[Freeipa-users] Client Host isn't picking up the idduseroverrides
Simpson Lachlan
Lachlan.Simpson at petermac.org
Wed Feb 3 23:10:50 UTC 2016
When my users log into the IPA server, the id user over rides work.
But they don't when we log into a client host?
What are we doing wrong?
The overrides are in the "Default Trust View" so should be applied to all hosts.
We are trying to find *why* and *where* this is failing, but without much success.
>From what I've read, this should be controlled by the sssd service on the host, but if we run sssd -I to watch what happens during a failed login or a login that doesn't successfully get the id user over ride applied, we don't see any errors or log entries that would indicate why.
We see this:
[root at vmts-linux1 ~]# /usr/sbin/sssd -i
[sssd[be[unix.example.org]]] [krb5_auth_store_creds] (0x0010): unsupported PAM command [249].
[sssd[be[unix.example.org]]] [krb5_auth_store_creds] (0x0010): password not available, offline auth may not work.
But there isn't anything in any logs that would indicate there's a communication happening between the host and the server that we can see.
We have tried sss_cache -E on the host to clear cache, but we still aren't getting the over rides.
Cheers
L.
This email (including any attachments or links) may contain
confidential and/or legally privileged information and is
intended only to be read or used by the addressee. If you
are not the intended addressee, any use, distribution,
disclosure or copying of this email is strictly
prohibited.
Confidentiality and legal privilege attached to this email
(including any attachments) are not waived or lost by
reason of its mistaken delivery to you.
If you have received this email in error, please delete it
and notify us immediately by telephone or email. Peter
MacCallum Cancer Centre provides no guarantee that this
transmission is free of virus or that it has not been
intercepted or altered and will not be liable for any delay
in its receipt.
More information about the Freeipa-users
mailing list