[Freeipa-users] Unable to authenticate a client user against IPA

Stephen Gallagher sgallagh at redhat.com
Tue Mar 8 19:59:58 UTC 2011 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 03/08/2011 02:43 PM, Steven Jones wrote:
> 8><------
> 
> 
> So how do I fault find? where do I start?
> 
> ie Where do I start to look to determine why a user cannot login to a
> client via freeipa? 
> 
> How can I be more clear? because so far the replies have been not very
> productive.
> 


Steven, sorry you're having such a hard time with this. Let me see if I
can help point you in the right direction.

I'm trying to look at the history of this thread, but I'm coming into it
late, so please forgive me if I retread any ground that's already been
covered.

First, I need to verify that I understand the state from which you're
working. Have you installed FreeIPA from the jdennis.fedorapeople.org
yum repository?

What version of the RPM packages for freeipa-server, freeipa-client and
sssd do you have? (rpm -q)

I noticed that you mentioned in an earlier email that you were editing
nslcd.conf. This is not the preferred mechanism for setting up a FreeIPA
client (any more). We now use SSSD (and ipa-client-install should be
setting this up for you).

So what I need to see are the following configuration files:
1) /etc/nsswitch.conf
2) /etc/sssd/sssd.conf
3) /etc/pam.d/system-auth
4) /etc/pam.d/password-auth (if using GDM)

Also, to start debugging login problems, the best place to look is in
/var/log/secure, which should report any PAM modules that are denying
access to the account (and the reason why it's being denied).

Please provide us with the above information and we'll see what we can
do to get you up and running.

Also, for much faster triage and debugging, you can join the #freeipa
and/or #sssd IRC channels on the irc.freenode.net IRC server and speak
with us directly. My nick on those channels is 'sgallagh'.


- -- 
Stephen Gallagher
RHCE 804006346421761

Delivering value year after year.
Red Hat ranks #1 in value among software vendors.
http://www.redhat.com/promo/vendor/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAk12iroACgkQeiVVYja6o6NIQQCfWpxNdMTQyjJ8HojOOeBOIcuS
qdsAoIrVUcvY2lgDv9bVFjyWqUjjH9ZU
=wJNo
-----END PGP SIGNATURE-----

More information about the Freeipa-users mailing list