I have configured trust between AD and IPA and Linux machines are member of IPA domain. When I log into any of the Linux machine and type "w" it does not list the user AD user with which I just logged in.
Is this a expected behaviour or am I missing something?
On Wed, Aug 16, 2017 at 01:04:05PM +0530, Supratik Goswami via FreeIPA-users wrote:
I have configured trust between AD and IPA and Linux machines are member of IPA domain. When I log into any of the Linux machine and type "w" it does not list the user AD user with which I just logged in.
How exactly did you log in?
I'm not sure if my knowledge of these details is correct, but I thought that programs like "w" look at the utmp file which is these days handled by systemd-logind. So I would say that whether the user should be listed also depends on whether the login creates a logind session. Notably "su" does not create a session, but e.g. ssh or login through the text console does.
Typing "loginctl" should give some info as well.
Hi Jakub
I was trying to login to the box as username@addomain.com username@adserver.addomain.com.
After some research I came across this post https://www.freeipa.org/ page/V4/AD_User_Short_Names and I am able to to now login using the user short name it is also now showing after I type "w" but now in the "ps" output it is listing the user id but not the user name.
Any pointers would be greatly appreciated
Thanks!
On Wed, Aug 16, 2017 at 5:59 PM, Jakub Hrozek via FreeIPA-users < freeipa-users@lists.fedorahosted.org> wrote:
On Wed, Aug 16, 2017 at 01:04:05PM +0530, Supratik Goswami via FreeIPA-users wrote:
I have configured trust between AD and IPA and Linux machines are member
of
IPA domain. When I log into any of the Linux machine and type "w" it does not list
the
user AD user with which I just logged in.
How exactly did you log in?
I'm not sure if my knowledge of these details is correct, but I thought that programs like "w" look at the utmp file which is these days handled by systemd-logind. So I would say that whether the user should be listed also depends on whether the login creates a logind session. Notably "su" does not create a session, but e.g. ssh or login through the text console does.
Typing "loginctl" should give some info as well. _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org
On Fri, Aug 18, 2017 at 11:41:02AM +0530, Supratik Goswami wrote:
Hi Jakub
I was trying to login to the box as username@addomain.com username@adserver.addomain.com.
After some research I came across this post https://www.freeipa.org/ page/V4/AD_User_Short_Names and I am able to to now login using the user short name it is also now showing after I type "w" but now in the "ps" output it is listing the user id but not the user name.
What do you mean by user ID? The numeric UID? How do you invoke ps?
What do you mean by user ID? The numeric UID? How do you invoke ps?
Yes, numeric UID. When I type "ps aux" I get the following output
1759001108 2375 0.0 0.4 146900 4084 ? S 08:55 0:00 sshd: testuser@addomain.com@pts/0 1759001108 2376 0.0 0.3 127800 3536 pts/0 Ss 08:55 0:00 -sh 1759001108 2399 0.0 0.2 129656 2544 pts/0 R+ 08:55 0:00 ps aux
I want to see "testuser" instead of "1759001108". How can I achieve it?
On Fri, Aug 18, 2017 at 12:48 PM, Jakub Hrozek jhrozek@redhat.com wrote:
On Fri, Aug 18, 2017 at 11:41:02AM +0530, Supratik Goswami wrote:
Hi Jakub
I was trying to login to the box as username@addomain.com username@adserver.addomain.com.
After some research I came across this post https://www.freeipa.org/ page/V4/AD_User_Short_Names and I am able to to now login using the user short name it is also now showing after I type "w" but now in the "ps" output it is listing the user id but not the user name.
What do you mean by user ID? The numeric UID? How do you invoke ps?
On Fri, Aug 18, 2017 at 03:09:05PM +0530, Supratik Goswami wrote:
What do you mean by user ID? The numeric UID? How do you invoke ps?
Yes, numeric UID. When I type "ps aux" I get the following output
1759001108 2375 0.0 0.4 146900 4084 ? S 08:55 0:00 sshd: testuser@addomain.com@pts/0 1759001108 2376 0.0 0.3 127800 3536 pts/0 Ss 08:55 0:00 -sh 1759001108 2399 0.0 0.2 129656 2544 pts/0 R+ 08:55 0:00 ps aux
I want to see "testuser" instead of "1759001108". How can I achieve it?
Well, that should work. For some reason, the ID-to-name resolution is not working. Does it work at least on the server?
