[Freeipa-users] red hat 5 and red hat 6 compatability

Matthew Davidson matt at mldserviceslex.com
Wed May 2 16:43:43 UTC 2012 

Hi Rob
[root at rhel5 ~]# ipa-client-install --domain=EXAMPLE.COM --server=rhel6.example.comDNS domain 'example.com' is not configured for automatic KDC address lookup.KDC address will be set to fixed value.
Discovery was successful!Hostname: rhel6.example.comRealm: EXAMPLE.COMDNS Domain: EXAMPLE.COMIPA Server: rhel6.example.comBaseDN: dc=example,dc=com
Continue to configure the system with these values? [no]: yesUser authorized to enroll computers: adminSynchronizing time with KDC...Password for admin at EXAMPLE.COM:
Enrolled in IPA realm EXAMPLE.COMCreated /etc/ipa/default.confConfigured /etc/sssd/sssd.confConfigured /etc/krb5.conf for IPA realm EXAMPLE.COMSSSD enabledUnable to find 'admin' user with 'getent passwd admin'!Recognized configuration: SSSDChanged configuration of /etc/ldap.conf to use hardcoded server name: rhel6.example.comNTP enabledClient configuration complete.
/var/log/secureMay  2 12:31:14 rhel5 sshd[3250]: Invalid user mdavidson from 192.168.1.5May  2 12:31:14 rhel5 sshd[3251]: input_userauth_request: invalid user mdavidsonMay  2 12:31:19 rhel5 sshd[3250]: pam_unix(sshd:auth): check pass; user unknownMay  2 12:31:19 rhel5 sshd[3250]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=rhel6.example.comMay  2 12:31:19 rhel5 sshd[3250]: pam_succeed_if(sshd:auth): error retrieving information about user mdavidsonMay  2 12:31:21 rhel5 sshd[3250]: Failed password for invalid user mdavidson from 192.168.1.5 port 52511 ssh2
/var/log/sssd/ldap_child.log(Wed May  2 11:52:08 2012) [[sssd[ldap_child[3091]]]] [ldap_child_get_tgt_sync] (0): Failed to init credentials: Client not found in Kerberos database(Wed May  2 12:31:14 2012) [[sssd[ldap_child[3252]]]] [ldap_child_get_tgt_sync] (0): Failed to init credentials: Client not found in Kerberos database(Wed May  2 12:31:14 2012) [[sssd[ldap_child[3253]]]] [ldap_child_get_tgt_sync] (0): Failed to init credentials: Client not found in Kerberos database(Wed May  2 12:31:14 2012) [[sssd[ldap_child[3254]]]] [ldap_child_get_tgt_sync] (0): Failed to init credentials: Client not found in Kerberos database(Wed May  2 12:31:14 2012) [[sssd[ldap_child[3255]]]] [ldap_child_get_tgt_sync] (0): Failed to init credentials: Client not found in Kerberos database(Wed May  2 12:31:14 2012) [[sssd[ldap_child[3256]]]] [ldap_child_get_tgt_sync] (0): Failed to init credentials: Client not found in Kerberos database
/var/log/sssd/sssd.log(Tue May  1 13:53:26 2012) [sssd] [monitor_quit] (0): Monitor received Terminated: terminating children(Wed May  2 11:34:59 2012) [sssd] [monitor_quit] (0): Monitor received Terminated: terminating children
thanks for helping!Matt
> Date: Wed, 2 May 2012 11:30:52 -0400
> From: rcritten at redhat.com
> To: matt at mldserviceslex.com
> CC: freeipa-users at redhat.com
> Subject: Re: [Freeipa-users] red hat 5 and red hat 6 compatability
> 
> Matthew Davidson wrote:
> > To clarify one point.
> >
> > I used the current redhat documents to setup the two systems.
> >
> > Red_Hat_Enterprise_Linux-5-Configuring_Identity_Management-en-US
> >
> > Red_Hat_Enterprise_Linux-6-Identity_Management_Guide-en-US
> >
> > SSH does not seem to be discussed and that is when I started web surfing
> > in an attempt to fix my problem before reaching out for help.
> 
> A host service principal is created during enrollment so no additional 
> work should be needed for SSH to work. The problem you're having is 
> related to the fact that user lookup services are failing.
> 
> Can you look in /var/log/secure and/or /var/log/sssd/* to see if there 
> are any errors reported regarding sssd?
> 
> What options did you pass to ipa-client-install?
> 
> rob
 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20120502/4e050e60/attachment.htm>

More information about the Freeipa-users mailing list