[Freeipa-users] Unable to authenticate a client user against IPA
Steven Jones
Steven.Jones at vuw.ac.nz
Thu Mar 3 19:49:27 UTC 2011
"id thing" returns id: thing: no such user...
In iptraf there is a port 389 connection, suggesting its asking the ipa master about user "thing"....so its either asking the wrong Q
or the ipa master cant see the user "thing" yet its there in the gui.
One thing "thing" only exists on the ipa master, with "irwin" it exists locally so id returns local info as I see no 389 connection taking place....
there was no nslcd.conf so I wrote one as per,
8.1.4. Configuring System Login
You need to modify the /etc/nslcd.conf file, used by the nslcd service,
on the client, to include additional information about the IPA server.
This is so that the client can reach the IPA server's LDAP server for
getent commands and also for ssh. For example, you should include the
following information in your /etc/nslcd.conf file:
uri host ip-address-of-ipaserver.example.com-here
base dc=example,dc=com
So mine says,
uri host 192.168.100.2
base dc=ipa,dc=ac,dc=nz
Where 192.168.100.2 is the original master.
regards
On Thu, 2011-03-03 at 14:30 -0500, Rob Crittenden wrote:
> Steven Jones wrote:
> > I appear to have IPA running, I have run the install client on a fed14
> > KVM guest and that guest is in the IPA system, however the users in IPA
> > cannot authenticate via IPA and get onto the client. There appears to
> > be traffic to port 389, so I assume its "almost" working....but I can
> > find anything in logs to say whats wrong....not that I can determine
> > what logs to check.....Ive been looking in /var/log so far....are there
> > any other logs about?
> >
> > And/or where do I start looking to get this working?
> >
> > regards
> >
> >
>
> On that client can you do things like:
>
> $ getent passwd <some_ipa_user>
>
> or
>
> $ id <some_ipa_user>
>
> ?
>
> That should cause sssd to fetch user information. If it fails then we'll
> start by looking at the sssd configuration. If not I guess we'll turn up
> some debugging knobs to see what is going on.
>
> rob
More information about the Freeipa-users
mailing list