Hi, No probs in Ubuntu 22.04.1 thats for shore. Ever tired with real thing?
SH On 25/08/2022 07:41, Ranbir via FreeIPA-users wrote:
Hello All, Has anyone successfully enrolled an Ubuntu 22 client into an AlmaLinux 9 IdM or Rocky Linux 9 IdM domain in a trust with AD _and_ managed to have consistently fast and reliable logins into that Ubuntu 22 client with AD users? I sure haven't. I have been smashing my head into a wall trying to get stupid Ubuntu 22 to work. After enabling debug_level 9, I managed to figure out that my test client was missing the krb5-pkinit package so I installed that. I also noticed errors in sssd_pac.log about the backend being offline. I eventually figured out that I needed to add "services = pac" to the client's sssd.conf. Note: I had removed the services line because in Ubuntu 22, the various services are instead started as needed via their sockets (e.g. sssd-autofs.socket, sssd-nss.socket, etc.). If you leave them defined in the services line, you get tons of errors during system startup. I've resolved those errors, but I'm still seeing extremely slow logins when it works. Usually, the login just fails. However, if I login as root and lookup AD users, they are found and returned to the terminal. The sssd.conf from the client running sssd 2.6.3 is below. If anyone has any pointers, please send them over. I wish I didn't have to get Ubuntu 22 clients working with freeipa, but I do. :( [domain/idm.domain.com] id_provider = ipa ipa_server = _srv_, p1idma01.idm.domain.com ipa_domain = idm.domain.com ipa_hostname = u22test.idm.domain.com auth_provider = ipa chpass_provider = ipa access_provider = ipa cache_credentials = True ldap_tls_cacert = /etc/ipa/ca.crt ldap_deref_threshold = 0 krb5_store_password_if_offline = True selinux_provider = none sudo_provider = ipa autofs_provider = ipa subdomains_provider = ipa session_provider = ipa hostid_provider = ipa ipa_automount_location = yow debug_level = 9 [domain/idm.domain.com/corp.ad.domain.com] ad_site = ottawa [sssd] #services = nss, pam, ssh, sudo, autofs services = pac domains = idm.domain.com debug_level = 9 [nss] default_shell = /bin/bash homedir_substring = /home debug_level = 9 [pam] debug_level = 9 [sudo] [autofs] [ssh] [pac] [ifp] [session_recording]
-- Me worry? That's why my first CD was Peter Gabriel SO.... Sami Hulkko sahul...@gmail.com sahul...@icloud.com samihul...@quantum-black-hole.com +358 45 85693 919
BEGIN:VCARD VERSION:4.0 EMAIL;PREF=1:samihul...@quantum-black-hole.com EMAIL:sahul...@gmail.com FN:Sami Hulkko NICKNAME:Atol N:Hulkko;Sami;;; TEL;VALUE=TEXT:+358458569319 X-MOZILLA-HTML;VALUE=BOOLEAN:FALSE UID:53ad98cb-d6b2-4667-a26c-6f564a428e51 END:VCARD
_______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue