Ranbir via FreeIPA-users wrote: > On Fri, 2022-06-10 at 08:53 -0400, Rob Crittenden via FreeIPA-users > wrote: >> Are the clients also running Rocky? >> > > The first two clients are running Rocky Linux 8 and Centos 7. The Rocky > system is brand new, while the CentOS 7 server was using NIS before. > I've successfully done NIS to ipa swaps before.
And which one isn't working? And what release? Knowing the version is often very important for troubleshooting. > >> This means that SSSD can't look up users. Follow standard SSSD >> troubleshooting for more information. > > How do you do that during the client setup? The problem is reported > during the install. Do what? Client setup and client install here seem to be equivalent statements. As I said, in this case the client remains fully configured, expecting that the failure was transient. So you can debug away with a fully configured client. At the end of ipa-client-install a call to getent passwd admin is done to ensure that SSSD is up and working. If that fails then there is something wrong. >> The lookup failure isn't treated as fatal in case it is a transitive >> network issue. This also leaves the system more available for >> troubleshooting. > > The problem is also that /etc/nsswitch.conf isn't being updated. Does > the client install use /etc/nsswitch.conf after it's supposed to get > updated to use sssd for lookups? > You need to look in /var/log/ipaclient-install.log to see what it's doing. RHEL 7 uses authconfig, RHEL 8 authselect, to configure the PAM stack. It's possible that some previous config is conflicting. The log may tell you. rob _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
