[Freeipa-users] ipa-client password authentication failed

Rakesh Rajasekharan rakesh.rajasekharan at gmail.com
Thu Apr 28 09:13:25 UTC 2016 

somehow, i am no longer facing this issue.. the only change I did was,
corrected the /etc/openldap/ldap.conf file to point to the ipa master dns
rather than the older ldap dns.
the file had "#File modified by ipa-client-install" but it did not change
the ldap dns and still pointed to older entry. I jsut corrected it and
restarted sssd.

It though did not work initially after changing , however, I am no longer
facing that issue now.  may be it was a caching issue

Thanks,
Rakesh

On Sun, Apr 24, 2016 at 5:01 PM, Jakub Hrozek <jhrozek at redhat.com> wrote:

>
> > On 22 Apr 2016, at 19:21, Rakesh Rajasekharan <
> rakesh.rajasekharan at gmail.com> wrote:
> >
> > Hi Jakub
> >
> >
> > the child only had that much info..
> >
> > from the domain logs. it looks that it was able to resolve the master .
> However, the ldap results say found nothing.
> >
> > I was earlier running an openldap client on this host and then migrated
> to IPA.
> >
> > /etc/openldap/ldap.conf  was still pointing to the older ldap master..
> >
> > #File modified by ipa-client-install
> >
> > URI ldaps://older-ldap-master.com:636/
> > BASE dc=xyz,dc=com
> > TLS_CACERT /etc/ipa/ca.crt
> >
> > TLS_CACERTDIR /etc/openldap/cacerts]
> >
> > I corrected that to point to IPA and noticed that getent passwd now
> successfully lists all the users.
> > However, the authentication does not work yet. ( ldapsearch -x though
> shows all the users ).
> >
> > I re-tested it now...
> > below is the domain log
> > (Fri Apr 22 16:57:21 2016) [sssd[be[xyz.com]]] [ldb] (0x4000): start
> ldb transaction (nesting: 3)
> > (Fri Apr 22 16:57:21 2016) [sssd[be[xyz.com]]] [ldb] (0x4000): Added
> timed event "ltdb_callback": 0x118fab0
> >
> > (Fri Apr 22 16:57:21 2016) [sssd[be[xyz.com]]] [ldb] (0x4000): Added
> timed event "ltdb_timeout": 0x11925f0
> >
> > (Fri Apr 22 16:57:21 2016) [sssd[be[xyz.com]]] [ldb] (0x4000): Running
> timer event 0x118fab0 "ltdb_callback"
> >
> > (Fri Apr 22 16:57:21 2016) [sssd[be[xyz.com]]] [ldb] (0x4000):
> Destroying timer event 0x11925f0 "ltdb_timeout"
> >
> > (Fri Apr 22 16:57:21 2016) [sssd[be[xyz.com]]] [ldb] (0x4000): Ending
> timer event 0x118fab0 "ltdb_callback"
> >
> > (Fri Apr 22 16:57:21 2016) [sssd[be[xyz.com]]] [ldb] (0x4000): cancel
> ldb transaction (nesting: 3)
> > (Fri Apr 22 16:57:21 2016) [sssd[be[xyz.com]]] [ldb] (0x4000): commit
> ldb transaction (nesting: 2)
> > (Fri Apr 22 16:57:21 2016) [sssd[be[xyz.com]]] [ldb] (0x4000): commit
> ldb transaction (nesting: 1)
> > (Fri Apr 22 16:57:21 2016) [sssd[be[xyz.com]]] [sdap_save_users]
> (0x4000): User 0 processed!
> > (Fri Apr 22 16:57:21 2016) [sssd[be[xyz.com]]] [ldb] (0x4000): commit
> ldb transaction (nesting: 0)
> > (Fri Apr 22 16:57:21 2016) [sssd[be[xyz.com]]] [sdap_get_users_done]
> (0x4000): Saving 1 Users - Done
> > (Fri Apr 22 16:57:21 2016) [sssd[be[xyz.com]]] [sdap_id_op_done]
> (0x4000): releasing operation connection
> > (Fri Apr 22 16:57:21 2016) [sssd[be[xyz.com]]] [ldb] (0x4000): Added
> timed event "ltdb_callback": 0x118fd20
> >
> > (Fri Apr 22 16:57:21 2016) [sssd[be[xyz.com]]] [ldb] (0x4000): Added
> timed event "ltdb_timeout": 0x1182770
> >
> > (Fri Apr 22 16:57:21 2016) [sssd[be[xyz.com]]] [ldb] (0x4000): Running
> timer event 0x118fd20 "ltdb_callback"
> >
> > (Fri Apr 22 16:57:21 2016) [sssd[be[xyz.com]]] [ldb] (0x4000):
> Destroying timer event 0x1182770 "ltdb_timeout"
> >
> > (Fri Apr 22 16:57:21 2016) [sssd[be[xyz.com]]] [ldb] (0x4000): Ending
> timer event 0x118fd20 "ltdb_callback"
> >
> > (Fri Apr 22 16:57:21 2016) [sssd[be[xyz.com]]]
> [sdap_id_op_connect_step] (0x4000): reusing cached connection
> > (Fri Apr 22 16:57:21 2016) [sssd[be[xyz.com]]]
> [ipa_get_ad_override_connect_done] (0x4000): Searching for overrides in
> view [Default Trust View] with filter
> [(&(objectClass=ipaOverrideAnchor)(ipaAnchorUUID=:IPA:xyz.com:8
> c7e86dc-0536-11e6-94f8-0e49bd988575))].
> > (Fri Apr 22 16:57:21 2016) [sssd[be[xyz.com]]] [sdap_print_server]
> (0x2000): Searching 10.0.4.175
> > (Fri Apr 22 16:57:21 2016) [sssd[be[xyz.com]]]
> [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with
> [(&(objectClass=ipaOverrideAnchor)(ipaAnchorUUID=:IPA:xyz.com:8c7e86dc-0536-11e6-94f8-0e49bd988575))][cn=Default
> Trust View,cn=views,cn=accounts,dc=xyz,dc=com].
> > (Fri Apr 22 16:57:21 2016) [sssd[be[xyz.com]]]
> [sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 105
> > (Fri Apr 22 16:57:21 2016) [sssd[be[xyz.com]]] [sdap_process_result]
> (0x2000): Trace: sh[0x1173050], connected[1], ops[0x115c810],
> ldap[0x1164b30]
> > (Fri Apr 22 16:57:21 2016) [sssd[be[xyz.com]]] [sdap_process_result]
> (0x2000): Trace: ldap_result found nothing!
> > (Fri Apr 22 16:57:21 2016) [sssd[be[xyz.com]]] [sdap_process_result]
> (0x2000): Trace: sh[0x1173050], connected[1], ops[0x115c810], ldap[0x1164b30
> >
>
> This log snippet is again completely unrelated to login. It just says
> there are no overrides applicable for this user. Please run:
>
> date; ssh $user@$host; date;
>
> and attach all logs between the two date outputs.
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160428/f759eb9c/attachment.htm>

More information about the Freeipa-users mailing list