Hey Freeipa users!
Proxmox supports pam logins from webui and it is debian based.
I've used the following guide to install freeipa unofficial packages. http://clusterfrak.com/sysops/app_installs/freeipa_clients/
The ipa client installation went smoothly but... I can not see the users and login.
# id freeipauser id: 'freeipauser': no such user
Does someone know about a documentation for the detailed troubleshooting steps that need to be taken to check pam/sssd/related.
My pam.d common-session file: session [default=1] pam_permit.so session requisite pam_deny.so session required pam_permit.so session required pam_unix.so session optional pam_sss.so session optional pam_systemd.so session required pam_mkhomedir.so
cat sssd.conf [domain/domain.int]
cache_credentials = True krb5_store_password_if_offline = True ipa_domain = domain.int id_provider = ipa auth_provider = ipa access_provider = ipa ipa_hostname = proxmox.domain.int chpass_provider = ipa ipa_server = _srv_, freeipa1.domain.int ldap_tls_cacert = /etc/ipa/ca.crt [sssd] domains = domain.int services = sudo, ssh [ssh]
[sudo]
Any idea what is the first troubleshooting step?
On Thu, Sep 07, 2017 at 11:02:50AM +0200, Maciej Drobniuch via FreeIPA-users wrote:
Hey Freeipa users!
Proxmox supports pam logins from webui and it is debian based.
I've used the following guide to install freeipa unofficial packages. http://clusterfrak.com/sysops/app_installs/freeipa_clients/
The ipa client installation went smoothly but... I can not see the users and login.
# id freeipauser id: 'freeipauser': no such user
Does someone know about a documentation for the detailed troubleshooting steps that need to be taken to check pam/sssd/related.
Start here: https://docs.pagure.org/SSSD.sssd/users/troubleshooting.html
This helps. Thank you for the link!
M.
On Thu, Sep 7, 2017 at 1:31 PM, Jakub Hrozek via FreeIPA-users < freeipa-users@lists.fedorahosted.org> wrote:
On Thu, Sep 07, 2017 at 11:02:50AM +0200, Maciej Drobniuch via FreeIPA-users wrote:
Hey Freeipa users!
Proxmox supports pam logins from webui and it is debian based.
I've used the following guide to install freeipa unofficial packages. http://clusterfrak.com/sysops/app_installs/freeipa_clients/
The ipa client installation went smoothly but... I can not see the users and login.
# id freeipauser id: 'freeipauser': no such user
Does someone know about a documentation for the detailed troubleshooting steps that need to be taken to check pam/sssd/related.
Start here: https://docs.pagure.org/SSSD.sssd/users/troubleshooting.html _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org
Hey
So looking at the logs, sssd did not get any request. The solution was to add nss and pam into the sssd section of sssd.conf
[sssd] services = sudo, ssh, nss, pam
Thanks Kuba for your help! :)
M.
On Fri, Sep 8, 2017 at 10:02 AM, Maciej Drobniuch md@collective-sense.com wrote:
This helps. Thank you for the link!
M.
On Thu, Sep 7, 2017 at 1:31 PM, Jakub Hrozek via FreeIPA-users < freeipa-users@lists.fedorahosted.org> wrote:
On Thu, Sep 07, 2017 at 11:02:50AM +0200, Maciej Drobniuch via FreeIPA-users wrote:
Hey Freeipa users!
Proxmox supports pam logins from webui and it is debian based.
I've used the following guide to install freeipa unofficial packages. http://clusterfrak.com/sysops/app_installs/freeipa_clients/
The ipa client installation went smoothly but... I can not see the users and login.
# id freeipauser id: 'freeipauser': no such user
Does someone know about a documentation for the detailed troubleshooting steps that need to be taken to check pam/sssd/related.
Start here: https://docs.pagure.org/SSSD.sssd/users/troubleshooting.html _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedo rahosted.org
-- Best regards
Maciej Drobniuch Network Security Engineer Collective-Sense,LLC
You may want to look at authconfig for doing that in the future, I don't think it will be overridden on update (that was a bug once I believe), but running it for some other reason could alter what you intend to be set up. authconfig maintains a state file in /etc/sysconfig and will set things as it was told to, manual changes are not registered so "mysterious" problems can occur months and years later if one is not careful.
On Fri, Sep 8, 2017 at 5:21 AM, Maciej Drobniuch via FreeIPA-users < freeipa-users@lists.fedorahosted.org> wrote:
Hey
So looking at the logs, sssd did not get any request. The solution was to add nss and pam into the sssd section of sssd.conf
[sssd] services = sudo, ssh, nss, pam
Thanks Kuba for your help! :)
M.
On Fri, Sep 8, 2017 at 10:02 AM, Maciej Drobniuch <md@collective-sense.com
wrote:
This helps. Thank you for the link!
M.
On Thu, Sep 7, 2017 at 1:31 PM, Jakub Hrozek via FreeIPA-users < freeipa-users@lists.fedorahosted.org> wrote:
On Thu, Sep 07, 2017 at 11:02:50AM +0200, Maciej Drobniuch via FreeIPA-users wrote:
Hey Freeipa users!
Proxmox supports pam logins from webui and it is debian based.
I've used the following guide to install freeipa unofficial packages. http://clusterfrak.com/sysops/app_installs/freeipa_clients/
The ipa client installation went smoothly but... I can not see the
users
and login.
# id freeipauser id: 'freeipauser': no such user
Does someone know about a documentation for the detailed
troubleshooting
steps that need to be taken to check pam/sssd/related.
Start here: https://docs.pagure.org/SSSD.sssd/users/troubleshooting.html _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedo rahosted.org
-- Best regards
Maciej Drobniuch Network Security Engineer Collective-Sense,LLC
-- Best regards
Maciej Drobniuch Network Security Engineer Collective-Sense,LLC
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org
freeipa-users@lists.fedorahosted.org
-
Bob Rentschler -
Jakub Hrozek -
Maciej Drobniuch