I'm still hoping someone can offer additional help. I see in the apt term.log these errors when downloading the freeipa-client package. Could this be the problem?
Creating SSSD system user & group... adduser: Warning: The home directory `/var/lib/sss' does not belong to the user you are currently creating. Warning: found usr.sbin.sssd in /etc/apparmor.d/force-complain, forcing complain mode Warning failed to create cache: usr.sbin.sssd Job for sssd.service failed because the control process exited with error code. See "systemctl status sssd.service" and "journalctl -xe" for details. sssd.service couldn't start. Setting up sssd-ad-common (1.13.4-1ubuntu1) ... Setting up sssd-krb5-common (1.13.4-1ubuntu1) ... Setting up sssd-ad (1.13.4-1ubuntu1) ... Setting up sssd-ipa (1.13.4-1ubuntu1) ... Setting up sssd-krb5 (1.13.4-1ubuntu1) ... Setting up sssd-ldap (1.13.4-1ubuntu1) ... Setting up sssd-proxy (1.13.4-1ubuntu1) ... Setting up sssd (1.13.4-1ubuntu1) ... Setting up freeipa-client (4.3.1-0ubuntu1) ... Processing triggers for libc-bin (2.23-0ubuntu3) ... Processing triggers for systemd (229-4ubuntu7) ... Processing triggers for ureadahead (0.100.0-19) ... Processing triggers for dbus (1.10.6-1ubuntu3) ... Log ended: 2016-08-25 13:49:53 On Sun, Aug 14, 2016 at 2:16 PM, Jakub Hrozek <jhro...@redhat.com> wrote: > Hi Pavel, can you help us with this thread? > > > On 12 Aug 2016, at 21:57, Jeff Goddard <jgodd...@emerlyn.com> wrote: > > > > > > > > On Fri, Aug 12, 2016 at 3:53 PM, Justin Stephenson <jstep...@redhat.com> > wrote: > > In the CentOS/RHEL 7 version of sssd, a NIS netgroup is created > automatically in the IPA compat tree under 'cn=ng,cn=compat,$suffix' > because sudo has no understanding of hostgroups. > > > > You should be able to query this on a client with > > # getent netgroup office > > > > This should return nisNetgroupTriple for each host in the hostgroup > > (ipa-client-1.example.com,-,example.com) (ipa-client-2.example.com > ,-,example.com) > > > > I would check this in your environment between working and non-working > systems. > > I believe in later versions of sssd they added IPA sudo schema support > to eliminate the need for the compat tree so this could be related to the > issue if newer ubuntu clients are not working but CentOS is working. > > > > What version of sssd are you running? > > Kind regards, > > > > Justin Stephenson > > On 08/12/2016 02:35 PM, Jeff Goddard wrote: > >> I made the edit as suggested - removing nis and just leaving sss - > restarted sssd and then re-tried. I also tried with files sss. Still > getting the same result. > >> > >> Thanks, > >> > >> Jeff > > The query returns the expect results: > > > > getent netgroup office > > office (docker-dev-01.internal.emerlyn.com,-,internal. > emerlyn.com) (docker-dev-02.internal.emerlyn.com,-,internal.emerlyn.com) ( > docker-dev-03.internal.emerlyn.com,-,internal.emerlyn.com) [more hosts] > > > > sssd version is 1.13.4 > > > > Jeff > > > > > > > > Jeff
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
