<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
On 05/02/2012 04:59 PM, Steven Bernstein wrote:
<blockquote
cite="mid:CAAVZJarFuH5rBECud8oxb4LS+896gv=nPub4JqrX+87qubRqNQ@mail.gmail.com"
type="cite">Free IPA List peeps,<br>
<br>
I'm looking to set up FreeIPA on a Fedora 14 or 15 server I'm
setting up at home. I came across a reference at one point
dealing with smart cards being associated with the user's that
hold them.<br>
<br>
I can't find the reference at this point and was wondering if
there might be a list on the Wiki or someplace that details the
errors that come back when trying to initialize or register a
smart card with the server?<br>
<br>
</blockquote>
<br>
Smart card support has been on our road map for some time but it is
not implemented yet.<br>
May be you are confusing us with Dogtag project that we leverage for
the certificate management. It supports SC management and
provisioning for end users.<br>
IPA can handle certs for hosts and services only for the the time
being.<br>
<br>
HTH<br>
Dmitri<br>
<br>
<blockquote
cite="mid:CAAVZJarFuH5rBECud8oxb4LS+896gv=nPub4JqrX+87qubRqNQ@mail.gmail.com"
type="cite">Thanks so much!<br>
<br>
Steven<br>
<br>
<div class="gmail_quote">On Wed, May 2, 2012 at 1:57 PM, <span
dir="ltr"><<a moz-do-not-send="true"
href="mailto:freeipa-users-request@redhat.com"
target="_blank">freeipa-users-request@redhat.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt
0.8ex; border-left: 1px solid rgb(204, 204, 204);
padding-left: 1ex;">Send Freeipa-users mailing list
submissions to<br>
<a moz-do-not-send="true"
href="mailto:freeipa-users@redhat.com">freeipa-users@redhat.com</a><br>
<br>
To subscribe or unsubscribe via the World Wide Web, visit<br>
<a moz-do-not-send="true"
href="https://www.redhat.com/mailman/listinfo/freeipa-users"
target="_blank">https://www.redhat.com/mailman/listinfo/freeipa-users</a><br>
or, via email, send a message with subject or body 'help' to<br>
<a moz-do-not-send="true"
href="mailto:freeipa-users-request@redhat.com">freeipa-users-request@redhat.com</a><br>
<br>
You can reach the person managing the list at<br>
<a moz-do-not-send="true"
href="mailto:freeipa-users-owner@redhat.com">freeipa-users-owner@redhat.com</a><br>
<br>
When replying, please edit your Subject line so it is more
specific<br>
than "Re: Contents of Freeipa-users digest..."<br>
<br>
<br>
Today's Topics:<br>
<br>
1. Re: red hat 5 and red hat 6 compatability (Matthew
Davidson)<br>
2. Re: red hat 5 and red hat 6 compatability (Dmitri Pal)<br>
<br>
<br>
----------------------------------------------------------------------<br>
<br>
Message: 1<br>
Date: Wed, 2 May 2012 14:50:06 -0400<br>
From: Matthew Davidson <<a moz-do-not-send="true"
href="mailto:matt@mldserviceslex.com">matt@mldserviceslex.com</a>><br>
To: <<a moz-do-not-send="true"
href="mailto:dpal@redhat.com">dpal@redhat.com</a>>, <<a
moz-do-not-send="true"
href="mailto:freeipa-users@redhat.com">freeipa-users@redhat.com</a>><br>
Subject: Re: [Freeipa-users] red hat 5 and red hat 6
compatability<br>
Message-ID:
<a class="moz-txt-link-rfc2396E" href="mailto:SNT104-W395AFEBCC767D220CA34AAA32E0@phx.gbl"><SNT104-W395AFEBCC767D220CA34AAA32E0@phx.gbl></a><br>
Content-Type: text/plain; charset="iso-8859-1"<br>
<br>
<br>
Dmitri,1) Do you have admin account on IPA side?<br>
