<html> <head> <meta content="text/html; charset=utf-8" http-equiv="Content-Type"> </head> <body bgcolor="#FFFFFF" text="#000000"> <span style="color: rgb(0, 0, 0); font-family: Arial, Tahoma, Verdana, sans-serif; font-size: 13px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: 18.2000007629395px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; display: inline !important; float: none; background-color: rgb(255, 255, 255);">With help from Alexander Bokovoy I found correct log destinations:<br style="color: rgb(0, 0, 0); font-family: Arial, Tahoma, Verdana, sans-serif; font-size: 13px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: 18.2000007629395px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: rgb(255, 255, 255);"> <br style="color: rgb(0, 0, 0); font-family: Arial, Tahoma, Verdana, sans-serif; font-size: 13px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: 18.2000007629395px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: rgb(255, 255, 255);"> <span style="color: rgb(0, 0, 0); font-family: Arial, Tahoma, Verdana, sans-serif; font-size: 13px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: 18.2000007629395px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; display: inline !important; float: none; background-color: rgb(255, 255, 255);">sssd-domain-log: <a href="https://cloud.mail.ru/public/1e803a00989e%2Fsssd_eurosel.az.log" target="_blank" style="color: rgb(0, 119, 204); font-family: Arial, Tahoma, Verdana, sans-serif; font-size: 13px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: 18.2000007629395px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: rgb(255, 255, 255);">https://cloud.mail.ru/public/1e803a00989e%2Fsssd_eurosel.az.log</a><br style="color: rgb(0, 0, 0); font-family: Arial, Tahoma, Verdana, sans-serif; font-size: 13px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: 18.2000007629395px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: rgb(255, 255, 255);"> <span style="color: rgb(0, 0, 0); font-family: Arial, Tahoma, Verdana, sans-serif; font-size: 13px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: 18.2000007629395px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; display: inline !important; float: none; background-color: rgb(255, 255, 255);">sssd-nss-log: <a href="https://cloud.mail.ru/public/ae41ae3b44b6%2Fsssd_nss.log" target="_blank" style="color: rgb(0, 119, 204); font-family: Arial, Tahoma, Verdana, sans-serif; font-size: 13px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: 18.2000007629395px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: rgb(255, 255, 255);">https://cloud.mail.ru/public/ae41ae3b44b6%2Fsssd_nss.log</a><br style="color: rgb(0, 0, 0); font-family: Arial, Tahoma, Verdana, sans-serif; font-size: 13px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: 18.2000007629395px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: rgb(255, 255, 255);"> <br style="color: rgb(0, 0, 0); font-family: Arial, Tahoma, Verdana, sans-serif; font-size: 13px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: 18.2000007629395px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: rgb(255, 255, 255);"> <span style="color: rgb(0, 0, 0); font-family: Arial, Tahoma, Verdana, sans-serif; font-size: 13px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: 18.2000007629395px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; display: inline !important; float: none; background-color: rgb(255, 255, 255);">These files are from my second Fedora - FreeBSD setup, they have <br style="color: rgb(0, 0, 0); font-family: Arial, Tahoma, Verdana, sans-serif; font-size: 13px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: 18.2000007629395px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: rgb(255, 255, 255);"> <span style="color: rgb(0, 0, 0); font-family: Arial, Tahoma, Verdana, sans-serif; font-size: 13px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: 18.2000007629395px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; display: inline !important; float: none; background-color: rgb(255, 255, 255);">different domain name, but everything else is identical.<br style="color: rgb(0, 0, 0); font-family: Arial, Tahoma, Verdana, sans-serif; font-size: 13px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: 18.2000007629395px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: rgb(255, 255, 255);"> <br style="color: rgb(0, 0, 0); font-family: Arial, Tahoma, Verdana, sans-serif; font-size: 13px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: 18.2000007629395px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: rgb(255, 255, 255);"> <span style="color: rgb(0, 0, 0); font-family: Arial, Tahoma, Verdana, sans-serif; font-size: 13px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: 18.2000007629395px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; display: inline !important; float: none; background-color: rgb(255, 255, 255);">Interestingly enough, there are lines in sssd_nss.log telling that there <br style="color: rgb(0, 0, 0); font-family: Arial, Tahoma, Verdana, sans-serif; font-size: 13px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: 18.2000007629395px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: rgb(255, 255, 255);"> <span style="color: rgb(0, 0, 0); font-family: