I have setup a 2nd client I have the same result....but it looks like the keytab is correct? however LDAP logins still dont work...
Keytab name: WRFILE:/etc/krb5.keytab KVNO Principal ---- -------------------------------------------------------------------------- 1 host/fed14-64-ipacl02.ipa.ac...@ipa.ac.nz 1 host/fed14-64-ipacl02.ipa.ac...@ipa.ac.nz 1 host/fed14-64-ipacl02.ipa.ac...@ipa.ac.nz 1 host/fed14-64-ipacl02.ipa.ac...@ipa.ac.nz regards On Tue, 2011-03-08 at 17:10 -0500, Stephen Gallagher wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On 03/08/2011 04:40 PM, Steven Jones wrote: > > On Tue, 2011-03-08 at 15:50 -0500, Rob Crittenden wrote: > >> Steven Jones wrote: > >>> 8><------ > >>> > >>> > >>> So how do I fault find? where do I start? > >>> > >>> ie Where do I start to look to determine why a user cannot login to a > >>> client via freeipa? > >>> > >>> How can I be more clear? because so far the replies have been not very > >>> productive. > >>> > >>> regards > >>> > >>> > >> > >> Add debug_level = 9 to the ipa provide in /etc/sssd/sssd.conf, restart > >> sssd, and try your login again. Look > >> in/var/log/sssd/sssd_example.com.log for information on the login attempt. > >> > >> Your uid/gid will likely differ. > >> > >> # getent passwd admin > >> admin:*:264200000:264200000:Administrator:/home/admin:/bin/bash > >> # id admin > >> uid=264200000(admin) gid=264200000(admins) groups=264200000(admins) > >> # getent group admins > >> admins:*:264200000:admin > >> # finger admin > >> Login: admin Name: Administrator > >> Directory: /home/admin Shell: /bin/bash > >> Never logged in. > >> No mail. > >> No Plan. > > > > (Tue Mar 8 13:28:18 2011) [sssd[be[ipa.ac.nz]]] > > [sss_krb5_verify_keytab_ex] (0): Principal > > [host/fed14-64-ipacl01.ipa.ac...@ipa.ac.nz] not found in keytab > > [default] > > (Tue Mar 8 13:28:18 2011) [sssd[be[ipa.ac.nz]]] [setup_child] (0): > > Could not verify keytab > > (Tue Mar 8 13:28:18 2011) [sssd[be[ipa.ac.nz]]] [load_backend_module] > > (0): Error (14) in module (ipa) initialization (sssm_ipa_id_init)! > > (Tue Mar 8 13:28:18 2011) [sssd[be[ipa.ac.nz]]] [be_process_init] (0): > > fatal error initializing data providers > > (Tue Mar 8 13:28:18 2011) [sssd[be[ipa.ac.nz]]] [main] (0): Could not > > initialize backend [14] > > (Tue Mar 8 13:28:20 2011) [sssd[be[ipa.ac.nz]]] > > [sss_krb5_verify_keytab_ex] (0): Principal > > [host/fed14-64-ipacl01.ipa.ac...@ipa.ac.nz] not found in keytab > > [default] > > > Well, here's your problem. The SSSD isn't starting up successfully > because you don't have a host principal for this server in your > /etc/krb5.keytab file. This was probably a bug in the ipa-client-install. > > What does > klist -k /etc/krb5.keytab > return to you? > > - -- > Stephen Gallagher > RHCE 804006346421761 > > Delivering value year after year. > Red Hat ranks #1 in value among software vendors. > http://www.redhat.com/promo/vendor/ > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.11 (GNU/Linux) > Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ > > iEYEARECAAYFAk12qV4ACgkQeiVVYja6o6OH/gCfabjbwcx/WSookcjKPXeq9N70 > HpgAn3gj78oH0CW/WKS0F6X1Whvx/Wai > =R7BT > -----END PGP SIGNATURE----- > > _______________________________________________ > Freeipa-users mailing list > Freeipa-users@redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-users _______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users