Yes. And judging by the command below admin does log in, or am
I mistaken?<br>
[root@rhel5 ~]# kinit adminPassword for <a
moz-do-not-send="true" href="mailto:admin@EXAMPLE.COM">admin@EXAMPLE.COM</a>:<br>
[root@rhel5 ~]# klistTicket cache: <a class="moz-txt-link-freetext" href="FILE:/tmp/krb5cc_0Default">FILE:/tmp/krb5cc_0Default</a>
principal: <a moz-do-not-send="true"
href="mailto:admin@EXAMPLE.COM">admin@EXAMPLE.COM</a><br>
Valid starting Expires Service
principal05/02/12 14:47:40 05/03/12 14:47:36 krbtgt/<a
moz-do-not-send="true" href="mailto:EXAMPLE.COM@EXAMPLE.COM">EXAMPLE.COM@EXAMPLE.COM</a><br>
Kerberos 4 ticket cache: /tmp/tkt0klist: You have no tickets
cached<br>
2) Is there a firewall between client and server? Is LDAP and
LDAPS allowed via the FW?<br>
No firewall. shut those down at the first sign of trouble.<br>
<br>
ThanksMatt<br>
Date: Wed, 2 May 2012 13:51:15 -0400<br>
From: <a moz-do-not-send="true" href="mailto:dpal@redhat.com">dpal@redhat.com</a><br>
To: <a moz-do-not-send="true"
href="mailto:freeipa-users@redhat.com">freeipa-users@redhat.com</a><br>
Subject: Re: [Freeipa-users] red hat 5 and red hat 6
compatability<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
On 05/02/2012 12:43 PM, Matthew Davidson wrote:<br>
<br>
<br>
<br>
Hi Rob<br>
<br>
<br>
<br>
[root@rhel5 ~]# ipa-client-install --domain=<a
moz-do-not-send="true" href="http://EXAMPLE.COM"
target="_blank">EXAMPLE.COM</a><br>
--server=<a moz-do-not-send="true"
href="http://rhel6.example.com" target="_blank">rhel6.example.com</a><br>
DNS domain '<a moz-do-not-send="true"
href="http://example.com" target="_blank">example.com</a>'
is not configured for automatic<br>
KDC address lookup.<br>
KDC address will be set to fixed value.<br>
<br>
<br>
<br>
Discovery was successful!<br>
Hostname: <a moz-do-not-send="true"
href="http://rhel6.example.com" target="_blank">rhel6.example.com</a><br>
Realm: <a moz-do-not-send="true"
href="http://EXAMPLE.COM" target="_blank">EXAMPLE.COM</a><br>
DNS Domain: <a moz-do-not-send="true"
href="http://EXAMPLE.COM" target="_blank">EXAMPLE.COM</a><br>
IPA Server: <a moz-do-not-send="true"
href="http://rhel6.example.com" target="_blank">rhel6.example.com</a><br>
BaseDN: dc=example,dc=com<br>
<br>
<br>
<br>
Continue to configure the system with these values?
[no]:<br>
yes<br>
User authorized to enroll computers: admin<br>
Synchronizing time with KDC...<br>
Password for <a moz-do-not-send="true"
href="mailto:admin@EXAMPLE.COM">admin@EXAMPLE.COM</a>:<br>
<br>
<br>
<br>
Enrolled in IPA realm <a moz-do-not-send="true"
href="http://EXAMPLE.COM" target="_blank">EXAMPLE.COM</a><br>
Created /etc/ipa/default.conf<br>
Configured /etc/sssd/sssd.conf<br>
Configured /etc/krb5.conf for IPA realm <a
moz-do-not-send="true" href="http://EXAMPLE.COM"
target="_blank">EXAMPLE.COM</a><br>
SSSD enabled<br>
Unable to find 'admin' user with 'getent passwd admin'!<br>
<br>
<br>
<br>
<br>
1) Do you have admin account on IPA side?<br>
<br>
2) Is there a firewall between client and server? Is LDAP
and LDAPS<br>
allowed via the FW?<br>
<br>
<br>
<br>
<br>
<br>
Recognized configuration: SSSD<br>
Changed configuration of /etc/ldap.conf to use
hardcoded<br>
server name: <a moz-do-not-send="true"
href="http://rhel6.example.com" target="_blank">rhel6.example.com</a><br>
NTP enabled<br>
