[Freeipa-users] No result when trying to integrate a FreeBSD client with the FreeIPA server

Orkhan Gasimov orkhan-azeri at mail.ru
Thu Oct 16 10:13:27 UTC 2014

Please excuse me for that silly typo in the letter. The typo doesn`t 
exist either in /etc/pam.d/system or /etc/pam.d/sshd - in those files I 
typed "ignore_unknown_user".

I'll try "ignore_authinfo_unavail" to see if it prevents me from being 
locked out of the machine.

Here are the log files:

sssd_nss.log: https://cloud.mail.ru/public/ae41ae3b44b6%2Fsssd_nss.log
sssd_pam.log: https://cloud.mail.ru/public/85d311ec1d4e%2Fsssd_pam.log
krb5_child.log: https://cloud.mail.ru/public/c0e6712b7f1b%2Fkrb5_child.log
ldap_child.log: https://cloud.mail.ru/public/d9b0b1eb0da6%2Fldap_child.log
sssd_log: https://cloud.mail.ru/public/d4032b8e6645%2Fsssd.log

16-Oct-14 14:57, Lukas Slebodnik пишет:
> On (16/10/14 13:04), Orkhan Gasimov wrote:
>> OK, back to FreeIPA - FreeBSD setup.
>> I changed my setup: instead of 2 VMs now I have 4 VMs:
>> 1: DNS server - set up as shown by Rajnesh Kumar Siwal in http://www.youtube.com/watch?v=0SmiwFoHVeI&index=4&list=PLdKXnZQzEG-KmtKq-LelPn5RTKfJig0Wc
>> 2 and 3: IPA server & IPA linux client - set up as shown by Rajnesh Kumar
>> Siwal in http://www.youtube.com/watch?v=_zlcxjkbayk
>> 4: IPA BSD client - set up as described in the post at FreeBSD forums.
>> Results:
>> 1) my IPA linux client interacts fine with the IPA server;
>> 2) my IPA BSD client also interacts with the IPA server: it sees IPA users
>> when issuing "getent passwd" or "getent shadow". (Previously when I used just
>> 2 VMs and no DNS server, that didn`t happen.)
>> Problems after I start sssd on the FreeBSD client:
>> 1) I can`t ssh into my IPA BSD client either as an IPA user (rsiwal) or local
>> user (root);
>> 2) if I restart my IPA BSD client, I also can`t login to it locally as either
>> "root" or "rsiwal". I get totally locked out of the machine.
>> FreeBSD displays some errors on the screen when using:
>> 1) SSH:
>> https://cloud.mail.ru/public/888b415dac43%2Fssh_error_IPA_user_and_root.JPG
>> 2) local login:
>> https://cloud.mail.ru/public/3399c5b67c33%2Flogin_error_root_and_IPA_user.JPG
>> FreeBSD complains about line 19 in /etc/pam.d/system. That line reads:
>> account  required  /usr/local/lib/pam_sss.so ignore unknown user
>                                                ^^^^^^^^^^^^^^^^^^^
>                            it should we one word connected with underscores "_"
> See details in:
>      man pam_sss -> OPTIONS
> It would be good to use also argument ignore_authinfo_unavail
> in pam system config otherwise you will not be able to connect as local user
> if sssd will be down.
> LS

More information about the Freeipa-users mailing list