[Freeipa-users] IPA versions for small scale hope-to-be-production use on CentOS 7?
List dedicated to discussions about use, configuration and deployment of the IPA server.
freeipa-users at redhat.com
Tue Dec 6 16:14:00 UTC 2016
On Tue, Dec 06, 2016 at 10:55:12AM -0500, List dedicated to discussions about use, configuration and deployment of the IPA server. wrote:
>
> Still trying to figure out why my AD users in various trusted forests can be
> resolved and "su - <username>" but password checks via SSH logins fail.
Do you call 'su - <username>' as root or do you get a password prompt
here as well. In case you do it as root, can you try if calling it as
a user will accept the password or not?
In the latter case it might be some general issue with password
authentication and the krb5_child.log file with debug_level=10 in the
[domain/...] section of sssd.conf might help to find the reason (maybe
ticket validation?).
bye,
Sumit
>
> In the mean time I'm wondering if I should consider upgrading before I go
> much further into the troubleshooting tunnel. It really does seem like there
> has been a ton of action in the codebase specifically relating to AD trusts.
> Maybe I should upgrade first and then keep troubleshooting on the updated
> software. We are not yet in production.
>
> We have a standard CentOS 7 server running this software set:
>
> > ipa-server-4.2.0-15.0.1.el7.centos.19.x86_64
> > ipa-server-dns-4.2.0-15.0.1.el7.centos.19.x86_64
> > python-iniparse-0.4-9.el7.noarch
> > sssd-ipa-1.13.0-40.el7_2.12.x86_64
> > ipa-python-4.2.0-15.0.1.el7.centos.19.x86_64
> > ipa-client-4.2.0-15.0.1.el7.centos.19.x86_64
> > ipa-admintools-4.2.0-15.0.1.el7.centos.19.x86_64
> > ipa-server-trust-ad-4.2.0-15.0.1.el7.centos.19.x86_64
> > python-libipa_hbac-1.13.0-40.el7_2.12.x86_64
> > libipa_hbac-1.13.0-40.el7_2.12.x86_64
>
> Would people generally recommend stepping up to the stable 4.3 release on
> CentOS 7? If so are there any repositories that would be a good source for
> grabbing RPMs? Is 4.4 still not being recommended for production use?
>
> Thanks!
>
> Chris
>
>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project
More information about the Freeipa-users
mailing list