In the IPA server I am getting in the below format
suprati+ 4360 0.0 0.0 172676 2484 ? D 08:20 0:00 sshd: supratik@addomain.com@pts/1 suprati+ 4361 0.0 0.0 125688 2092 pts/1 Ss 08:20 0:00 -bash suprati+ 4383 0.0 0.0 161360 1828 pts/1 R+ 08:20 0:00 ps aux
On Fri, Aug 18, 2017 at 3:22 PM, Jakub Hrozek jhrozek@redhat.com wrote:
On Fri, Aug 18, 2017 at 03:09:05PM +0530, Supratik Goswami wrote:
What do you mean by user ID? The numeric UID? How do you invoke ps?
Yes, numeric UID. When I type "ps aux" I get the following output
1759001108 2375 0.0 0.4 146900 4084 ? S 08:55 0:00 sshd: testuser@addomain.com@pts/0 1759001108 2376 0.0 0.3 127800 3536 pts/0 Ss 08:55 0:00 -sh 1759001108 2399 0.0 0.2 129656 2544 pts/0 R+ 08:55 0:00 ps aux
I want to see "testuser" instead of "1759001108". How can I achieve it?
Well, that should work. For some reason, the ID-to-name resolution is not working. Does it work at least on the server?
In server the ps version is procps-ng version 3.3.10 In the other boxes ps version is procps version 3.2.8
On Fri, Aug 18, 2017 at 5:52 PM, Supratik Goswami supratiksekhar@gmail.com wrote:
In the IPA server I am getting in the below format
suprati+ 4360 0.0 0.0 172676 2484 ? D 08:20 0:00 sshd: supratik@addomain.com@pts/1 suprati+ 4361 0.0 0.0 125688 2092 pts/1 Ss 08:20 0:00 -bash suprati+ 4383 0.0 0.0 161360 1828 pts/1 R+ 08:20 0:00 ps aux
On Fri, Aug 18, 2017 at 3:22 PM, Jakub Hrozek jhrozek@redhat.com wrote:
On Fri, Aug 18, 2017 at 03:09:05PM +0530, Supratik Goswami wrote:
What do you mean by user ID? The numeric UID? How do you invoke ps?
Yes, numeric UID. When I type "ps aux" I get the following output
1759001108 2375 0.0 0.4 146900 4084 ? S 08:55 0:00 sshd: testuser@addomain.com@pts/0 1759001108 2376 0.0 0.3 127800 3536 pts/0 Ss 08:55 0:00 -sh 1759001108 2399 0.0 0.2 129656 2544 pts/0 R+ 08:55 0:00 ps aux
I want to see "testuser" instead of "1759001108". How can I achieve it?
Well, that should work. For some reason, the ID-to-name resolution is not working. Does it work at least on the server?
-- Warm Regards
Supratik
On Fri, Aug 18, 2017 at 05:59:13PM +0530, Supratik Goswami wrote:
In server the ps version is procps-ng version 3.3.10 In the other boxes ps version is procps version 3.2.8
This doesn't matter, the issue is that getpwuid() calls are not working. I suspect the same happens if you own a file by one of these users? Then "ls -l" output in that directory would also show only UIDs, not names?
On Fri, Aug 18, 2017 at 5:52 PM, Supratik Goswami supratiksekhar@gmail.com wrote:
In the IPA server I am getting in the below format
suprati+ 4360 0.0 0.0 172676 2484 ? D 08:20 0:00 sshd: supratik@addomain.com@pts/1 suprati+ 4361 0.0 0.0 125688 2092 pts/1 Ss 08:20 0:00 -bash suprati+ 4383 0.0 0.0 161360 1828 pts/1 R+ 08:20 0:00 ps aux
Can you call "sss_cache -E" on both the client and server,then do: getent passwd 1759001108 and attach the logs from the client (complete) and the server (NSS log is enough) ?
On Fri, Aug 18, 2017 at 3:22 PM, Jakub Hrozek jhrozek@redhat.com wrote:
On Fri, Aug 18, 2017 at 03:09:05PM +0530, Supratik Goswami wrote:
What do you mean by user ID? The numeric UID? How do you invoke ps?
