Ranbir via FreeIPA-users wrote: > Hello All, > > Has anyone successfully enrolled an Ubuntu 22 client into an AlmaLinux > 9 IdM or Rocky Linux 9 IdM domain in a trust with AD _and_ managed to > have consistently fast and reliable logins into that Ubuntu 22 client > with AD users? I sure haven't. > > I have been smashing my head into a wall trying to get stupid Ubuntu 22 > to work. After enabling debug_level 9, I managed to figure out that my > test client was missing the krb5-pkinit package so I installed that. I > also noticed errors in sssd_pac.log about the backend being offline. I > eventually figured out that I needed to add "services = pac" to the > client's sssd.conf. Note: I had removed the services line because in > Ubuntu 22, the various services are instead started as needed via their > sockets (e.g. sssd-autofs.socket, sssd-nss.socket, etc.). If you leave > them defined in the services line, you get tons of errors during system > startup. > > I've resolved those errors, but I'm still seeing extremely slow logins > when it works. Usually, the login just fails. However, if I login as > root and lookup AD users, they are found and returned to the terminal. > > The sssd.conf from the client running sssd 2.6.3 is below. If anyone > has any pointers, please send them over. I wish I didn't have to get > Ubuntu 22 clients working with freeipa, but I do. :( > > > > [domain/idm.domain.com] > id_provider = ipa > ipa_server = _srv_, p1idma01.idm.domain.com > ipa_domain = idm.domain.com > ipa_hostname = u22test.idm.domain.com > auth_provider = ipa > chpass_provider = ipa > access_provider = ipa > cache_credentials = True > ldap_tls_cacert = /etc/ipa/ca.crt > ldap_deref_threshold = 0 > krb5_store_password_if_offline = True > selinux_provider = none > sudo_provider = ipa > autofs_provider = ipa > subdomains_provider = ipa > session_provider = ipa > hostid_provider = ipa > ipa_automount_location = yow > debug_level = 9 > > [domain/idm.domain.com/corp.ad.domain.com] > ad_site = ottawa > > [sssd] > #services = nss, pam, ssh, sudo, autofs > services = pac > domains = idm.domain.com > debug_level = 9 > > [nss] > default_shell = /bin/bash > homedir_substring = /home > debug_level = 9 > > [pam] > debug_level = 9 > > [sudo] > > [autofs] > > [ssh] > > [pac] > > [ifp] > > [session_recording] > >
I'd suggest you open Ubuntu bugs on the missing dependency and services issue. There is also an sssd-users list you might try for help. Here or there logs are going to be necessary to troubleshoot. rob _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
