[Freeipa-users] No result when trying to integrate a FreeBSD client with the FreeIPA server

Orkhan Gasimov orkhan-azeri at mail.ru
Tue Oct 14 07:34:09 UTC 2014 

With help from Alexander Bokovoy I found correct log destinations:

sssd-domain-log: 
https://cloud.mail.ru/public/1e803a00989e%2Fsssd_eurosel.az.log
sssd-nss-log: https://cloud.mail.ru/public/ae41ae3b44b6%2Fsssd_nss.log

These files are from my second Fedora - FreeBSD setup, they have 
different domain name, but everything else is identical.

Interestingly enough, there are lines in sssd_nss.log telling that there 
are no users or groups in the domain. But as I said, I can ssh to the 
IPA server as an IPA user.

14-Oct-14 00:32, Lukas Slebodnik пишет:
> On (13/10/14 20:33), Jakub Hrozek wrote:
>> On Mon, Oct 13, 2014 at 10:10:12PM +0400, Орхан Касумов wrote:
>>>   Good day to everybody.
>>> There`s a post on how to make a FreeBSD client work with a FreeIPA server:  https://forums.freebsd.org/viewtopic.php?f=39&t=46526&p=260146#p260146
>>> For some reason the instructions in that post don`t lead to a working solution.
>>> Getent passwd/group return no data from the IPA server, although ldapsearch works fine.
>>> I followed the instructions exactly (+ configured ldap.conf & started sssd) and didn`t get errors anywhere, all steps completed successfully.
>>> My setup: 2 VMs, one is the FreeIPA server (on Fedora 20), the other is a FreeBSD client (on FreeBSD 10.0).
>>> IPA server is configured as written in the IPA Quick Start Quide, it has no integrated DNS server.
>>> Both VMs have identical /etc/hosts file:
>>>
>>> ::1                    localhost
>>> 127.0.0.1         localhost
>>> 192.168.1.10   ipa1.mydomain.com ipa1
>>> 192.168.1.30   bsd1.mydomain.com bsd1
>>>
>>> Seems like some instructions in etc/nsswitch.conf file, like "group: files sss" and "passwd: files sss" have no effect.
>>> Does anybody tried this setup, what could be wrong with it?
>>> I can provide outputs of any commands if necessary.
>>> If I shouldn`t have asked this question here, please advise me where to ask.
>>> Any hint on what to do will be highly appreciated!
>> Hi,
>>
>> I think SSSD logs would be the best start..
>>
>> Put debug_level=7 into the [domain] section, restart SSSD and then check
>> out /var/log/sssd/*.log
>>
> "debug_level = 7" can be put into "nss" section as well.
> Could you share your sssd configuration file /usr/local/etc/sssd.conf?
>
> LS
>

More information about the Freeipa-users mailing list