<html> <head> <style></style></head> <body class='hmmessage'><div dir='ltr'> <div>Hi Rob</div><div><br></div><div>[root@rhel5 ~]# ipa-client-install --domain=EXAMPLE.COM --server=rhel6.example.com</div><div>DNS domain 'example.com' is not configured for automatic KDC address lookup.</div><div>KDC address will be set to fixed value.</div><div><br></div><div>Discovery was successful!</div><div>Hostname: rhel6.example.com</div><div>Realm: EXAMPLE.COM</div><div>DNS Domain: EXAMPLE.COM</div><div>IPA Server: rhel6.example.com</div><div>BaseDN: dc=example,dc=com</div><div><br></div><div>Continue to configure the system with these values? [no]: yes</div><div>User authorized to enroll computers: admin</div><div>Synchronizing time with KDC...</div><div>Password for admin@EXAMPLE.COM:</div><div><br></div><div>Enrolled in IPA realm EXAMPLE.COM</div><div>Created /etc/ipa/default.conf</div><div>Configured /etc/sssd/sssd.conf</div><div>Configured /etc/krb5.conf for IPA realm EXAMPLE.COM</div><div>SSSD enabled</div><div><b>Unable to find 'admin' user with 'getent passwd admin'!</b></div><div>Recognized configuration: SSSD</div><div>Changed configuration of /etc/ldap.conf to use hardcoded server name: rhel6.example.com</div><div>NTP enabled</div><div>Client configuration complete.</div><div><br></div><div>/var/log/secure</div><div>May 2 12:31:14 rhel5 sshd[3250]: Invalid user mdavidson from 192.168.1.5</div><div>May 2 12:31:14 rhel5 sshd[3251]: input_userauth_request: invalid user mdavidson</div><div>May 2 12:31:19 rhel5 sshd[3250]: pam_unix(sshd:auth): check pass; user unknown</div><div>May 2 12:31:19 rhel5 sshd[3250]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=rhel6.example.com</div><div>May 2 12:31:19 rhel5 sshd[3250]: pam_succeed_if(sshd:auth): error retrieving information about user mdavidson</div><div>May 2 12:31:21 rhel5 sshd[3250]: Failed password for invalid user mdavidson from 192.168.1.5 port 52511 ssh2</div><div><br></div><div>/var/log/sssd/ldap_child.log</div><div>(Wed May 2 11:52:08 2012) [[sssd[ldap_child[3091]]]] [ldap_child_get_tgt_sync] (0): Failed to init credentials: Client not found in Kerberos database</div><div>(Wed May 2 12:31:14 2012) [[sssd[ldap_child[3252]]]] [ldap_child_get_tgt_sync] (0): Failed to init credentials: Client not found in Kerberos database</div><div>(Wed May 2 12:31:14 2012) [[sssd[ldap_child[3253]]]] [ldap_child_get_tgt_sync] (0): Failed to init credentials: Client not found in Kerberos database</div><div>(Wed May 2 12:31:14 2012) [[sssd[ldap_child[3254]]]] [ldap_child_get_tgt_sync] (0): Failed to init credentials: Client not found in Kerberos database</div><div>(Wed May 2 12:31:14 2012) [[sssd[ldap_child[3255]]]] [ldap_child_get_tgt_sync] (0): Failed to init credentials: Client not found in Kerberos database</div><div>(Wed May 2 12:31:14 2012) [[sssd[ldap_child[3256]]]] [ldap_child_get_tgt_sync] (0): Failed to init credentials: Client not found in Kerberos database</div><div><br></div><div>/var/log/sssd/sssd.log</div><div>(Tue May 1 13:53:26 2012) [sssd] [monitor_quit] (0): Monitor received Terminated: terminating children</div><div>(Wed May 2 11:34:59 2012) [sssd] [monitor_quit] (0): Monitor received Terminated: terminating children</div><div><br></div><div>thanks for helping!</div><div>Matt</div><br><div><div id="SkyDrivePlaceholder"></div>> Date: Wed, 2 May 2012 11:30:52 -0400<br>> From: rcritten@redhat.com<br>> To: matt@mldserviceslex.com<br>> CC: freeipa-users@redhat.com<br>> Subject: Re: [Freeipa-users] red hat 5 and red hat 6 compatability<br>> <br>> Matthew Davidson wrote:<br>> > To clarify one point.<br>> ><br>> > I used the current redhat documents to setup the two systems.<br>> ><br>> > Red_Hat_Enterprise_Linux-5-Configuring_Identity_Management-en-US<br>> ><br>> > Red_Hat_Enterprise_Linux-6-Identity_Management_Guide-en-US<br>> ><br>> > SSH does not seem to be discussed and that is when I started web surfing<br>> > in an attempt to fix my problem before reaching out for help.<br>> <br>> A host service principal is created during enrollment so no additional <br>> work should be needed for SSH to work. The problem you're having is <br>> related to the fact that user lookup services are failing.<br>> <br>> Can you look in /var/log/secure and/or /var/log/sssd/* to see if there <br>> are any errors reported regarding sssd?<br>> <br>> What options did you pass to ipa-client-install?<br>> <br>> rob<br></div> </div></body> </html>