Yes, numeric UID. When I type "ps aux" I get the following output
1759001108 2375 0.0 0.4 146900 4084 ? S 08:55 0:00 sshd: testuser@addomain.com@pts/0 1759001108 2376 0.0 0.3 127800 3536 pts/0 Ss 08:55 0:00 -sh 1759001108 2399 0.0 0.2 129656 2544 pts/0 R+ 08:55 0:00 ps aux
I want to see "testuser" instead of "1759001108". How can I achieve it?
Well, that should work. For some reason, the ID-to-name resolution is not working. Does it work at least on the server?
-- Warm Regards
Supratik
-- Warm Regards
Supratik
When executed in the server I get the below logs
(Fri Aug 18 08:18:26 2017) [sssd[nss]] [orderly_shutdown] (0x0010): SIGTERM: killing children (Fri Aug 18 08:20:04 2017) [sssd[nss]] [orderly_shutdown] (0x0010): SIGTERM: killing children (Fri Aug 18 08:20:11 2017) [sssd[nss]] [orderly_shutdown] (0x0010): SIGTERM: killing children (Fri Aug 18 08:23:32 2017) [sssd[nss]] [orderly_shutdown] (0x0010): SIGTERM: killing children
In the client side the log file is empty
I also looked at the option full_name_format to see if I can use the username and ignore the domain altogether for displaying. As per the documentation "full_name_format parameter sets how the user name and domain name (once determined) are displayed". But when I set it to *full_name_format = %1$s* I am not able to login
On Fri, Aug 18, 2017 at 6:36 PM, Jakub Hrozek jhrozek@redhat.com wrote:
On Fri, Aug 18, 2017 at 05:59:13PM +0530, Supratik Goswami wrote:
In server the ps version is procps-ng version 3.3.10 In the other boxes ps version is procps version 3.2.8
This doesn't matter, the issue is that getpwuid() calls are not working. I suspect the same happens if you own a file by one of these users? Then "ls -l" output in that directory would also show only UIDs, not names?
On Fri, Aug 18, 2017 at 5:52 PM, Supratik Goswami <
supratiksekhar@gmail.com>
wrote:
In the IPA server I am getting in the below format
suprati+ 4360 0.0 0.0 172676 2484 ? D 08:20 0:00 sshd: supratik@addomain.com@pts/1 suprati+ 4361 0.0 0.0 125688 2092 pts/1 Ss 08:20 0:00 -bash suprati+ 4383 0.0 0.0 161360 1828 pts/1 R+ 08:20 0:00 ps aux
Can you call "sss_cache -E" on both the client and server,then do: getent passwd 1759001108 and attach the logs from the client (complete) and the server (NSS log is enough) ?
On Fri, Aug 18, 2017 at 3:22 PM, Jakub Hrozek jhrozek@redhat.com
wrote:
On Fri, Aug 18, 2017 at 03:09:05PM +0530, Supratik Goswami wrote:
What do you mean by user ID? The numeric UID? How do you invoke
ps?
Yes, numeric UID. When I type "ps aux" I get the following output
1759001108 2375 0.0 0.4 146900 4084 ? S 08:55 0:00
sshd:
testuser@addomain.com@pts/0 1759001108 2376 0.0 0.3 127800 3536 pts/0 Ss 08:55 0:00 -sh 1759001108 2399 0.0 0.2 129656 2544 pts/0 R+ 08:55 0:00 ps
aux
I want to see "testuser" instead of "1759001108". How can I achieve
it?
Well, that should work. For some reason, the ID-to-name resolution is not working. Does it work at least on the server?
-- Warm Regards
Supratik
-- Warm Regards
Supratik
On Fri, Aug 18, 2017 at 07:13:13PM +0530, Supratik Goswami via FreeIPA-users wrote:
When executed in the server I get the below logs
(Fri Aug 18 08:18:26 2017) [sssd[nss]] [orderly_shutdown] (0x0010): SIGTERM: killing children (Fri Aug 18 08:20:04 2017) [sssd[nss]] [orderly_shutdown] (0x0010): SIGTERM: killing children (Fri Aug 18 08:20:11 2017) [sssd[nss]] [orderly_shutdown] (0x0010): SIGTERM: killing children (Fri Aug 18 08:23:32 2017) [sssd[nss]] [orderly_shutdown] (0x0010): SIGTERM: killing children
In the client side the log file is empty
Well, we don't log anything by default, you need to increase the debug level. See https://docs.pagure.org/SSSD.sssd/users/troubleshooting.html
I also looked at the option full_name_format to see if I can use the username and ignore the domain altogether for displaying. As per the documentation "full_name_format parameter sets how the user name and domain name (once determined) are displayed". But when I set it to *full_name_format = %1$s* I am not able to login
This won't work on the server at least, but should work on the clients. But I would suggest to not change the defaults much and only deviate from the defaults once the baseline works.
