[Freeipa-users] AD users can't login to IPA client

Alexander K akor72 at gmail.com
Wed Sep 21 12:43:29 UTC 2016 

Hello,

I'm having troubles with AD users authentication on IPA client.
I have 3 VMs in my test inveronment:
win-dc.windc.local 10.1.97.122 - AD DC server 2012R2
fedora-dc.demo.loc 10.1.97.120 - fedora 24 + FreeIPA
wks.demo.loc 10.1.97.121 - IPA client

I have done IPA AD trust setup
https://www.freeipa.org/page/Active_Directory_trust_setup

AD user can access IPA server:
login as: Administrator at windc.local
Administrator at windc.local@10.1.97.120's password:
Last login: Wed Sep 21 13:59:36 2016 from 192.168.70.26
Could not chdir to home directory /home/windc.local/administrator: No such
file or directory
-sh-4.3$

IPA user can login IPA client:
login as: admin
admin at 10.1.97.121's password:
Last login: Wed Sep 21 16:12:31 2016 from 192.168.70.26
[admin at wks ~]$


But AD user can't access IPA client:
login as: Administrator at windc.local
Administrator at windc.local@10.1.97.121's password:
Access denied

On another hand, ID works correct for AD users:
[root at wks ~]# id Administrator at windc.local
uid=429000500(administrator at windc.local)
gid=429000500(administrator at windc.local)
groups=429000500(administrator at windc.local),429000520(group policy creator
owners at windc.local),429000519(enterprise admins at windc.local),429000513(domain
users at windc.local),429000518(schema admins at windc.local),429000512(domain
admins at windc.local)

I have attached logs
(Last login time is 17:29-17:30)


Any help would be appreciated!


-- 
Best regards,
Alexander K
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160921/cd02c6e6/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: sssd_nss.log
Type: application/octet-stream
Size: 177799 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160921/cd02c6e6/attachment.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: sssd_demo.loc.log
Type: application/octet-stream
Size: 971133 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160921/cd02c6e6/attachment-0001.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: sssd_pam.log
Type: application/octet-stream
Size: 293364 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160921/cd02c6e6/attachment-0002.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: krb5_child.log
Type: application/octet-stream
Size: 94982 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160921/cd02c6e6/attachment-0003.obj>

More information about the Freeipa-users mailing list