On Fri, Mar 21, 2025, 09:55 Rob Crittenden <[email protected]> wrote:
> Cyrus via FreeIPA-users wrote: > > Hello!, > > > > I have configured FreeIPA (on Rocky Linux 9) with a trust to a Samba4 > > (on openSUSE 15.6) based AD. > > > > Clientes are a variety of distros: > > - Ubuntu 22.04 > > - Ubuntu 24.04 > > - openSUSE 15.6 > > - Rocky Linux 9 > > > > This is an "always online" environment, with servers and not laptops > > disappearing from the network. > > I don't understand this. Servers disappear but laptops are static? > > > From time to time users can't authenticate to the stated clients and the > > workaround is to restart sssd. Logs on the clients don't state anything > > evident. > > You haven't provided enough details. Are these IPA users or Samba users? > Authenticate how? ssh? Restart sssd where? > > Your best bet is to start with https://sssd.io/troubleshooting/basics.html > > rob > My apologies if I wasn't clear. 1. User database is at a Samba4 based AD controller. 2. Linux machine accounts are at Free IPA server (handles HBAC, RBAC) 3. There's a two way trust between (1) and (2). 4. A set of Linux servers are members of the IPA realm. Mix of Rocky 9, openSUSE 16.5 and Ubuntu 22.04/24.04. 5. My users login to (3) via SSH and RDP (xrdp). This initially works. After some time, users cannot login via ssh/RDP to nodes listed in point (4). Affects different distributions, I have to restart sssd to regain access via ssh/xrdp to nodes in (4). Will review the link you shared. Regards. CI.- >
-- _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
