[Freeipa-users] trouble adding users
Jakub Hrozek
jhrozek at redhat.com
Thu Jan 9 16:15:10 UTC 2014
On Thu, Jan 09, 2014 at 10:14:20AM -0500, Ryan Chase wrote:
> On 1/8/14 5:25 PM, Jakub Hrozek wrote:
> >On Wed, Jan 08, 2014 at 03:12:35PM -0500, Ryan Chase wrote:
> >>I've added a new user using the command "ipa user-add" from the ipa
> >>server. I can see correct user information when I run the commands
> >>"ipa user-show" and "ipa user-status". However, I cannot see the
> >>user when I run "getent passwd username" or even "id username". When
> >>I run "id username" I get, "no such user".
> >> I feel this may be an issue with sssd, but I'm not 100% sure.
> >>/etc/nsswitch.conf looks correct.
> >> Any ideas?
> >>
> >>--Ryan
> >>
> >>IPA server is CentOS 6 running freeipa version 3.0.0
> >
> >Hi Ryan,
> >
> >this indeed sounds like an issue with the SSSD.
> >
> >Given that you said nsswitch.conf looks OK, can you raise debug_level
> >(let's start with 5 perhaps) in the [nss] and [domain/] sections,
> >restart the SSSD and inspect the logs in /var/log/sssd/ for any errors?
> >
> >Is there anything in the syslog? Some errors, like invalid keytab are
> >logged to the system logs as well as the SSSD debug logs.
> >
>
> Below is a snip from the sssd log with debug_level=5
> This was an ssh attempt to the server.
>
This log snippet is telling us about problems with keytab:
> (Thu Jan 9 09:52:45 2014) [sssd[be[csl.local]]] [sdap_kinit_done]
> (0x0100): Could not get TGT: 14 [Bad address]
Perhaps /var/log/sssd/ldap_child.log would have more info?
Can you kinit with your keytab (kinit -k or kinit -k host/$(hostname)) ?
More information about the Freeipa-users
mailing list