[Freeipa-users] No result when trying to integrate a FreeBSD client with the FreeIPA server
abokovoy at redhat.com
Tue Oct 14 06:05:57 UTC 2014
On Tue, 14 Oct 2014, Orkhan Gasimov wrote:
>Thanks to both of you for the interest.
>Here`s the info you asked:
>1. Putting "debug_level = 7" either in [domain] or/and [nss] section
>of the /usr/local/etc/sssd/sssd.conf file gives nothing in the log.
>The log file located at /var/log/sssd/sssd.log is only populated with
>data when I make some errors in sssd.conf & sssd process fails to
>start. But that`s the case only if I deliberately introduce some
>errors; with current configuration sssd starts successfully.
SSSD writes separate log files per each section, so you need to look at
/var/log/sssd/sssd_mydomain.com.log for [domain/mydomain.com] and
/var/log/sssd/sssd_nss.log for nss section.
>3. The users created at the IPA server can`t locally log in to the
>server, but it`s possible to ssh to the server as an IPA user from the
>FreeBSD host. However, there are some interesting behaviors (again,
>this is what happens when just following the IPA Quick Start Quide for
>the server side & the post from FreeBSD forums for the client side):
> - home directories are not automatically created on the IPA server;
> - "id" command output shows correct uid, but the group of any IPA
>user doesn`t show as "ipausers" - instead, the group name is the same
>as username, + something like
In FreeIPA in Fedora we switched off ipausers being a POSIX group.
FreeIPA supports POSIX and non-POSIX groups; the latter is for grouping
purposes as groups can be nested in FreeIPA. 'ipausers' is the group
every user is a member of but it is not a POSIX group anymore so it has
less effect on performance in large deployments (tens of thousands
users in the same group).
So it is expected. The group named as a username is a user-private group
which is maintained automatically per each user. It has the same GID as
/ Alexander Bokovoy
More information about the Freeipa-users