On Fri, Aug 18, 2017 at 7:20 PM, Jakub Hrozek via FreeIPA-users < freeipa-users@lists.fedorahosted.org> wrote:
On Fri, Aug 18, 2017 at 07:13:13PM +0530, Supratik Goswami via FreeIPA-users wrote:
When executed in the server I get the below logs
(Fri Aug 18 08:18:26 2017) [sssd[nss]] [orderly_shutdown] (0x0010): SIGTERM: killing children (Fri Aug 18 08:20:04 2017) [sssd[nss]] [orderly_shutdown] (0x0010): SIGTERM: killing children (Fri Aug 18 08:20:11 2017) [sssd[nss]] [orderly_shutdown] (0x0010): SIGTERM: killing children (Fri Aug 18 08:23:32 2017) [sssd[nss]] [orderly_shutdown] (0x0010): SIGTERM: killing children
In the client side the log file is empty
Well, we don't log anything by default, you need to increase the debug level. See https://docs.pagure.org/SSSD.sssd/users/troubleshooting.html
I have set the debug level to 9 but still does not log anything.
debug_level = 9
I also looked at the option full_name_format to see if I can use the username and ignore the domain altogether for displaying. As per the documentation "full_name_format parameter sets how the user
name
and domain name (once determined) are displayed". But when I set it to *full_name_format = %1$s* I am not able to login
This won't work on the server at least, but should work on the clients. But I would suggest to not change the defaults much and only deviate from the defaults once the baseline works.
I am trying at the client side but after I update this parameter login breaks completely.
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org
Here is my sssd.conf file
[sssd] config_file_version = 2 services = nss, sudo, pam, ssh domains = ipadomain.com default_domain_suffix = adadomain.com full_name_format = %1$s
[nss] homedir_substring = /home
[domain/ipadomain.com] krb5_use_enterprise_principal = True
debug_level = 9 krb5_store_password_if_offline = True id_provider = ipa auth_provider = ipa access_provider = ipa cache_credentials = True krb5_store_password_if_offline = True ipa_domain = ipadomain.com ipa_hostname = ef01.ipadomain.com ipa_server = ipa01.ipadomain.com chpass_provider = ipa ldap_tls_cacert = /etc/ipa/ca.crt dns_discovery_domain = ipadomain.com
entry_cache_timeout = 60 [pam]
[sudo]
[autofs]
[ssh]
[pac]
[ifp]
On Fri, Aug 18, 2017 at 7:28 PM, Supratik Goswami supratiksekhar@gmail.com wrote:
On Fri, Aug 18, 2017 at 7:20 PM, Jakub Hrozek via FreeIPA-users < freeipa-users@lists.fedorahosted.org> wrote:
On Fri, Aug 18, 2017 at 07:13:13PM +0530, Supratik Goswami via FreeIPA-users wrote:
When executed in the server I get the below logs
(Fri Aug 18 08:18:26 2017) [sssd[nss]] [orderly_shutdown] (0x0010): SIGTERM: killing children (Fri Aug 18 08:20:04 2017) [sssd[nss]] [orderly_shutdown] (0x0010): SIGTERM: killing children (Fri Aug 18 08:20:11 2017) [sssd[nss]] [orderly_shutdown] (0x0010): SIGTERM: killing children (Fri Aug 18 08:23:32 2017) [sssd[nss]] [orderly_shutdown] (0x0010): SIGTERM: killing children
In the client side the log file is empty
Well, we don't log anything by default, you need to increase the debug level. See https://docs.pagure.org/SSSD.sssd/users/troubleshooting.html
I have set the debug level to 9 but still does not log anything.
debug_level = 9
I also looked at the option full_name_format to see if I can use the username and ignore the domain altogether for displaying. As per the documentation "full_name_format parameter sets how the user
name
and domain name (once determined) are displayed". But when I set it to *full_name_format = %1$s* I am not able to login
This won't work on the server at least, but should work on the clients. But I would suggest to not change the defaults much and only deviate from the defaults once the baseline works.
I am trying at the client side but after I update this parameter login breaks completely.
