[Freeipa-users] Unable to authenticate a client user against IPA

[Simo Sorce]

----- Original Message -----
> Steven Jones wrote:
> > Ok,
> >
> > However I cant LDAP/Ipa authenticate still....on either
> > client..........
> >
> > So what next?
> 
> sssd handles logins, you can try turning up the log level on that
> (though I suspect it wasn't the reboot that fixed this but restarting
> sssd).

If sssd was never used before then what was needed was a restart of the services using it (sshd, gdm), as nsswitch.conf is never re-read by glibc, you can't use the new users until those services are restarted after nsswitch.conf is modified.

I think we also offer to restart the client after ipa-client-install exactly as a way to restart all services that may depend on picking up this change. That reboot is not necessary if you manually restart all services after that, but if you don't than you better do a reboot as we suggest.

> As part of ipa-client-install sssd is restarted and tested via 'getent
> passwd admin'. This should be visible in
> /var/log/ipaclient-install.log.
> Did this command succeed?

Even if this succeed, authentication via gdm or ssh can still fail until the services are restarted.

Just pointing out this fact as a help point for other users testing ipa-client-install in future.

Simo.

-- 
Simo Sorce * Red Hat, Inc. * New York