<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
just migrated all my user from OpenLDAP and MIT Kerberos to IPA.<br>
<br>
Out of more than 400 users, there are around 10 that have problem <br>
accessing Samba or Dovecot IMAP or ssh. <br>
<br>
They never have problem login to ipa/ipa/ui/login.html.<br>
<br>
For Dovecot IMAP following error is generated:<br>
=====<br>
Nov 16 10:15:03 dovecot2 auth: pam_unix(dovecot:auth):
authentication failure; logname= uid=0 euid=0 tty=dovecot
ruser=uesrid rhost=IP user=userid<br>
Nov 16 10:15:03 dovecot2 auth: pam_sss(dovecot:auth): authentication
failure; logname= uid=0 euid=0 tty=dovecot ruser=userid rhost=IP
user=useris<br>
Nov 16 10:15:03 dovecot2 auth: pam_sss(dovecot:auth): received for
user userid: 4 (System error)<br>
=====<br>
<br>
For Samba, it appears that a mapping request never gets to Samba
server because<br>
nothing is logged for a problematic user ID although I have turned
on excessive logging.<br>
<br>
What is really frustrating is that there is no pattern to be found,
even my fellow<br>
Sysadmin's ID is also in trouble. <br>
<br>
Also, in his case, he has no problem with Dovecot. For another user
ID Samba works<br>
but not Dovecot. It looks to me there might be some problem with
sssd on the <br>
different servers?<br>
<br>
BTW, for at least one user, creating a brand new account for samba
did not work either,<br>
while the trick worked for another user:-(.<br>
<br>
Please shed some light on this. I don't mind opening a case with
RedHat support <br>
if necessary.<br>
<br>
<font color="#cc0000">Red Hat Enterprise Linux Server release 6.3
(Santiago)</font><br>
<font color="#cc0000">ipa-server.x86_64
2.2.0-16.el6 @rhel-x86_64-server-6<br>
sssd.x86_64 1.8.0-32.el6
@rhel-x86_64-server-6<br>
sssd-client.x86_64 1.8.0-32.el6
@rhel-x86_64-server-6<br>
</font> <br>
TIA,<br>
Qing<br>
</body>
</html>