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedo rahosted.org
-- Warm Regards
Supratik
On Fri, Aug 18, 2017 at 07:38:21PM +0530, Supratik Goswami wrote:
Here is my sssd.conf file
[sssd] config_file_version = 2 services = nss, sudo, pam, ssh domains = ipadomain.com default_domain_suffix = adadomain.com full_name_format = %1$s
[nss] homedir_substring = /home
--> the debug_level goes here
[domain/ipadomain.com] krb5_use_enterprise_principal = True
debug_level = 9 krb5_store_password_if_offline = True id_provider = ipa auth_provider = ipa access_provider = ipa cache_credentials = True krb5_store_password_if_offline = True ipa_domain = ipadomain.com ipa_hostname = ef01.ipadomain.com ipa_server = ipa01.ipadomain.com chpass_provider = ipa ldap_tls_cacert = /etc/ipa/ca.crt dns_discovery_domain = ipadomain.com
entry_cache_timeout = 60 [pam]
[sudo]
[autofs]
[ssh]
[pac]
[ifp]
On Fri, Aug 18, 2017 at 7:28 PM, Supratik Goswami supratiksekhar@gmail.com wrote:
On Fri, Aug 18, 2017 at 7:20 PM, Jakub Hrozek via FreeIPA-users < freeipa-users@lists.fedorahosted.org> wrote:
On Fri, Aug 18, 2017 at 07:13:13PM +0530, Supratik Goswami via FreeIPA-users wrote:
When executed in the server I get the below logs
(Fri Aug 18 08:18:26 2017) [sssd[nss]] [orderly_shutdown] (0x0010): SIGTERM: killing children (Fri Aug 18 08:20:04 2017) [sssd[nss]] [orderly_shutdown] (0x0010): SIGTERM: killing children (Fri Aug 18 08:20:11 2017) [sssd[nss]] [orderly_shutdown] (0x0010): SIGTERM: killing children (Fri Aug 18 08:23:32 2017) [sssd[nss]] [orderly_shutdown] (0x0010): SIGTERM: killing children
In the client side the log file is empty
Well, we don't log anything by default, you need to increase the debug level. See https://docs.pagure.org/SSSD.sssd/users/troubleshooting.html
I have set the debug level to 9 but still does not log anything.
debug_level = 9
I also looked at the option full_name_format to see if I can use the username and ignore the domain altogether for displaying. As per the documentation "full_name_format parameter sets how the user
name
and domain name (once determined) are displayed". But when I set it to *full_name_format = %1$s* I am not able to login
This won't work on the server at least, but should work on the clients. But I would suggest to not change the defaults much and only deviate from the defaults once the baseline works.
I am trying at the client side but after I update this parameter login breaks completely.
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedo rahosted.org
-- Warm Regards
Supratik
-- Warm Regards
Supratik
Yes, sorry my mistake.
Please find the log entries from both server and client
On Fri, Aug 18, 2017 at 7:46 PM, Jakub Hrozek jhrozek@redhat.com wrote:
On Fri, Aug 18, 2017 at 07:38:21PM +0530, Supratik Goswami wrote:
Here is my sssd.conf file
[sssd] config_file_version = 2 services = nss, sudo, pam, ssh domains = ipadomain.com default_domain_suffix = adadomain.com full_name_format = %1$s
[nss] homedir_substring = /home
--> the debug_level goes here
[domain/ipadomain.com] krb5_use_enterprise_principal = True
debug_level = 9 krb5_store_password_if_offline = True id_provider = ipa auth_provider = ipa access_provider = ipa cache_credentials = True krb5_store_password_if_offline = True ipa_domain = ipadomain.com ipa_hostname = ef01.ipadomain.com ipa_server = ipa01.ipadomain.com chpass_provider = ipa ldap_tls_cacert = /etc/ipa/ca.crt dns_discovery_domain = ipadomain.com
entry_cache_timeout = 60 [pam]
[sudo]
[autofs]
[ssh]
[pac]
[ifp]
On Fri, Aug 18, 2017 at 7:28 PM, Supratik Goswami <
supratiksekhar@gmail.com>
wrote:
On Fri, Aug 18, 2017 at 7:20 PM, Jakub Hrozek via FreeIPA-users < freeipa-users@lists.fedorahosted.org> wrote:
On Fri, Aug 18, 2017 at 07:13:13PM +0530, Supratik Goswami via FreeIPA-users wrote:
When executed in the server I get the below logs
(Fri Aug 18 08:18:26 2017) [sssd[nss]] [orderly_shutdown] (0x0010): SIGTERM: killing children (Fri Aug 18 08:20:04 2017) [sssd[nss]] [orderly_shutdown] (0x0010): SIGTERM: killing children (Fri Aug 18 08:20:11 2017) [sssd[nss]] [orderly_shutdown] (0x0010): SIGTERM: killing children (Fri Aug 18 08:23:32 2017) [sssd[nss]] [orderly_shutdown] (0x0010): SIGTERM: killing children
In the client side the log file is empty
Well, we don't log anything by default, you need to increase the debug level. See https://docs.pagure.org/SSSD.sssd/users/troubleshooting.
