-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 03/08/2011 04:40 PM, Steven Jones wrote: > On Tue, 2011-03-08 at 15:50 -0500, Rob Crittenden wrote: >> Steven Jones wrote: >>> 8><------ >>> >>> >>> So how do I fault find? where do I start? >>> >>> ie Where do I start to look to determine why a user cannot login to a >>> client via freeipa? >>> >>> How can I be more clear? because so far the replies have been not very >>> productive. >>> >>> regards >>> >>> >> >> Add debug_level = 9 to the ipa provide in /etc/sssd/sssd.conf, restart >> sssd, and try your login again. Look >> in/var/log/sssd/sssd_example.com.log for information on the login attempt. >> >> Your uid/gid will likely differ. >> >> # getent passwd admin >> admin:*:264200000:264200000:Administrator:/home/admin:/bin/bash >> # id admin >> uid=264200000(admin) gid=264200000(admins) groups=264200000(admins) >> # getent group admins >> admins:*:264200000:admin >> # finger admin >> Login: admin Name: Administrator >> Directory: /home/admin Shell: /bin/bash >> Never logged in. >> No mail. >> No Plan. > > (Tue Mar 8 13:28:18 2011) [sssd[be[ipa.ac.nz]]] > [sss_krb5_verify_keytab_ex] (0): Principal > [host/fed14-64-ipacl01.ipa.ac...@ipa.ac.nz] not found in keytab > [default] > (Tue Mar 8 13:28:18 2011) [sssd[be[ipa.ac.nz]]] [setup_child] (0): > Could not verify keytab > (Tue Mar 8 13:28:18 2011) [sssd[be[ipa.ac.nz]]] [load_backend_module] > (0): Error (14) in module (ipa) initialization (sssm_ipa_id_init)! > (Tue Mar 8 13:28:18 2011) [sssd[be[ipa.ac.nz]]] [be_process_init] (0): > fatal error initializing data providers > (Tue Mar 8 13:28:18 2011) [sssd[be[ipa.ac.nz]]] [main] (0): Could not > initialize backend [14] > (Tue Mar 8 13:28:20 2011) [sssd[be[ipa.ac.nz]]] > [sss_krb5_verify_keytab_ex] (0): Principal > [host/fed14-64-ipacl01.ipa.ac...@ipa.ac.nz] not found in keytab > [default]
Well, here's your problem. The SSSD isn't starting up successfully because you don't have a host principal for this server in your /etc/krb5.keytab file. This was probably a bug in the ipa-client-install. What does klist -k /etc/krb5.keytab return to you? - -- Stephen Gallagher RHCE 804006346421761 Delivering value year after year. Red Hat ranks #1 in value among software vendors. http://www.redhat.com/promo/vendor/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAk12qV4ACgkQeiVVYja6o6OH/gCfabjbwcx/WSookcjKPXeq9N70 HpgAn3gj78oH0CW/WKS0F6X1Whvx/Wai =R7BT -----END PGP SIGNATURE----- _______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users