Arial, Tahoma, Verdana, sans-serif; font-size: 13px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: 18.2000007629395px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; display: inline !important; float: none; background-color: rgb(255, 255, 255);">are no users or groups in the domain. But as I said, I can ssh to the <br style="color: rgb(0, 0, 0); font-family: Arial, Tahoma, Verdana, sans-serif; font-size: 13px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: 18.2000007629395px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: rgb(255, 255, 255);"> <span style="color: rgb(0, 0, 0); font-family: Arial, Tahoma, Verdana, sans-serif; font-size: 13px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: 18.2000007629395px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; display: inline !important; float: none; background-color: rgb(255, 255, 255);">IPA server as an IPA user. <div class="moz-cite-prefix">14-Oct-14 10:23, Orkhan Gasimov пишет: </div> <blockquote cite="mid:543CB33D.6020005@mail.ru" type="cite">Thanks to both of you for the interest. Here`s the info you asked: 1. Putting "debug_level = 7" either in [domain] or/and [nss] section of the /usr/local/etc/sssd/sssd.conf file gives nothing in the log. The log file located at /var/log/sssd/sssd.log is only populated with data when I make some errors in sssd.conf & sssd process fails to start. But that`s the case only if I deliberately introduce some errors; with current configuration sssd starts successfully. 2. My original sssd.conf (without debugs) is as follows (exact copy of what was shown in the post at FreeBSD forums): ----------------------------------------- [domain/mydomain.com] cache_credentials = True krb5_store_password_if_offline = True ipa_domain = mydomain.com id_provider = ipa auth_provider = ipa access_provider = ipa ipa_hostname = ipa1.mydomain.com chpass_provider = ipa ipa_server = _srv_ #our FreeIPA server has DNS SRV entries ldap_tls_cacert = /etc/ssl/ca.crt enumerate = True #to enumerate users and groups [sssd] enumerate = True services = nss, pam, sudo config_file_version = 2 domains = mydomain.com [nss] [pam] [sudo] ----------------------------------------- Interestingly enough the [nss] section is empty, just as shown in the post at FreeBSD forums. 3. The users created at the IPA server can`t locally log in to the server, but it`s possible to ssh to the server as an IPA user from the FreeBSD host. However, there are some interesting behaviors (again, this is what happens when just following the IPA Quick Start Quide for the server side & the post from FreeBSD forums for the client side): - home directories are not automatically created on the IPA server; - "id" command output shows correct uid, but the group of any IPA user doesn`t show as "ipausers" - instead, the group name is the same as username, + something like "context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023". 4. Here is the list of snapshots taken from my FreeBSD VM when I installed necessary ports, maybe these snapshots will provide some additional info on sssd behavior: clean_install starting_sssd_install krb5_choice_added_LDAP openldap24-sasl-client_choice_added_FETCH_GSSAPI cyrus-sasl2_choice_defaults bind_choice_added_GSSAPI_MIT sssd_installation_finished sudo_installed_with_INSULTS_LDAP_SSSD cyrus-sasl2-gssapi_choice_added_MIT all_ports_installed_directories_created all_configs_applied_sssd_started 14-Oct-14 00:32, Lukas Slebodnik пишет: <blockquote type="cite">On (13/10/14 20:33), Jakub Hrozek wrote: <blockquote type="cite">On Mon, Oct 13, 2014 at 10:10:12PM +0400, Орхан Касумов wrote: <blockquote type="cite"> Good day to everybody. There`s a post on how to make a FreeBSD client work with a FreeIPA server: <a class="moz-txt-link-freetext" href="https://forums.freebsd.org/viewtopic.php?f=39&t=46526&p=260146#p260146">https://forums.freebsd.org/viewtopic.php?f=39&t=46526&p=260146#p260146</a> For some reason the instructions in that post don`t lead to a working solution. Getent passwd/group return no data from the IPA server, although ldapsearch works fine. I followed the instructions exactly (+ configured ldap.conf & started sssd) and didn`t get errors anywhere, all steps completed successfully. My setup: 2 VMs, one is the FreeIPA server (on Fedora 20), the other is a FreeBSD client (on FreeBSD 10.0). IPA server is configured as written in the IPA Quick Start Quide, it has no integrated DNS server. Both VMs have identical /etc/hosts file: ::1 localhost 127.0.0.1 localhost 192.168.1.10 ipa1.mydomain.com ipa1 192.168.1.30 bsd1.mydomain.com bsd1 Seems like some instructions in etc/nsswitch.conf file, like "group: files sss" and "passwd: files sss" have no effect. Does anybody tried this setup, what could be wrong with it? I can provide outputs of any commands if necessary. If I shouldn`t have asked this question here, please advise me where to ask. Any hint on what to do will be highly appreciated! </blockquote> Hi, I think SSSD logs would be the best start.. Put debug_level=7 into the [domain] section, restart SSSD and then check out /var/log/sssd/*.log </blockquote> "debug_level = 7" can be put into "nss" section as well. Could you share your sssd configuration file /usr/local/etc/sssd.conf? LS </blockquote> </blockquote> </body> </html>