[Freeipa-users] AD - Freeipa trust confusion
Andrew Holway
andrew.holway at gmail.com
Thu Jan 2 20:06:31 UTC 2014
> As for AD users we need to look at the client and see what is going on
> there. What is your client? Version and component? Is it using latest SSSD?
> If not additional steps might be needed. Please provide the details
> about the clients. Please start with trying AD users on the IPA server
> itself, looking at the logs and seeing what is going on.
/var/log/secure
Jan 2 19:27:46 ipa sshd[8252]: pam_unix(sshd:auth): check pass; user unknown
Jan 2 19:27:46 ipa sshd[8252]: pam_succeed_if(sshd:auth): error
retrieving information about user bob at prattle.com
Jan 2 19:27:49 ipa sshd[8252]: Failed password for invalid user
bob at prattle.com from 192.168.202.12 port 51537 ssh2
/var/log/messages (not sure if related. this error is going off every 20s)
Jan 2 19:52:18 ipa smbd[7279]: [2014/01/02 19:52:18.895536, 0]
../source3/rpc_server/epmapper/srv_epmapper.c:378(_epm_Insert)
Jan 2 19:52:18 ipa smbd[7279]: dcesrv_interface_register: interface
'lsarpc' already registered on endpoint
Jan 2 19:52:18 ipa smbd[7279]: [2014/01/02 19:52:18.896121, 0]
../source3/rpc_server/epmapper/srv_epmapper.c:378(_epm_Insert)
Jan 2 19:52:18 ipa smbd[7279]: dcesrv_interface_register: interface
'samr' already registered on endpoint
Jan 2 19:52:18 ipa smbd[7279]: [2014/01/02 19:52:18.896616, 0]
../source3/rpc_server/epmapper/srv_epmapper.c:378(_epm_Insert)
Jan 2 19:52:18 ipa smbd[7279]: dcesrv_interface_register: interface
'netlogon' already registered on endpoint
Jan 2 19:53:18 ipa smbd[7279]: [2014/01/02 19:53:18.913794, 0]
../source3/rpc_server/epmapper/srv_epmapper.c:378(_epm_Insert)
Jan 2 19:53:18 ipa smbd[7279]: dcesrv_interface_register: interface
'lsarpc' already registered on endpoint
Jan 2 19:53:18 ipa smbd[7279]: [2014/01/02 19:53:18.914377, 0]
../source3/rpc_server/epmapper/srv_epmapper.c:378(_epm_Insert)
Jan 2 19:53:18 ipa smbd[7279]: dcesrv_interface_register: interface
'samr' already registered on endpoint
Jan 2 19:53:18 ipa smbd[7279]: [2014/01/02 19:53:18.914853, 0]
../source3/rpc_server/epmapper/srv_epmapper.c:378(_epm_Insert)
Jan 2 19:53:18 ipa smbd[7279]: dcesrv_interface_register: interface
'netlogon' already registered on endpoint
/var/log/krb5kdc.log
Jan 02 19:27:37 ipa.wibble.com krb5kdc[6611](info): AS_REQ (4 etypes
{18 17 16 23}) 10.51.120.1: NEEDED_PREAUTH:
host/ipa.wibble.com at WIBBLE.COM for krbtgt/WIBBLE.COM at WIBBLE.COM,
Additional pre-authentication required
Jan 02 19:27:37 ipa.wibble.com krb5kdc[6611](info): AS_REQ (4 etypes
{18 17 16 23}) 10.51.120.1: ISSUE: authtime 1388690857, etypes {rep=18
tkt=18 ses=18}, host/ipa.wibble.com at WIBBLE.COM for
krbtgt/WIBBLE.COM at WIBBLE.COM
Jan 02 19:27:37 ipa.wibble.com krb5kdc[6611](info): TGS_REQ (4 etypes
{18 17 16 23}) 10.51.120.1: ISSUE: authtime 1388690857, etypes {rep=18
tkt=18 ses=18}, host/ipa.wibble.com at WIBBLE.COM for
ldap/ipa.wibble.com at WIBBLE.COM
/var/log/sssd/*
this is using bob at host (prattle.com is the windows domain)
https://gist.github.com/anonymous/ff817a251948ff58bdb1
this is using bob at prattle.com@host (prattle.com is the windows domain)
https://gist.github.com/anonymous/885d8bfd6cf7d224de93
>
> Thanks
> Dmitri
>
>>
>> Ta,
>>
>> Andrew
>
>
> --
> Thank you,
> Dmitri Pal
>
> Sr. Engineering Manager for IdM portfolio
> Red Hat Inc.
>
>
> -------------------------------
> Looking to carve out IT costs?
> www.redhat.com/carveoutcosts/
>
>
>
More information about the Freeipa-users
mailing list