[Freeipa-users] ipa-client-install failure
Rob Crittenden
rcritten at redhat.com
Sat Mar 21 16:26:42 UTC 2015
Roberto Cornacchia wrote:
> Hi Rob,
>
> Yes, sssd is running and this is sssd.conf:
>
> [domain/hq.example.com <http://hq.example.com>]
> debug_level=9
> cache_credentials = True
> krb5_store_password_if_offline = True
> ipa_domain = hq.example.com <http://hq.example.com>
> id_provider = ipa
> auth_provider = ipa
> access_provider = ipa
> ipa_hostname = meson.hq.example.com
> chpass_provider = ipa
> ipa_server = _srv_, ipa.hq.example.com
> ldap_tls_cacert = /etc/ipa/ca.crt
> [sssd]
> services = nss, sudo, pam, ssh
> config_file_version = 2
>
> domains = hq.example.com
> [nss]
> homedir_substring = /home
> debug_level=9
>
> [pam]
>
> [sudo]
>
> [autofs]
>
> [ssh]
>
> [pac]
>
> [ifp]
Ok, that's good. Maybe authconfig didn't do the right thing. I'd add sss
to these values in /etc/nsswitch.conf, grepp'd from mine:
passwd: files sss
shadow: files sss
group: files sss
services: files sss
netgroup: files sss
automount: files sss
sudoers: sss
You've got quite a mix of odd things happening during install. It seems
like DNS and firewall can be ruled out given that lots of other
operations are working fine, and you've confirmed that NTP works
pre-install.
I guess working on a cleanish system, the things I'd look for on both
client and server are the system logs to see if any errors are being
thrown to syslog or service-specific logs.
And I'd check for SELinux errors on the client if you're in enforcing mode.
rob
More information about the Freeipa-users
mailing list