html
I have set the debug level to 9 but still does not log anything.
debug_level = 9
I also looked at the option full_name_format to see if I can use the username and ignore the domain altogether for displaying. As per the documentation "full_name_format parameter sets how the
user
name
and domain name (once determined) are displayed". But when I set it to *full_name_format = %1$s* I am not able to
login
This won't work on the server at least, but should work on the
clients.
But I would suggest to not change the defaults much and only deviate from the defaults once the baseline works.
I am trying at the client side but after I update this parameter login breaks completely.
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedo rahosted.org
-- Warm Regards
Supratik
-- Warm Regards
Supratik
The client and server logs are 4 hours apart, do you have log files that capture the same time interval?
On Fri, Aug 18, 2017 at 07:52:44PM +0530, Supratik Goswami wrote:
Yes, sorry my mistake.
Please find the log entries from both server and client
On Fri, Aug 18, 2017 at 7:46 PM, Jakub Hrozek jhrozek@redhat.com wrote:
On Fri, Aug 18, 2017 at 07:38:21PM +0530, Supratik Goswami wrote:
Here is my sssd.conf file
[sssd] config_file_version = 2 services = nss, sudo, pam, ssh domains = ipadomain.com default_domain_suffix = adadomain.com full_name_format = %1$s
[nss] homedir_substring = /home
--> the debug_level goes here
[domain/ipadomain.com] krb5_use_enterprise_principal = True
debug_level = 9 krb5_store_password_if_offline = True id_provider = ipa auth_provider = ipa access_provider = ipa cache_credentials = True krb5_store_password_if_offline = True ipa_domain = ipadomain.com ipa_hostname = ef01.ipadomain.com ipa_server = ipa01.ipadomain.com chpass_provider = ipa ldap_tls_cacert = /etc/ipa/ca.crt dns_discovery_domain = ipadomain.com
entry_cache_timeout = 60 [pam]
[sudo]
[autofs]
[ssh]
[pac]
[ifp]
On Fri, Aug 18, 2017 at 7:28 PM, Supratik Goswami <
supratiksekhar@gmail.com>
wrote:
On Fri, Aug 18, 2017 at 7:20 PM, Jakub Hrozek via FreeIPA-users < freeipa-users@lists.fedorahosted.org> wrote:
On Fri, Aug 18, 2017 at 07:13:13PM +0530, Supratik Goswami via FreeIPA-users wrote:
When executed in the server I get the below logs
(Fri Aug 18 08:18:26 2017) [sssd[nss]] [orderly_shutdown] (0x0010): SIGTERM: killing children (Fri Aug 18 08:20:04 2017) [sssd[nss]] [orderly_shutdown] (0x0010): SIGTERM: killing children (Fri Aug 18 08:20:11 2017) [sssd[nss]] [orderly_shutdown] (0x0010): SIGTERM: killing children (Fri Aug 18 08:23:32 2017) [sssd[nss]] [orderly_shutdown] (0x0010): SIGTERM: killing children
In the client side the log file is empty
Well, we don't log anything by default, you need to increase the debug level. See https://docs.pagure.org/SSSD.sssd/users/troubleshooting.
html
I have set the debug level to 9 but still does not log anything.
debug_level = 9
I also looked at the option full_name_format to see if I can use the username and ignore the domain altogether for displaying. As per the documentation "full_name_format parameter sets how the
user
name
and domain name (once determined) are displayed". But when I set it to *full_name_format = %1$s* I am not able to
login
This won't work on the server at least, but should work on the
clients.
But I would suggest to not change the defaults much and only deviate from the defaults once the baseline works.
I am trying at the client side but after I update this parameter login breaks completely.