Client configuration complete.<br>
<br>
<br>
<br>
/var/log/secure<br>
May 2 12:31:14 rhel5 sshd[3250]: Invalid user
mdavidson<br>
from 192.168.1.5<br>
May 2 12:31:14 rhel5 sshd[3251]:
input_userauth_request:<br>
invalid user mdavidson<br>
May 2 12:31:19 rhel5 sshd[3250]: pam_unix(sshd:auth):<br>
check pass; user unknown<br>
May 2 12:31:19 rhel5 sshd[3250]: pam_unix(sshd:auth):<br>
authentication failure; logname= uid=0 euid=0 tty=ssh
ruser=<br>
rhost=<a moz-do-not-send="true"
href="http://rhel6.example.com" target="_blank">rhel6.example.com</a><br>
May 2 12:31:19 rhel5 sshd[3250]:<br>
pam_succeed_if(sshd:auth): error retrieving
information about<br>
user mdavidson<br>
May 2 12:31:21 rhel5 sshd[3250]: Failed password for<br>
invalid user mdavidson from 192.168.1.5 port 52511
ssh2<br>
<br>
<br>
<br>
/var/log/sssd/ldap_child.log<br>
(Wed May 2 11:52:08 2012) [[sssd[ldap_child[3091]]]]<br>
[ldap_child_get_tgt_sync] (0): Failed to init
credentials:<br>
Client not found in Kerberos database<br>
(Wed May 2 12:31:14 2012) [[sssd[ldap_child[3252]]]]<br>
[ldap_child_get_tgt_sync] (0): Failed to init
credentials:<br>
Client not found in Kerberos database<br>
(Wed May 2 12:31:14 2012) [[sssd[ldap_child[3253]]]]<br>
[ldap_child_get_tgt_sync] (0): Failed to init
credentials:<br>
Client not found in Kerberos database<br>
(Wed May 2 12:31:14 2012) [[sssd[ldap_child[3254]]]]<br>
[ldap_child_get_tgt_sync] (0): Failed to init
credentials:<br>
Client not found in Kerberos database<br>
(Wed May 2 12:31:14 2012) [[sssd[ldap_child[3255]]]]<br>
[ldap_child_get_tgt_sync] (0): Failed to init
credentials:<br>
Client not found in Kerberos database<br>
(Wed May 2 12:31:14 2012) [[sssd[ldap_child[3256]]]]<br>
[ldap_child_get_tgt_sync] (0): Failed to init
credentials:<br>
Client not found in Kerberos database<br>
<br>
<br>
<br>
/var/log/sssd/sssd.log<br>
(Tue May 1 13:53:26 2012) [sssd] [monitor_quit] (0):<br>
Monitor received Terminated: terminating children<br>
(Wed May 2 11:34:59 2012) [sssd] [monitor_quit] (0):<br>
Monitor received Terminated: terminating children<br>
<br>
<br>
<br>
thanks for helping!<br>
Matt<br>
<br>
<br>
> Date: Wed, 2 May 2012 11:30:52 -0400<br>
<br>
> From: <a moz-do-not-send="true"
href="mailto:rcritten@redhat.com">rcritten@redhat.com</a><br>
<br>
> To: <a moz-do-not-send="true"
href="mailto:matt@mldserviceslex.com">matt@mldserviceslex.com</a><br>
<br>
> CC: <a moz-do-not-send="true"
href="mailto:freeipa-users@redhat.com">freeipa-users@redhat.com</a><br>
<br>
> Subject: Re: [Freeipa-users] red hat 5 and red
hat 6<br>
compatability<br>
<br>
><br>
<br>
> Matthew Davidson wrote:<br>
<br>
> > To clarify one point.<br>
<br>
> ><br>
<br>
> > I used the current redhat documents to
setup the two<br>
systems.<br>
<br>
> ><br>
<br>
> ><br>
Red_Hat_Enterprise_Linux-5-Configuring_Identity_Management-en-US<br>
<br>
> ><br>
<br>
> ><br>
Red_Hat_Enterprise_Linux-6-Identity_Management_Guide-en-US<br>
<br>
> ><br>
<br>
> > SSH does not seem to be discussed and that
is when I<br>
started web surfing<br>
<br>
> > in an attempt to fix my problem before
reaching out<br>
for help.<br>
<br>
><br>
<br>
> A host service principal is created during
enrollment so<br>
no additional<br>
<br>
> work should be needed for SSH to work. The
problem you're<br>
having is<br>
<br>
