[Freeipa-users] Cannot loging via SSH with AD user TO IPA Domain.
Genadi Postrilko
genadipost at gmail.com
Mon Jan 6 22:00:56 UTC 2014
sssd_example.com.log after changing the debug level:
https://gist.github.com/anonymous/8290381#file-sssd_example-com-log
[genadi at ipaserver root]$ wbinfo -u
(no output)
[genadi at ipaserver root]$ wbinfo -g
admins
editors
default smb group
ad_users
ad_admins
[genadi at ipaserver root]$ wbinfo --trusted-domains
BUILTIN
EXAMPLE
ADDC
[genadi at ipaserver root]$ wbinfo -i Administrator
failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND
Could not get info for user Administrator
[genadi at ipaserver root]$ wbinfo --domain-info ADDC.COM
Name : ADDC
Alt_Name : addc.com
SID : S-1-5-21-33789592-1708006097-2663368750
Active Directory : No
Native : No
Primary : No
2014/1/6 Jakub Hrozek <jhrozek at redhat.com>
> On Fri, Jan 03, 2014 at 07:29:54PM +0200, Genadi Postrilko wrote:
> > Here are the other logs as well (ldap_child.log, sssd_pac.log,
> > sssd_ssh.log).
> >
> > https://gist.github.com/anonymous/8242061
> >
> > I attempted to log in (as Administrator at ADDC.COM) at 9:04.
> >
> > Thanks for the help.
> >
>
> You need the *domain* log. According to the logs, your domain is called
> example.com, do you need to put debug_level=6 (or higher, but 6 should
> be enough) to the section called [domain/example.com] in sssd.conf,
> restart sssd, attempt the login and then attach
> /var/log/sssd/sssd_example.com.log
>
> Given that SSSD is complaining about not being able to find the user, I
> suspect a similar problem as in the other thread, that is, Winbind on
> the server not being able to talk to the AD. Does "wbinfo -u $user" work
> on the server?
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140107/a7eda5ae/attachment.htm>
More information about the Freeipa-users
mailing list