Hi freeipa-users!
My IPA users occasionally report these issues:
1. Unable to login (failed pub key) via ssh on linux server
2. Missing shell (defaulted to sh, instead of bash or zsh) after ssh login on linux server
3. Missing home directory after ssh login on linux server
All of the users are present in ActiveDirectory (domain=ad.lan), and attributes are set (sshPublicKey and loginShell).
AD and FreeIPA are trusting each other. Linux servers are joined to domain (domain=ipa.lan).
I can confirm (1) fails when I run: /usr/bin/sss_ssh_authorizedkeys user(a)ad.lan. It returns empty. Repeated runs return the same result - nothing.
And both (2) and (3) happen without noticeable correlation to any other event.
I can confirm it by running getent passwd user(a)ad.lan. It displays some fields (either home folder or shell) as empty.
Issue (1) can be fixed with restarting sssd service and sss_cache -E.
Issue (2) mostly fixes itself after X amount of time (sometimes a minute, something an hour).
Issue (3) can be fixed same as (1), but sometimes also when repeating ssh connection (logout/login).
And as you might think: it's tiresome. :)
Does it make sense to you? Which logs would be most useful to get the bottom of this?
Note:
AD servers 2016
Freeipa version v4.6.4 (both servers and clients) on Centos 7.