> related to the fact that user lookup services
are<br>
failing.<br>
<br>
><br>
<br>
> Can you look in /var/log/secure and/or
/var/log/sssd/* to<br>
see if there<br>
<br>
> are any errors reported regarding sssd?<br>
<br>
><br>
<br>
> What options did you pass to ipa-client-install?<br>
<br>
><br>
<br>
> rob<br>
<br>
<br>
<br>
<br>
_______________________________________________<br>
Freeipa-users mailing list<br>
<a moz-do-not-send="true"
href="mailto:Freeipa-users@redhat.com">Freeipa-users@redhat.com</a><br>
<a moz-do-not-send="true"
href="https://www.redhat.com/mailman/listinfo/freeipa-users"
target="_blank">https://www.redhat.com/mailman/listinfo/freeipa-users</a><br>
<br>
<br>
<br>
<br>
<br>
--<br>
Thank you,<br>
Dmitri Pal<br>
<br>
Sr. Engineering Manager IPA project,<br>
Red Hat Inc.<br>
<br>
<br>
-------------------------------<br>
Looking to carve out IT costs?<br>
<a moz-do-not-send="true"
href="http://www.redhat.com/carveoutcosts/" target="_blank">www.redhat.com/carveoutcosts/</a><br>
<br>
<br>
<br>
<br>
<br>
<br>
_______________________________________________<br>
Freeipa-users mailing list<br>
<a moz-do-not-send="true"
href="mailto:Freeipa-users@redhat.com">Freeipa-users@redhat.com</a><br>
<a moz-do-not-send="true"
href="https://www.redhat.com/mailman/listinfo/freeipa-users"
target="_blank">https://www.redhat.com/mailman/listinfo/freeipa-users</a><br>
-------------- next part --------------<br>
An HTML attachment was scrubbed...<br>
URL: <<a moz-do-not-send="true"
href="https://www.redhat.com/archives/freeipa-users/attachments/20120502/51a0eaec/attachment.html"
target="_blank">https://www.redhat.com/archives/freeipa-users/attachments/20120502/51a0eaec/attachment.html</a>><br>
<br>
------------------------------<br>
<br>
Message: 2<br>
Date: Wed, 02 May 2012 14:57:24 -0400<br>
From: Dmitri Pal <<a moz-do-not-send="true"
href="mailto:dpal@redhat.com">dpal@redhat.com</a>><br>
To: Matthew Davidson <<a moz-do-not-send="true"
href="mailto:matt@mldserviceslex.com">matt@mldserviceslex.com</a>><br>
Cc: <a moz-do-not-send="true"
href="mailto:freeipa-users@redhat.com">freeipa-users@redhat.com</a><br>
Subject: Re: [Freeipa-users] red hat 5 and red hat 6
compatability<br>
Message-ID: <<a moz-do-not-send="true"
href="mailto:4FA18394.7080507@redhat.com">4FA18394.7080507@redhat.com</a>><br>
Content-Type: text/plain; charset="iso-8859-1"<br>
<br>
On 05/02/2012 02:50 PM, Matthew Davidson wrote:<br>
> Dmitri,<br>
> 1) Do you have admin account on IPA side?<br>
><br>
> Yes. And judging by the command below admin does log in,
or am I mistaken?<br>
><br>
> [root@rhel5 ~]# kinit admin<br>
> Password for <a moz-do-not-send="true"
href="mailto:admin@EXAMPLE.COM">admin@EXAMPLE.COM</a>:<br>
><br>
> [root@rhel5 ~]# klist<br>
> Ticket cache: <a class="moz-txt-link-freetext" href="FILE:/tmp/krb5cc_0">FILE:/tmp/krb5cc_0</a><br>
> Default principal: <a moz-do-not-send="true"
href="mailto:admin@EXAMPLE.COM">admin@EXAMPLE.COM</a><br>
><br>
> Valid starting Expires Service principal<br>
> 05/02/12 14:47:40 05/03/12 14:47:36 krbtgt/<a
moz-do-not-send="true" href="mailto:EXAMPLE.COM@EXAMPLE.COM">EXAMPLE.COM@EXAMPLE.COM</a><br>
><br>
> Kerberos 4 ticket cache: /tmp/tkt0<br>
> klist: You have no tickets cached<br>
><br>
<br>
Is this from the client or from the server? I bet on the
server.<br>
