[Freeipa-users] No result when trying to integrate a FreeBSD client with the FreeIPA server

Orkhan Gasimov orkhan-azeri at mail.ru
Tue Oct 14 08:04:29 UTC 2014 

Thanks for taking time to find a solution.

1. Location of log files is /var/log/sssd , I just didn`t know that each 
section of sssd.conf file produced its own log file:

/var/log/sssd/sssd_<your.domain>.log
/var/log/sssd/sssd_nss.log

2. For the client side, here again the list of snapshots taken from my 
FreeBSD VM when I installed necessary ports, maybe these snapshots will 
provide some additional info on sssd behavior:

clean_install
starting_sssd_install
krb5_choice_added_LDAP
openldap24-sasl-client_choice_added_FETCH_GSSAPI
cyrus-sasl2_choice_defaults
bind_choice_added_GSSAPI_MIT
sssd_installation_finished
sudo_installed_with_INSULTS_LDAP_SSSD
cyrus-sasl2-gssapi_choice_added_MIT
all_ports_installed_directories_created
all_configs_applied_sssd_started

3. For the server side, one thing that I had to do differently when 
adding the client to the server, is I used the "--force" option, as the 
server complained about the host not having a DNS A record (I don`t run 
DNS server on IPA server).

14-Oct-14 12:48, Fraser Tweedale пишет:
> On Tue, Oct 14, 2014 at 12:34:09PM +0500, Orkhan Gasimov wrote:
>> With help from Alexander Bokovoy I found correct log destinations:
>>
>> sssd-domain-log:
>> https://cloud.mail.ru/public/1e803a00989e%2Fsssd_eurosel.az.log
>> sssd-nss-log: https://cloud.mail.ru/public/ae41ae3b44b6%2Fsssd_nss.log
>>
>> These files are from my second Fedora - FreeBSD setup, they have different
>> domain name, but everything else is identical.
>>
>> Interestingly enough, there are lines in sssd_nss.log telling that there are
>> no users or groups in the domain. But as I said, I can ssh to the IPA server
>> as an IPA user.
>>
> Hi Orkhan,
>
> Thanks for the logs.  What were their actual locations?
>
> I'm going to try and reproduce your setup and see whether I get the
> same outcome.  I have been building and installing the ports as
> indicated in the forum post, and one thing I have noticed is that
> there are a lot of configuration options on some of the important
> ports - perhaps there was an important option that the author forgot
> to mention.
>
> It is the end of the day for me, but sssd is now installed so I
> should let you know tomorrow whether I am running into the same
> issues as you, or whether I find success.
>
> (As a side node: once I get to a working setup I will create and
> publish a pkg(8) repo with the needed ports built with the correct
> options and make.conf variables.  This should make it easier and
> certainly quicker to use FreeBSD as a FreeIPA client.)
>
> Cheers,
>
> Fraser
>
>> 14-Oct-14 00:32, Lukas Slebodnik пишет:
>>> On (13/10/14 20:33), Jakub Hrozek wrote:
>>>> On Mon, Oct 13, 2014 at 10:10:12PM +0400, Орхан Касумов wrote:
>>>>>   Good day to everybody.
>>>>> There`s a post on how to make a FreeBSD client work with a FreeIPA server:  https://forums.freebsd.org/viewtopic.php?f=39&t=46526&p=260146#p260146
>>>>> For some reason the instructions in that post don`t lead to a working solution.
>>>>> Getent passwd/group return no data from the IPA server, although ldapsearch works fine.
>>>>> I followed the instructions exactly (+ configured ldap.conf & started sssd) and didn`t get errors anywhere, all steps completed successfully.
>>>>> My setup: 2 VMs, one is the FreeIPA server (on Fedora 20), the other is a FreeBSD client (on FreeBSD 10.0).
>>>>> IPA server is configured as written in the IPA Quick Start Quide, it has no integrated DNS server.
>>>>> Both VMs have identical /etc/hosts file:
>>>>>
>>>>> ::1                    localhost
>>>>> 127.0.0.1         localhost
>>>>> 192.168.1.10   ipa1.mydomain.com ipa1
>>>>> 192.168.1.30   bsd1.mydomain.com bsd1
>>>>>
>>>>> Seems like some instructions in etc/nsswitch.conf file, like "group: files sss" and "passwd: files sss" have no effect.
>>>>> Does anybody tried this setup, what could be wrong with it?
>>>>> I can provide outputs of any commands if necessary.
>>>>> If I shouldn`t have asked this question here, please advise me where to ask.
>>>>> Any hint on what to do will be highly appreciated!
>>>> Hi,
>>>>
>>>> I think SSSD logs would be the best start..
>>>>
>>>> Put debug_level=7 into the [domain] section, restart SSSD and then check
>>>> out /var/log/sssd/*.log
>>>>
>>> "debug_level = 7" can be put into "nss" section as well.
>>> Could you share your sssd configuration file /usr/local/etc/sssd.conf?
>>>
>>> LS
>>>
>> -- 
>> Manage your subscription for the Freeipa-users mailing list:
>> https://www.redhat.com/mailman/listinfo/freeipa-users
>> Go To http://freeipa.org for more info on the project

More information about the Freeipa-users mailing list