[Freeipa-users] getent passwd / group

Dmitri Pal dpal at redhat.com
Tue Oct 28 00:32:02 UTC 2014 

On 10/27/2014 07:38 PM, Craig White wrote:
>
> RHEL 6.5 -- new install
>
> ipa-server-3.0.0-42.el6.x86_64
>
> 389-ds-base-1.2.11.15-47.el6.x86_64
>
> On the master, I get nothing
>
> [root at ipa001 log]# getent passwd admin
>
> [root at ipa001 log]#
>
> But it works on the replica as expected
>
> [root at ipa002nadev01 ~]# getent passwd admin
>
> admin:*:1140000000:1110000000:Administrator:/home/admin:/bin/bash
>
> I am used to using PADL / NSSWITCH with OpenLDAP and I am rather 
> surprised that on both, 'getent passwd' and 'getent group' return only 
> entries from local files but then again, I've never used sssd before.
>
> Partial from /etc/sssd/sssd.conf
>
> [domain/stt.local]
>
> cache_credentials = True
>
> krb5_store_password_if_offline = True
>
> ipa_domain = stt.local
>
> id_provider = ipa
>
> auth_provider = ipa
>
> access_provider = ipa
>
> ipa_hostname = ipa001nadev01.stt.local
>
> chpass_provider = ipa
>
> ipa_server = ipa001nadev01.stt.local
>
> ldap_tls_cacert = /etc/ipa/ca.crt
>
> [sssd]
>
> services = nss, sudo, pam, ssh
>
> config_file_version = 2
>
> domains = stt.local
>
> debug_level = 6
>
> Shouldn't I be seeing both local files and IPA defined users with 
> 'getent passwd' and IPA defined users with 'getent group' commands?
>
> What could cause 'getent passwd admin' not to work on the master 
> server now when I know I tested it when I first set it up and it 
> worked?  I have done little more than import users and groups from 
> OpenLDAP and configure HBAC, sudo stuff in the IPA web UI.
>

Please check on master:
1. Installation logs. Client on the server is installed last and may be 
there is something that went wrong at this stage but the rest of the 
server is OK.
2. DNS. Can you resolve the host properly?
3. Firewall. Can you kinit admin or or do an ldap search?


> Craig White
>
> System Administrator
>
> O623-201-8179 M602-377-9752
>
> cid:image001.png at 01CF86FE.42D51630
>
> SkyTouch Technology 4225 E. Windrose Dr.     Phoenix, AZ 85032
>
>
>


-- 
Thank you,
Dmitri Pal

Sr. Engineering Manager IdM portfolio
Red Hat, Inc.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20141027/1aa7cb3b/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/png
Size: 7660 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20141027/1aa7cb3b/attachment.png>

More information about the Freeipa-users mailing list