Rob might be right that the client fails to find the right<br>
authentication server due to the DNS configuration.<br>
<br>
> 2) Is there a firewall between client and server? Is LDAP
and LDAPS<br>
> allowed via the FW?<br>
><br>
> No firewall. shut those down at the first sign of
trouble.<br>
><br>
> Thanks<br>
> Matt<br>
><br>
>
------------------------------------------------------------------------<br>
> Date: Wed, 2 May 2012 13:51:15 -0400<br>
> From: <a moz-do-not-send="true"
href="mailto:dpal@redhat.com">dpal@redhat.com</a><br>
> To: <a moz-do-not-send="true"
href="mailto:freeipa-users@redhat.com">freeipa-users@redhat.com</a><br>
> Subject: Re: [Freeipa-users] red hat 5 and red hat 6
compatability<br>
><br>
> On 05/02/2012 12:43 PM, Matthew Davidson wrote:<br>
><br>
> Hi Rob<br>
><br>
> [root@rhel5 ~]# ipa-client-install --domain=<a
moz-do-not-send="true" href="http://EXAMPLE.COM"
target="_blank">EXAMPLE.COM</a><br>
> --server=<a moz-do-not-send="true"
href="http://rhel6.example.com" target="_blank">rhel6.example.com</a><br>
> DNS domain '<a moz-do-not-send="true"
href="http://example.com" target="_blank">example.com</a>'
is not configured for automatic KDC<br>
> address lookup.<br>
> KDC address will be set to fixed value.<br>
><br>
> Discovery was successful!<br>
> Hostname: <a moz-do-not-send="true"
href="http://rhel6.example.com" target="_blank">rhel6.example.com</a><br>
> Realm: <a moz-do-not-send="true"
href="http://EXAMPLE.COM" target="_blank">EXAMPLE.COM</a><br>
> DNS Domain: <a moz-do-not-send="true"
href="http://EXAMPLE.COM" target="_blank">EXAMPLE.COM</a><br>
> IPA Server: <a moz-do-not-send="true"
href="http://rhel6.example.com" target="_blank">rhel6.example.com</a><br>
> BaseDN: dc=example,dc=com<br>
><br>
> Continue to configure the system with these values?
[no]: yes<br>
> User authorized to enroll computers: admin<br>
> Synchronizing time with KDC...<br>
> Password for <a moz-do-not-send="true"
href="mailto:admin@EXAMPLE.COM">admin@EXAMPLE.COM</a>:
<mailto:<a moz-do-not-send="true"
href="mailto:admin@EXAMPLE.COM">admin@EXAMPLE.COM</a>:><br>
><br>
> Enrolled in IPA realm <a moz-do-not-send="true"
href="http://EXAMPLE.COM" target="_blank">EXAMPLE.COM</a><br>
> Created /etc/ipa/default.conf<br>
> Configured /etc/sssd/sssd.conf<br>
> Configured /etc/krb5.conf for IPA realm <a
moz-do-not-send="true" href="http://EXAMPLE.COM"
target="_blank">EXAMPLE.COM</a><br>
> SSSD enabled<br>
> *Unable to find 'admin' user with 'getent passwd
admin'!*<br>
><br>
><br>
> 1) Do you have admin account on IPA side?<br>
> 2) Is there a firewall between client and server? Is LDAP
and LDAPS<br>
> allowed via the FW?<br>
><br>
> Recognized configuration: SSSD<br>
> Changed configuration of /etc/ldap.conf to use
hardcoded server<br>
> name: <a moz-do-not-send="true"
href="http://rhel6.example.com" target="_blank">rhel6.example.com</a><br>
> NTP enabled<br>
> Client configuration complete.<br>
><br>
> /var/log/secure<br>
> May 2 12:31:14 rhel5 sshd[3250]: Invalid user
mdavidson from<br>
> 192.168.1.5<br>
> May 2 12:31:14 rhel5 sshd[3251]:
input_userauth_request: invalid<br>
> user mdavidson<br>
> May 2 12:31:19 rhel5 sshd[3250]:
pam_unix(sshd:auth): check pass;<br>
> user unknown<br>
> May 2 12:31:19 rhel5 sshd[3250]:
pam_unix(sshd:auth):<br>
> authentication failure; logname= uid=0 euid=0 tty=ssh
