> As for AD users we need to look at the client and see what is going on > there. What is your client? Version and component? Is it using latest SSSD? > If not additional steps might be needed. Please provide the details > about the clients. Please start with trying AD users on the IPA server > itself, looking at the logs and seeing what is going on.
/var/log/secure Jan 2 19:27:46 ipa sshd[8252]: pam_unix(sshd:auth): check pass; user unknown Jan 2 19:27:46 ipa sshd[8252]: pam_succeed_if(sshd:auth): error retrieving information about user [email protected] Jan 2 19:27:49 ipa sshd[8252]: Failed password for invalid user [email protected] from 192.168.202.12 port 51537 ssh2 /var/log/messages (not sure if related. this error is going off every 20s) Jan 2 19:52:18 ipa smbd[7279]: [2014/01/02 19:52:18.895536, 0] ../source3/rpc_server/epmapper/srv_epmapper.c:378(_epm_Insert) Jan 2 19:52:18 ipa smbd[7279]: dcesrv_interface_register: interface 'lsarpc' already registered on endpoint Jan 2 19:52:18 ipa smbd[7279]: [2014/01/02 19:52:18.896121, 0] ../source3/rpc_server/epmapper/srv_epmapper.c:378(_epm_Insert) Jan 2 19:52:18 ipa smbd[7279]: dcesrv_interface_register: interface 'samr' already registered on endpoint Jan 2 19:52:18 ipa smbd[7279]: [2014/01/02 19:52:18.896616, 0] ../source3/rpc_server/epmapper/srv_epmapper.c:378(_epm_Insert) Jan 2 19:52:18 ipa smbd[7279]: dcesrv_interface_register: interface 'netlogon' already registered on endpoint Jan 2 19:53:18 ipa smbd[7279]: [2014/01/02 19:53:18.913794, 0] ../source3/rpc_server/epmapper/srv_epmapper.c:378(_epm_Insert) Jan 2 19:53:18 ipa smbd[7279]: dcesrv_interface_register: interface 'lsarpc' already registered on endpoint Jan 2 19:53:18 ipa smbd[7279]: [2014/01/02 19:53:18.914377, 0] ../source3/rpc_server/epmapper/srv_epmapper.c:378(_epm_Insert) Jan 2 19:53:18 ipa smbd[7279]: dcesrv_interface_register: interface 'samr' already registered on endpoint Jan 2 19:53:18 ipa smbd[7279]: [2014/01/02 19:53:18.914853, 0] ../source3/rpc_server/epmapper/srv_epmapper.c:378(_epm_Insert) Jan 2 19:53:18 ipa smbd[7279]: dcesrv_interface_register: interface 'netlogon' already registered on endpoint /var/log/krb5kdc.log Jan 02 19:27:37 ipa.wibble.com krb5kdc[6611](info): AS_REQ (4 etypes {18 17 16 23}) 10.51.120.1: NEEDED_PREAUTH: host/[email protected] for krbtgt/[email protected], Additional pre-authentication required Jan 02 19:27:37 ipa.wibble.com krb5kdc[6611](info): AS_REQ (4 etypes {18 17 16 23}) 10.51.120.1: ISSUE: authtime 1388690857, etypes {rep=18 tkt=18 ses=18}, host/[email protected] for krbtgt/[email protected] Jan 02 19:27:37 ipa.wibble.com krb5kdc[6611](info): TGS_REQ (4 etypes {18 17 16 23}) 10.51.120.1: ISSUE: authtime 1388690857, etypes {rep=18 tkt=18 ses=18}, host/[email protected] for ldap/[email protected] /var/log/sssd/* this is using bob@host (prattle.com is the windows domain) https://gist.github.com/anonymous/ff817a251948ff58bdb1 this is using [email protected]@host (prattle.com is the windows domain) https://gist.github.com/anonymous/885d8bfd6cf7d224de93 > > Thanks > Dmitri > >> >> Ta, >> >> Andrew > > > -- > Thank you, > Dmitri Pal > > Sr. Engineering Manager for IdM portfolio > Red Hat Inc. > > > ------------------------------- > Looking to carve out IT costs? > www.redhat.com/carveoutcosts/ > > > _______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
