[Freeipa-users] Only one AD user can able to login to IPA server
Ben .T.George
bentech4you at gmail.com
Tue Mar 17 11:23:57 UTC 2015
HI
i have changed like this:
[root at kwtpocpbis01 yum.repos.d]# more /etc/sssd/sssd.conf
[domain/solaris.local]
cache_credentials = True
krb5_store_password_if_offline = True
ipa_domain = solaris.local
id_provider = ipa
auth_provider = ipa
access_provider = ipa
ipa_hostname = kwtpocpbis01.solaris.local
chpass_provider = ipa
ipa_server = kwtpocpbis01.solaris.local
ipa_server_mode = True
ldap_tls_cacert = /etc/ipa/ca.crt
debug_level = 10
[sssd]
services = nss, sudo, pam, ssh
config_file_version = 2
debug_level = 5
domains = solaris.local
[nss]
homedir_substring = /home
debug_level = 6
[pam]
debug_level = 10
[sudo]
debug_level = 5
[autofs]
debug_level = 5
[ssh]
debug_level = 5
[pac]
debug_level = 5
[ifp]
but sssd.log looks same.
(Tue Mar 17 14:23:13 2015) [sssd] [ping_check] (0x0100): Service pam
replied to ping
(Tue Mar 17 14:23:23 2015) [sssd] [service_send_ping] (0x0100): Pinging
solaris.local
(Tue Mar 17 14:23:23 2015) [sssd] [service_send_ping] (0x0100): Pinging nss
(Tue Mar 17 14:23:23 2015) [sssd] [service_send_ping] (0x0100): Pinging sudo
(Tue Mar 17 14:23:23 2015) [sssd] [service_send_ping] (0x0100): Pinging pam
(Tue Mar 17 14:23:23 2015) [sssd] [service_send_ping] (0x0100): Pinging ssh
(Tue Mar 17 14:23:23 2015) [sssd] [service_send_ping] (0x0100): Pinging pac
(Tue Mar 17 14:23:23 2015) [sssd] [ping_check] (0x0100): Service sudo
replied to ping
(Tue Mar 17 14:23:23 2015) [sssd] [ping_check] (0x0100): Service ssh
replied to ping
(Tue Mar 17 14:23:23 2015) [sssd] [ping_check] (0x0100): Service pam
replied to ping
(Tue Mar 17 14:23:23 2015) [sssd] [ping_check] (0x0100): Service
solaris.local replied to ping
(Tue Mar 17 14:23:23 2015) [sssd] [ping_check] (0x0100): Service pac
replied to ping
(Tue Mar 17 14:23:23 2015) [sssd] [ping_check] (0x0100): Service nss
replied to ping
On Tue, Mar 17, 2015 at 1:27 PM, Jakub Hrozek <jhrozek at redhat.com> wrote:
> On Tue, Mar 17, 2015 at 12:57:27PM +0300, Ben .T.George wrote:
> > HI
> >
> > i have enabled debug
> >
> > here is my sssd.conf
> >
> > [root at kwtpocpbis01 ~]# cat /etc/sssd/sssd.conf
> > [domain/solaris.local]
> >
> > cache_credentials = True
> > krb5_store_password_if_offline = True
> > ipa_domain = solaris.local
> > id_provider = ipa
> > auth_provider = ipa
> > access_provider = ipa
> > ipa_hostname = kwtpocpbis01.solaris.local
> > chpass_provider = ipa
> > ipa_server = kwtpocpbis01.solaris.local
> > ipa_server_mode = True
> > ldap_tls_cacert = /etc/ipa/ca.crt
>
> Please also add debug_level to this section, not just [sssd] and [nss]
>
>
> > [sssd]
> > services = nss, sudo, pam, ssh
> > config_file_version = 2
> >
> > domains = solaris.local
> > debug_level = 6
> > [nss]
> > homedir_substring = /home
> > debug_level = 6
> >
> > [pam]
> >
> > [sudo]
> >
> > [autofs]
> >
> > [ssh]
> >
> > [pac]
> >
> > [ifp]
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150317/9028e7d7/attachment.htm>
More information about the Freeipa-users
mailing list