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedo rahosted.org
-- Warm Regards
Supratik
-- Warm Regards
Supratik
-- Warm Regards
Supratik
Hi Jakub
The logs are captured at the same time from both servers, you are seeing this difference because of different timezone setting. IPA server was at EDT and the Linux machine is set to UTC, I have made that fix now. Do you want me to send the logs again?
On Mon, Aug 21, 2017 at 8:12 PM, Jakub Hrozek jhrozek@redhat.com wrote:
The client and server logs are 4 hours apart, do you have log files that capture the same time interval?
On Fri, Aug 18, 2017 at 07:52:44PM +0530, Supratik Goswami wrote:
Yes, sorry my mistake.
Please find the log entries from both server and client
On Fri, Aug 18, 2017 at 7:46 PM, Jakub Hrozek jhrozek@redhat.com
wrote:
On Fri, Aug 18, 2017 at 07:38:21PM +0530, Supratik Goswami wrote:
Here is my sssd.conf file
[sssd] config_file_version = 2 services = nss, sudo, pam, ssh domains = ipadomain.com default_domain_suffix = adadomain.com full_name_format = %1$s
[nss] homedir_substring = /home
--> the debug_level goes here
[domain/ipadomain.com] krb5_use_enterprise_principal = True
debug_level = 9 krb5_store_password_if_offline = True id_provider = ipa auth_provider = ipa access_provider = ipa cache_credentials = True krb5_store_password_if_offline = True ipa_domain = ipadomain.com ipa_hostname = ef01.ipadomain.com ipa_server = ipa01.ipadomain.com chpass_provider = ipa ldap_tls_cacert = /etc/ipa/ca.crt dns_discovery_domain = ipadomain.com
entry_cache_timeout = 60 [pam]
[sudo]
[autofs]
[ssh]
[pac]
[ifp]
On Fri, Aug 18, 2017 at 7:28 PM, Supratik Goswami <
supratiksekhar@gmail.com>
wrote:
On Fri, Aug 18, 2017 at 7:20 PM, Jakub Hrozek via FreeIPA-users < freeipa-users@lists.fedorahosted.org> wrote:
On Fri, Aug 18, 2017 at 07:13:13PM +0530, Supratik Goswami via FreeIPA-users wrote: > When executed in the server I get the below logs > > (Fri Aug 18 08:18:26 2017) [sssd[nss]] [orderly_shutdown]
(0x0010):
> SIGTERM: killing children > (Fri Aug 18 08:20:04 2017) [sssd[nss]] [orderly_shutdown]
(0x0010):
> SIGTERM: killing children > (Fri Aug 18 08:20:11 2017) [sssd[nss]] [orderly_shutdown]
(0x0010):
> SIGTERM: killing children > (Fri Aug 18 08:23:32 2017) [sssd[nss]] [orderly_shutdown]
(0x0010):
> SIGTERM: killing children > > In the client side the log file is empty
Well, we don't log anything by default, you need to increase the
debug
level. See https://docs.pagure.org/SSSD.
sssd/users/troubleshooting.
html
I have set the debug level to 9 but still does not log anything.
debug_level = 9
> > I also looked at the option full_name_format to see if I can
use the
> username and ignore the domain altogether for displaying. > As per the documentation "full_name_format parameter sets how
the
user
name > and domain name (once determined) are displayed". > But when I set it to *full_name_format = %1$s* I am not able to
login
This won't work on the server at least, but should work on the
clients.
But I would suggest to not change the defaults much and only
deviate
from the defaults once the baseline works.
I am trying at the client side but after I update this parameter
login
breaks completely.
FreeIPA-users mailing list -- freeipa-users@lists.
fedorahosted.org
To unsubscribe send an email to freeipa-users-leave@lists.fedo rahosted.org
-- Warm Regards
Supratik
-- Warm Regards
Supratik
-- Warm Regards
Supratik
On Wed, Aug 23, 2017 at 06:43:04PM +0530, Supratik Goswami wrote:
Hi Jakub
The logs are captured at the same time from both servers, you are seeing this difference because of different timezone setting. IPA server was at EDT and the Linux machine is set to UTC, I have made that fix now. Do you want me to send the logs again?
Yes, but this time also with domain logs from the client, because the client nss logs indicate that something has gone wrong on the client side while processing the reply, but I don't see anything wrong in the server's nss logs.
freeipa-users@lists.fedorahosted.org