On la, 07 maalis 2020, Nicholas DeMarco via FreeIPA-users wrote:
Hello, I've worked through many issues learning and implementing FreeIPA in
my realm. Thanks to many for the helpful direction.
One Ubuntu client is not behaving. It joined successfully, but will not
authenticate. Kerberos works:
# kinit ndemarco
# klist
Ticket cache: KEYRING:persistent:0:0
Default principal: ndema...@pchem.pro
Valid starting Expires Service principal
03/07/2020 12:20:20 03/08/2020 13:20:17 krbtgt/pchem....@pchem.pro
However, I cannot login as the same user. The password is not recognized.
No local user with the same name:
# getent passwd | grep ndemarco
None of the SSSD logs show anything interesting.
I'm a learner. Please give me a hint++ on where to look next.
Don't use 'getent passwd' without explicit user name. Enumeration of
users is disabled by default in SSSD for a good reason, so not being
able to see yourself this way is fine.
Does 'getent passwd ndemarco' return anything on that machine?
If not, does 'sssctl domain-status pchem.pro' work and show the domain
online?
--
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
