On Fri, Mar 27, 2015 at 05:16:20PM +, Guertin, David S. wrote:
> >The most likely reason for 'Protocol error' is that the server this client is
> >connected to does not support the special LDAP extended operation used by
> >SSSD on IPA clients to get the data for users and groups from trusted
>
>The most likely reason for 'Protocol error' is that the server this client is
>connected to does not support the special LDAP extended operation used by
>SSSD on IPA clients to get the data for users and groups from trusted
>domains. And the most likely reason for this is that ipa-adtrust-install
On Fri, Mar 27, 2015 at 02:23:27PM +, Guertin, David S. wrote:
> >To see why the login fails it would be good to
> >know how you try to log in (I assume ssh) and which authentication method
> >is used (password, ssh key, Kerberos ticket).
> >Additionally the SSSD log files might be needed, most
>To see why the login fails it would be good to
>know how you try to log in (I assume ssh) and which authentication method
>is used (password, ssh key, Kerberos ticket).
>Additionally the SSSD log files might be needed, most important here are the
>logs from the PAM and PAC responders and the domai
On Thu, Mar 26, 2015 at 03:24:06PM +, Guertin, David S. wrote:
> >I would like to just clarify tis a bit. The support to lookup up secondary
> >groups
> >(the group list the id command shows) for user which never authenticated
> >was added in 7.1/6.7.
>
> Thanks. This makes sense, and indeed
>I would like to just clarify tis a bit. The support to lookup up secondary
>groups
>(the group list the id command shows) for user which never authenticated
>was added in 7.1/6.7.
Thanks. This makes sense, and indeed with Client 1 I can indeed log in, and "id
'MIDD\juser'" shows all the groups
On Wed, Mar 25, 2015 at 08:01:36PM -0400, Dmitri Pal wrote:
> On 03/25/2015 11:44 AM, Simo Sorce wrote:
> >On Wed, 2015-03-25 at 14:46 +, Guertin, David S. wrote:
> >>Follow-up: today I tried clearing the sssd cache and restarting sssd on all
> >>three clients, and all three lost their AD user
On 03/25/2015 11:44 AM, Simo Sorce wrote:
On Wed, 2015-03-25 at 14:46 +, Guertin, David S. wrote:
Follow-up: today I tried clearing the sssd cache and restarting sssd on all
three clients, and all three lost their AD users:
# rm -f /var/lib/sss/db/*
# service sssd restart
Stopping sssd:
On Wed, 2015-03-25 at 14:46 +, Guertin, David S. wrote:
> Follow-up: today I tried clearing the sssd cache and restarting sssd on all
> three clients, and all three lost their AD users:
>
> # rm -f /var/lib/sss/db/*
> # service sssd restart
> Stopping sssd:
Follow-up: today I tried clearing the sssd cache and restarting sssd on all
three clients, and all three lost their AD users:
# rm -f /var/lib/sss/db/*
# service sssd restart
Stopping sssd: [ OK ]
Starting sssd:
>What are the platforms and package versions of SSSD on these clients?
Client 1:
RHEL 6.6
sssd-1.11.6
Client 2:
RHEL 6.6
sssd-1.11.6
Client 3:
RHEL 5.11
sssd-1.5.1
David Guertin
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-use
On 03/24/2015 05:08 PM, Guertin, David S. wrote:
I have three IPA servers set up (master and two replicas) and they're
all behaving normally. AD users can log in, AD group restrictions are
honored, etc. Now I'm trying to set up clients, and running into
problems. I have three clients set up,
I have three IPA servers set up (master and two replicas) and they're all
behaving normally. AD users can log in, AD group restrictions are honored, etc.
Now I'm trying to set up clients, and running into problems. I have three
clients set up, and all three behave differently.
On one of the cli
13 matches
Mail list logo
