hi
Where would be a good place to look in either sssd or somewhere in the system if we are seeing a mixture of UserID lookups in this format:
username@domain.example.com <--- this makes sense
BUT - also seeing:
username@domain.example.com@domain.eexample.com <--- This does not??
I am very confused as to how this might be getting sent to PAM for the lookups and because of it we see random PAM "System Error"s
I do have in krb5.conf
[domain_realm] .domain.example.com = DOMAIN.EXAMPLE.COM domain.example.com = DOMAIN.EXAMPLE.COM prodhost1.domain.example.com = DOMAIN.EXAMPLE.COM
But this seems to have been set after the ipa-client-install - so I am a little confused?
Any suggestions? Kat
On Thu, Jun 07, 2018 at 12:33:56PM -0500, Kat via FreeIPA-users wrote:
hi
Where would be a good place to look in either sssd or somewhere in the system if we are seeing a mixture of UserID lookups in this format:
username@domain.example.com <--- this makes sense
BUT - also seeing:
username@domain.example.com@domain.eexample.com <--- This does not??
Where do you see these? In some logs?
I am very confused as to how this might be getting sent to PAM for the lookups and because of it we see random PAM "System Error"s
I do have in krb5.conf
[domain_realm] .domain.example.com = DOMAIN.EXAMPLE.COM domain.example.com = DOMAIN.EXAMPLE.COM prodhost1.domain.example.com = DOMAIN.EXAMPLE.COM
But this seems to have been set after the ipa-client-install - so I am a little confused?
Any suggestions? Kat _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/freeipa-users@lists.fedorahost...
freeipa-users@lists.fedorahosted.org