was
> correct. So I experimented on my own workstation this morning before
> anyone else got in and rolled out a corrected version.
>
> Thanks for your help, everyone!
>
>
> On 01/16/2014 11:52 AM, Jan Cholasta wrote:
>> I think you can just comment out the whole [domain/] section in
>> sssd.conf and restart sssd. Does that solve the problem? If not, could
>> you please post your sssd.conf here?
>>
>> On 16.1.2014 11:21, Bret Wortman wrote:
>>> Yes, though there should be only one. We ended up somehow with
>>> foo.com and .foo.com and I'm not sure how to reduce us properly to
>>> just foo.com.
>>>
>>>
>>> Bret Wortman
>>> http://bretwortman.com/
>>> http://twitter.com/BretWortman
>>>
>>>> On Jan 16, 2014, at 4:42 AM, Jan Cholasta <jcholast at redhat.com> wrote:
>>>>
>>>> OK, there is definitely something going on in the client then. Are
>>>> there multiple domains configured in sssd.conf?
>>>>
>>>>> On 15.1.2014 13:56, Bret Wortman wrote:
>>>>> The fingerprint does match.
>>>>>
>>>>>> On 01/15/2014 03:33 AM, Jan Cholasta wrote:
>>>>>>
>>>>>>
>>>>>>> On 14.1.2014 12:34, Bret Wortman wrote:
>>>>>>> The key in /etc/ssh/ssh_host_rsa_key.pub matches what's in IPA
>>>>>>> for the
>>>>>>> host in question. It should not have had any connectivity issues;
>>>>>>> it's
>>>>>>> co-located with several of our IPA masters.
>>>>>>
>>>>>> Can you also check if the MD5 fingerprint reported by ssh (e.g.
>>>>>> 2a:1e:1c:87:33:44:fb:87:ab:6f:ee:80:d5:21:7e:ab in your original
>>>>>> post)
>>>>>> matches the MD5 fingerprint for the host in IPA?
>>>>
>>>> --
>>>> Jan Cholasta
>>
>>
>
>
--
Jan Cholasta
More information about the Freeipa-users
mailing list