Hi,
I have recently setup a test freeipa server, and sssd on a client machine.
Everything works as expected, but if the freeipa server is offline, I cannot
get past the lock screen. I can not even type the password in. To get past
this I have to click login as a different user, and than
On 06/15/2017 04:57 AM, Rishat Teregulov wrote:
Yes, I set krb5.conf to this to try not to resolve dns queries.
[libdefaults]
default_realm = AD.DOMAIN.EXAMPLE
dns_lookup_realm = false
dns_lookup_kdc = false
rdns = false
krb4_config = /etc/krb.conf
krb4_realms = /etc/krb.realms
I got it sorted out by getting rid of the child domain as a realm and joining
the box straight to the parent. Wasn't my ideal solution, but it works.
___
sssd-users mailing list -- sssd-users@lists.fedorahosted.org
To unsubscribe send an email to
On (15/06/17 10:48), Jakub Hrozek wrote:
>On Thu, Jun 15, 2017 at 08:35:59AM -, Rishat Teregulov wrote:
>> All logs too big
>> https://contattafiles.s3-us-west-1.amazonaws.com/tnt3511/wqtpj4q4fAwIX3p/sssd.logs
>
>I see:
>(Thu Jun 15 08:34:24 2017) [sssd[be[AD.DOMAIN.EXAMPLE]]] [ad_sasl_log]
Yes, I set krb5.conf to this to try not to resolve dns queries.
[libdefaults]
default_realm = AD.DOMAIN.EXAMPLE
dns_lookup_realm = false
dns_lookup_kdc = false
rdns = false
krb4_config = /etc/krb.conf
krb4_realms = /etc/krb.realms
kdc_timesync = 1
ccache_type = 4
forwardable =
On Thu, Jun 15, 2017 at 08:35:59AM -, Rishat Teregulov wrote:
> All logs too big
> https://contattafiles.s3-us-west-1.amazonaws.com/tnt3511/wqtpj4q4fAwIX3p/sssd.logs
I see:
(Thu Jun 15 08:34:24 2017) [sssd[be[AD.DOMAIN.EXAMPLE]]] [ad_sasl_log]
(0x0040): SASL: GSSAPI Error: Unspecified GSS
All logs too big
https://contattafiles.s3-us-west-1.amazonaws.com/tnt3511/wqtpj4q4fAwIX3p/sssd.logs
___
sssd-users mailing list -- sssd-users@lists.fedorahosted.org
To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org
As I see, it resolve it just by ip, can I post logs here?
(Thu Jun 15 08:23:12 2017) [sssd[be[AD.DOMAIN.EXAMPLE]]]
[be_resolve_server_process] (0x0200): Found address for server
AD.DOMAIN.EXAMPLE: [172.16.176.122] TTL 261
___
sssd-users mailing list --
On Thu, Jun 15, 2017 at 08:03:39AM -, Rishat Teregulov wrote:
> Sorry, forgot to mention.
> Already done this.
> Here is my sssd.conf
Did you take a look into the logs to see which servers are being
autodiscovered?
> [sssd]
> domains = AD.DOMAIN.EXAMPLE
> config_file_version = 2
> services =
Sorry, forgot to mention.
Already done this.
Here is my sssd.conf
[sssd]
domains = AD.DOMAIN.EXAMPLE
config_file_version = 2
services = nss, pam, sudo
[domain/AD.DOMAIN.EXAMPLE]
ad_domain = AD.DOMAIN.EXAMPLE
krb5_realm = AD.DOMAIN.EXAMPLE
realmd_tags = manages-system joined-with-adcli
On Thu, Jun 15, 2017 at 06:39:30AM -, Rishat Teregulov wrote:
> Is there any way to fully disable dns server lookup
Just set the ad_server option:
ad_server, ad_backup_server (string)
The comma-separated list of hostnames of the AD servers to which
SSSD should connect in
Is there any way to fully disable dns server lookup or set different dns server
for service discovery (like dyndns_server string, but just dns_server string) ?
I tried to set all parameters in krb5.conf and sssd.conf for server, but it
still try to dns lookup.
12 matches
Mail list logo