On to, 14 syys 2017, Rob Crittenden via FreeIPA-users wrote:
Louis Abel via FreeIPA-users wrote:
I should probably mention that IPA users have started working. But not my AD
users.
[root@rhn2 tmp]# ssh -l louis.ab...@ipa.example.com devu16 -q
Password:
Last login: Thu Sep 14 07:57:55 2017 from rhn2.example.com
Could not chdir to home directory /home/louis.abel2: No such file or directory
Oracle Corporation SunOS 5.11 11.3 June 2017
-bash-4.4$ logout
[root@rhn2 tmp]# ssh -l louis.a...@ad.example.com devu16 -q
Password:
Password:
AD users seem to be suffering from the same errors:
libsldap: Status: 53 Mesg: openConnection: simple bind failed - DSA is
unwilling to perform
libsldap: Status: 49 Mesg: openConnection: simple bind failed - Invalid
credentials
Not sure why some users would work and some wouldn't but I'd suspect the
bind password in your ldapclient config.
Another thing is that compat tree wasn't actually designed to have IPA
users addressed as fully-qualified ones. E.g.
louis.ab...@ipa.example.com is wrong, it was expected to be louis.abel2.
Using fqdn user name for IPA user causes some troubles to slapi-nis code
because it forces it to go through SSSD instead of relying on the LDAP
state.
--
/ Alexander Bokovoy
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
