[Freeipa-users] Invalid UID in persistent keyring name while getting default cache. on OEL 7.1
Christopher Lamb
christopher.lamb at ch.ibm.com
Wed Nov 18 15:34:39 UTC 2015
I have a newly installed OEL 7.1 server (7.0 DVD, then yum updated to 7.1)
The ipa-client is installed, making this server an ipa host.
> getent passwd xxxx
is successful for ipa users. -->OK
However I cannot log on to the host with ipa users (direct or ssh). -->NOT
OK
When logged on as root (local user), I can “su -“ to my ipa user. -->OK
"> systemctl status sssd" and "> kinit"
both show:
“Invalid UID in persistent keyring name while getting default cache.”
Having googled with this error, I saw some indications that it could be
related to the kernel.
https://bugzilla.redhat.com/show_bug.cgi?id=1017683
https://bugzilla.redhat.com/show_bug.cgi?id=1029110
For a fresh OEL install, the default kernel is the uek version. "Aha" I
thought, let’s change back to the standard RHEL kernel.
After a reboot with the RHEL kernel, I was still not able to log in with my
ipa user.
I then logged on as root, and changed to my ipa user via su.
> klist -l
produced:
KEYRING:persistent:93397:krb_cache_76B9lf2 (Expired)
I therefore deleted the key:
> kdestroy -A
Then I stopped the sssd service, and cleared the cache in /var/lib/sss/db/,
then restarted sssd
After that I was now able to log on with my ipa user (both direct and via
ssh).
However I cannot get any other ipa users to logon to this host! --> NOT OK
The same users can successfully logon to other ipa hosts in the same
domain.
My ipa user was the one used to enroll the host.
Any ideas?
sssd version = 1.12.2 58.el7_1.18
ipa-client version = 4.1.0 18.0.1.el7_1.4
kernels:
Oracle Linux Server, with Unbreakable Enterprise Kernel
3.8.13-98.5.2.el7uek.x86_64
Oracle Linux Server, with Linux 3.10.0-229.20.1.el7.x86_64
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20151118/c655e0cd/attachment.htm>
More information about the Freeipa-users
mailing list