ruser=<br>
> rhost=<a moz-do-not-send="true"
href="http://rhel6.example.com" target="_blank">rhel6.example.com</a><br>
> May 2 12:31:19 rhel5 sshd[3250]:
pam_succeed_if(sshd:auth): error<br>
> retrieving information about user mdavidson<br>
> May 2 12:31:21 rhel5 sshd[3250]: Failed password for
invalid user<br>
> mdavidson from 192.168.1.5 port 52511 ssh2<br>
><br>
> /var/log/sssd/ldap_child.log<br>
> (Wed May 2 11:52:08 2012) [[sssd[ldap_child[3091]]]]<br>
> [ldap_child_get_tgt_sync] (0): Failed to init
credentials: Client<br>
> not found in Kerberos database<br>
> (Wed May 2 12:31:14 2012) [[sssd[ldap_child[3252]]]]<br>
> [ldap_child_get_tgt_sync] (0): Failed to init
credentials: Client<br>
> not found in Kerberos database<br>
> (Wed May 2 12:31:14 2012) [[sssd[ldap_child[3253]]]]<br>
> [ldap_child_get_tgt_sync] (0): Failed to init
credentials: Client<br>
> not found in Kerberos database<br>
> (Wed May 2 12:31:14 2012) [[sssd[ldap_child[3254]]]]<br>
> [ldap_child_get_tgt_sync] (0): Failed to init
credentials: Client<br>
> not found in Kerberos database<br>
> (Wed May 2 12:31:14 2012) [[sssd[ldap_child[3255]]]]<br>
> [ldap_child_get_tgt_sync] (0): Failed to init
credentials: Client<br>
> not found in Kerberos database<br>
> (Wed May 2 12:31:14 2012) [[sssd[ldap_child[3256]]]]<br>
> [ldap_child_get_tgt_sync] (0): Failed to init
credentials: Client<br>
> not found in Kerberos database<br>
><br>
> /var/log/sssd/sssd.log<br>
> (Tue May 1 13:53:26 2012) [sssd] [monitor_quit] (0):
Monitor<br>
> received Terminated: terminating children<br>
> (Wed May 2 11:34:59 2012) [sssd] [monitor_quit] (0):
Monitor<br>
> received Terminated: terminating children<br>
><br>
> thanks for helping!<br>
> Matt<br>
><br>
> > Date: Wed, 2 May 2012 11:30:52 -0400<br>
> > From: <a moz-do-not-send="true"
href="mailto:rcritten@redhat.com">rcritten@redhat.com</a>
<mailto:<a moz-do-not-send="true"
href="mailto:rcritten@redhat.com">rcritten@redhat.com</a>><br>
> > To: <a moz-do-not-send="true"
href="mailto:matt@mldserviceslex.com">matt@mldserviceslex.com</a>
<mailto:<a moz-do-not-send="true"
href="mailto:matt@mldserviceslex.com">matt@mldserviceslex.com</a>><br>
> > CC: <a moz-do-not-send="true"
href="mailto:freeipa-users@redhat.com">freeipa-users@redhat.com</a>
<mailto:<a moz-do-not-send="true"
href="mailto:freeipa-users@redhat.com">freeipa-users@redhat.com</a>><br>
> > Subject: Re: [Freeipa-users] red hat 5 and red
hat 6 compatability<br>
> ><br>
> > Matthew Davidson wrote:<br>
> > > To clarify one point.<br>
> > ><br>
> > > I used the current redhat documents to
setup the two systems.<br>
> > ><br>
> > >
Red_Hat_Enterprise_Linux-5-Configuring_Identity_Management-en-US<br>
> > ><br>
> > >
Red_Hat_Enterprise_Linux-6-Identity_Management_Guide-en-US<br>
> > ><br>
> > > SSH does not seem to be discussed and that
is when I started<br>
> web surfing<br>
> > > in an attempt to fix my problem before
reaching out for help.<br>
> ><br>
> > A host service principal is created during
enrollment so no<br>
> additional<br>
> > work should be needed for SSH to work. The
problem you're having is<br>
> > related to the fact that user lookup services
are failing.<br>
> ><br>
> > Can you look in /var/log/secure and/or
/var/log/sssd/* to see if<br>
> there<br>
> > are any errors reported regarding sssd?<br>
