[Freeipa-users] connection problems after reboot with unusual setting (Ubuntu 14.04 + freeipa docker)
Jan Pazdziora
jpazdziora at redhat.com
Mon Nov 23 09:58:22 UTC 2015
On Fri, Nov 20, 2015 at 04:44:38PM +0100, Karl Forner wrote:
>
> My server runs ubuntu 14.04 and uses sssd 1.12.5-1~trusty1.
> The freeipa server runs inside a docker (an adelton/freeipa-server), and
> the docker host pretends to be the freeIPA server by forwarding the
> appropriate ports.
Is the Docker host the same machine that runs that sssd
1.12.5-1~trusty1 and that you try to ssh to?
Assuming it's the same machine, when you IPA-enrolled the host
machine, was Docker container's internal (172.*) IP address used or
the public interface of the host?
> I'm unable to connect using ssh onto it, using any kind of local or freeIPA
> accounts onto it.
What does ssh -v root at the-host say? Do you fail to connect or do you
fail to authenticate? How do you try to authenticate -- Kerberos ticket
(kinit on client) or using password on sshd prompt?
> The DNS server (provided by freeIPA) works kine though (i.e. nslookup
> server server works).
And does it return the correct IP address, the public address of the
host?
> Fortunately, I have the monit web app running on the server that allows to
> restart the ssh service.
>
> After restarting ssh remotely. I am now able to connect to the server.
> It seems that all works fine again once I restart sssd on the server.
Do you restart the sshd service, sssd service, or both?
--
Jan Pazdziora
Senior Principal Software Engineer, Identity Management Engineering, Red Hat
More information about the Freeipa-users
mailing list