Hi, the main problem is that getent passwd <user> and getent group <group> gives no output exit code 2.
I've managed to solve original posted issue (by installing libsasl2-modules-gssapi-mit package), but the main problem persist. Sending output from commands provided, but it looks like that everything is alright. [client]# kinit -V -kt /etc/krb5.keytab Using default cache: /tmp/krb5cc_0 Using principal: host/[email protected] Using keytab: /etc/krb5.keytab Authenticated to Kerberos v5 [client]# ldapsearch -h $MASTER -Y GSSAPI -b "" -s base SASL/GSSAPI authentication started SASL username: host/[email protected] SASL SSF: 56 SASL data security layer installed. # extended LDIF # # LDAPv3 # base <> with scope baseObject # filter: (objectclass=*) # requesting: ALL # # dn: objectClass: top namingContexts: cn=changelog namingContexts: dc=domain,dc=com namingContexts: o=ipaca defaultnamingcontext: dc=domain,dc=com supportedExtension: 2.16.840.1.113730.3.5.7 supportedExtension: 2.16.840.1.113730.3.5.8 supportedExtension: 2.16.840.1.113730.3.5.10 supportedExtension: 2.16.840.1.113730.3.8.10.3 supportedExtension: 2.16.840.1.113730.3.8.10.4 supportedExtension: 2.16.840.1.113730.3.8.10.4.1 supportedExtension: 1.3.6.1.4.1.4203.1.11.1 supportedExtension: 2.16.840.1.113730.3.8.10.1 supportedExtension: 2.16.840.1.113730.3.8.10.5 supportedExtension: 2.16.840.1.113730.3.5.3 supportedExtension: 2.16.840.1.113730.3.5.12 supportedExtension: 2.16.840.1.113730.3.5.5 supportedExtension: 2.16.840.1.113730.3.5.6 supportedExtension: 2.16.840.1.113730.3.5.9 supportedExtension: 2.16.840.1.113730.3.5.4 supportedExtension: 2.16.840.1.113730.3.6.5 supportedExtension: 2.16.840.1.113730.3.6.6 supportedExtension: 2.16.840.1.113730.3.6.7 supportedExtension: 2.16.840.1.113730.3.6.8 supportedExtension: 1.3.6.1.4.1.4203.1.11.3 supportedExtension: 1.3.6.1.4.1.1466.20037 supportedControl: 2.16.840.1.113730.3.4.2 supportedControl: 2.16.840.1.113730.3.4.3 supportedControl: 2.16.840.1.113730.3.4.4 supportedControl: 2.16.840.1.113730.3.4.5 supportedControl: 1.2.840.113556.1.4.473 supportedControl: 2.16.840.1.113730.3.4.9 supportedControl: 2.16.840.1.113730.3.4.16 supportedControl: 2.16.840.1.113730.3.4.15 supportedControl: 2.16.840.1.113730.3.4.17 supportedControl: 2.16.840.1.113730.3.4.19 supportedControl: 1.3.6.1.1.13.1 supportedControl: 1.3.6.1.1.13.2 supportedControl: 1.3.6.1.4.1.42.2.27.8.5.1 supportedControl: 1.3.6.1.4.1.42.2.27.9.5.2 supportedControl: 1.2.840.113556.1.4.319 supportedControl: 1.3.6.1.4.1.42.2.27.9.5.8 supportedControl: 1.3.6.1.4.1.4203.666.5.16 supportedControl: 2.16.840.1.113730.3.8.10.6 supportedControl: 2.16.840.1.113730.3.8.10.7 supportedControl: 2.16.840.1.113730.3.4.14 supportedControl: 2.16.840.1.113730.3.4.20 supportedControl: 1.3.6.1.4.1.1466.29539.12 supportedControl: 2.16.840.1.113730.3.4.12 supportedControl: 2.16.840.1.113730.3.4.18 supportedControl: 2.16.840.1.113730.3.4.13 supportedControl: 1.3.6.1.4.1.4203.1.9.1.1 supportedSASLMechanisms: EXTERNAL supportedSASLMechanisms: SCRAM-SHA-1 supportedSASLMechanisms: GS2-IAKERB supportedSASLMechanisms: GS2-KRB5 supportedSASLMechanisms: GSSAPI supportedSASLMechanisms: GSS-SPNEGO supportedSASLMechanisms: DIGEST-MD5 supportedSASLMechanisms: CRAM-MD5 supportedSASLMechanisms: NTLM supportedSASLMechanisms: LOGIN supportedSASLMechanisms: PLAIN supportedSASLMechanisms: ANONYMOUS supportedLDAPVersion: 2 supportedLDAPVersion: 3 vendorName: 389 Project vendorVersion: 389-Directory/1.4.0.18 B2018.283.2156 dataversion: 020181123114138020181123114138020181123114138 netscapemdsuffix: cn=ldap://dc=ipa,dc=domain,dc=com:389 lastusn: 5070 changeLog: cn=changelog firstchangenumber: 0 lastchangenumber: 0 ipatopologypluginversion: 1.0 ipatopologyismanaged: on ipaDomainLevel: 1 # search result search: 4 result: 0 Success # numResponses: 2 # numEntries: 1 Do you have any other idea what to check ? Thanks. Jaroslav _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