> ><br>
> > What options did you pass to ipa-client-install?<br>
> ><br>
> > rob<br>
><br>
><br>
> _______________________________________________<br>
> Freeipa-users mailing list<br>
> <a moz-do-not-send="true"
href="mailto:Freeipa-users@redhat.com">Freeipa-users@redhat.com</a>
<mailto:<a moz-do-not-send="true"
href="mailto:Freeipa-users@redhat.com">Freeipa-users@redhat.com</a>><br>
> <a moz-do-not-send="true"
href="https://www.redhat.com/mailman/listinfo/freeipa-users"
target="_blank">https://www.redhat.com/mailman/listinfo/freeipa-users</a><br>
><br>
><br>
><br>
> --<br>
> Thank you,<br>
> Dmitri Pal<br>
><br>
> Sr. Engineering Manager IPA project,<br>
> Red Hat Inc.<br>
><br>
><br>
> -------------------------------<br>
> Looking to carve out IT costs?<br>
> <a moz-do-not-send="true"
href="http://www.redhat.com/carveoutcosts/" target="_blank">www.redhat.com/carveoutcosts/</a>
<<a moz-do-not-send="true"
href="http://www.redhat.com/carveoutcosts/" target="_blank">http://www.redhat.com/carveoutcosts/</a>><br>
><br>
><br>
><br>
> _______________________________________________
Freeipa-users mailing<br>
> list <a moz-do-not-send="true"
href="mailto:Freeipa-users@redhat.com">Freeipa-users@redhat.com</a><br>
> <a moz-do-not-send="true"
href="https://www.redhat.com/mailman/listinfo/freeipa-users"
target="_blank">https://www.redhat.com/mailman/listinfo/freeipa-users</a><br>
<br>
<br>
--<br>
Thank you,<br>
Dmitri Pal<br>
<br>
Sr. Engineering Manager IPA project,<br>
Red Hat Inc.<br>
<br>
<br>
-------------------------------<br>
Looking to carve out IT costs?<br>
<a moz-do-not-send="true"
href="http://www.redhat.com/carveoutcosts/" target="_blank">www.redhat.com/carveoutcosts/</a><br>
<br>
<br>
<br>
-------------- next part --------------<br>
An HTML attachment was scrubbed...<br>
URL: <<a moz-do-not-send="true"
href="https://www.redhat.com/archives/freeipa-users/attachments/20120502/cea8af43/attachment.html"
target="_blank">https://www.redhat.com/archives/freeipa-users/attachments/20120502/cea8af43/attachment.html</a>><br>
<br>
------------------------------<br>
<br>
_______________________________________________<br>
Freeipa-users mailing list<br>
<a moz-do-not-send="true"
href="mailto:Freeipa-users@redhat.com">Freeipa-users@redhat.com</a><br>
<a moz-do-not-send="true"
href="https://www.redhat.com/mailman/listinfo/freeipa-users"
target="_blank">https://www.redhat.com/mailman/listinfo/freeipa-users</a><br>
<br>
End of Freeipa-users Digest, Vol 46, Issue 10<br>
*********************************************<br>
</blockquote>
</div>
<br>
<pre wrap="">
<fieldset class="mimeAttachmentHeader"></fieldset>
_______________________________________________
Freeipa-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Freeipa-users@redhat.com">Freeipa-users@redhat.com</a>
<a class="moz-txt-link-freetext" href="https://www.redhat.com/mailman/listinfo/freeipa-users">https://www.redhat.com/mailman/listinfo/freeipa-users</a></pre>
</blockquote>
<br>
<br>
<pre class="moz-signature" cols="72">--
Thank you,
Dmitri Pal
Sr. Engineering Manager IPA project,
Red Hat Inc.
-------------------------------
Looking to carve out IT costs?
<a class="moz-txt-link-abbreviated" href="http://www.redhat.com/carveoutcosts/">www.redhat.com/carveoutcosts/</a>
</pre>
</body>
</html>