[Freeipa-users] red hat 5 and red hat 6 compatability
Matthew Davidson
matt at mldserviceslex.com
Thu May 3 12:31:37 UTC 2012
Hi Rob,
Turned off dns and added ip addresses, added names to host files and it works. My bad.
Matt
> Date: Wed, 2 May 2012 14:27:08 -0400
> From: rcritten at redhat.com
> To: matt at mldserviceslex.com
> CC: freeipa-users at redhat.com
> Subject: Re: [Freeipa-users] red hat 5 and red hat 6 compatability
>
> Matthew Davidson wrote:
> > Hi Rob
> >
> > [root at rhel5 ~]# ipa-client-install --domain=EXAMPLE.COM
> > --server=rhel6.example.com
> > DNS domain 'example.com' is not configured for automatic KDC address lookup.
> > KDC address will be set to fixed value.
> >
> > Discovery was successful!
> > Hostname: rhel6.example.com
> > Realm: EXAMPLE.COM
> > DNS Domain: EXAMPLE.COM
> > IPA Server: rhel6.example.com
> > BaseDN: dc=example,dc=com
> >
> > Continue to configure the system with these values? [no]: yes
> > User authorized to enroll computers: admin
> > Synchronizing time with KDC...
> > Password for admin at EXAMPLE.COM:
> >
> > Enrolled in IPA realm EXAMPLE.COM
> > Created /etc/ipa/default.conf
> > Configured /etc/sssd/sssd.conf
> > Configured /etc/krb5.conf for IPA realm EXAMPLE.COM
> > SSSD enabled
> > *Unable to find 'admin' user with 'getent passwd admin'!*
> > Recognized configuration: SSSD
> > Changed configuration of /etc/ldap.conf to use hardcoded server name:
> > rhel6.example.com
> > NTP enabled
> > Client configuration complete.
> >
> > /var/log/secure
> > May 2 12:31:14 rhel5 sshd[3250]: Invalid user mdavidson from 192.168.1.5
> > May 2 12:31:14 rhel5 sshd[3251]: input_userauth_request: invalid user
> > mdavidson
> > May 2 12:31:19 rhel5 sshd[3250]: pam_unix(sshd:auth): check pass; user
> > unknown
> > May 2 12:31:19 rhel5 sshd[3250]: pam_unix(sshd:auth): authentication
> > failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=rhel6.example.com
> > May 2 12:31:19 rhel5 sshd[3250]: pam_succeed_if(sshd:auth): error
> > retrieving information about user mdavidson
> > May 2 12:31:21 rhel5 sshd[3250]: Failed password for invalid user
> > mdavidson from 192.168.1.5 port 52511 ssh2
> >
> > /var/log/sssd/ldap_child.log
> > (Wed May 2 11:52:08 2012) [[sssd[ldap_child[3091]]]]
> > [ldap_child_get_tgt_sync] (0): Failed to init credentials: Client not
> > found in Kerberos database
> > (Wed May 2 12:31:14 2012) [[sssd[ldap_child[3252]]]]
> > [ldap_child_get_tgt_sync] (0): Failed to init credentials: Client not
> > found in Kerberos database
> > (Wed May 2 12:31:14 2012) [[sssd[ldap_child[3253]]]]
> > [ldap_child_get_tgt_sync] (0): Failed to init credentials: Client not
> > found in Kerberos database
> > (Wed May 2 12:31:14 2012) [[sssd[ldap_child[3254]]]]
> > [ldap_child_get_tgt_sync] (0): Failed to init credentials: Client not
> > found in Kerberos database
> > (Wed May 2 12:31:14 2012) [[sssd[ldap_child[3255]]]]
> > [ldap_child_get_tgt_sync] (0): Failed to init credentials: Client not
> > found in Kerberos database
> > (Wed May 2 12:31:14 2012) [[sssd[ldap_child[3256]]]]
> > [ldap_child_get_tgt_sync] (0): Failed to init credentials: Client not
> > found in Kerberos database
>
> This is the key. sssd can't connect to the IPA server due to this
> Kerberos error which is why the user information is unavailable.
>
> Am I right to to assume you have another Kerberos server (or AD)
> configured using the same realm name on your network? I have the feeling
> sssd is finding the wrong KDC.
>
> rob
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20120503/8d35ecd0/attachment.htm>
More information about the Freeipa-users
mailing list