[Freeipa-users] No result when trying to integrate a FreeBSD client with the FreeIPA server
Lukas Slebodnik
lslebodn at redhat.com
Thu Oct 16 09:57:12 UTC 2014
On (16/10/14 13:04), Orkhan Gasimov wrote:
>OK, back to FreeIPA - FreeBSD setup.
>I changed my setup: instead of 2 VMs now I have 4 VMs:
>
>1: DNS server - set up as shown by Rajnesh Kumar Siwal in http://www.youtube.com/watch?v=0SmiwFoHVeI&index=4&list=PLdKXnZQzEG-KmtKq-LelPn5RTKfJig0Wc
>
>2 and 3: IPA server & IPA linux client - set up as shown by Rajnesh Kumar
>Siwal in http://www.youtube.com/watch?v=_zlcxjkbayk
>
>4: IPA BSD client - set up as described in the post at FreeBSD forums.
>
>
>Results:
>
>1) my IPA linux client interacts fine with the IPA server;
>
>2) my IPA BSD client also interacts with the IPA server: it sees IPA users
>when issuing "getent passwd" or "getent shadow". (Previously when I used just
>2 VMs and no DNS server, that didn`t happen.)
>
>Problems after I start sssd on the FreeBSD client:
>
>1) I can`t ssh into my IPA BSD client either as an IPA user (rsiwal) or local
>user (root);
>
>2) if I restart my IPA BSD client, I also can`t login to it locally as either
>"root" or "rsiwal". I get totally locked out of the machine.
>
>FreeBSD displays some errors on the screen when using:
>
>1) SSH:
>https://cloud.mail.ru/public/888b415dac43%2Fssh_error_IPA_user_and_root.JPG
>
>2) local login:
>https://cloud.mail.ru/public/3399c5b67c33%2Flogin_error_root_and_IPA_user.JPG
>
>FreeBSD complains about line 19 in /etc/pam.d/system. That line reads:
>account required /usr/local/lib/pam_sss.so ignore unknown user
^^^^^^^^^^^^^^^^^^^
it should we one word connected with underscores "_"
See details in:
man pam_sss -> OPTIONS
It would be good to use also argument ignore_authinfo_unavail
in pam system config otherwise you will not be able to connect as local user
if sssd will be down.
LS
More information about the Freeipa-users
mailing list