Right.
From server: root@jota:/home/alongina# rpc.idmapd -f -vvv rpc.idmapd: libnfsidmap: using domain: nat.c.example.com rpc.idmapd: libnfsidmap: Realms list: 'NAT.C.EXAMPLE.COM' rpc.idmapd: libnfsidmap: processing 'Method' list rpc.idmapd: libnfsidmap: loaded plugin /lib/x86_64-linux-gnu/libnfsidmap/nsswitch.so for method nsswitch
rpc.idmapd: Expiration time is 600 seconds. rpc.idmapd: Opened /proc/net/rpc/nfs4.nametoid/channel rpc.idmapd: Opened /proc/net/rpc/nfs4.idtoname/channel rpc.idmapd: nfsdcb: authbuf=gss/krb5p authtype=user rpc.idmapd: Server : (user) id "0" -> name "root@nat.c.example.com" rpc.idmapd: nfsdcb: authbuf=gss/krb5p authtype=group rpc.idmapd: Server : (group) id "0" -> name "root@nat.c.example.com" rpc.idmapd: nfsdcb: authbuf=gss/krb5p authtype=user rpc.idmapd: Server : (user) id "1000" -> name "alongina@nat.c.example.com" rpc.idmapd: nfsdcb: authbuf=gss/krb5p authtype=group rpc.idmapd: Server : (group) id "1000" -> name "alongina@nat.c.example.com" rpc.idmapd: nfsdcb: authbuf=gss/krb5p authtype=user rpc.idmapd: Server : (user) id "332405654" -> name "longina@nat.c.example.com" rpc.idmapd: nfsdcb: authbuf=gss/krb5p authtype=group rpc.idmapd: Server : (group) id "332400513" -> name "domain users@nat.c.example.com"
Best/Mange hilsner Longina
-----Original Message----- From: sssd-users-bounces@lists.fedorahosted.org [mailto:sssd-users-bounces@lists.fedorahosted.org] On Behalf Of John Hodrien Sent: 12. marts 2014 11:54 To: End-user discussions about the System Security Services Daemon Subject: Re: [SSSD-users] no permission -sssd-1.11.1 Trusty automount nfs4+krb
On Wed, 12 Mar 2014, Longina Przybyszewska wrote:
I login from GUI (lightdm) and ssh with AD passwd - in both cases no permissions. SSh allows me to login to "/". GUI throw my away.
I use AD as provider for everything Ssh jedi.nat.c.example.com Last login: Wed Mar 12 09:43:32 2014 from ariadne.a.example.org Could not chdir to home directory /home/longina: Permission denied -bash: /home/longina/.bash_profile: Permission denied longina@jedi:/$ klist Ticket cache: FILE:/tmp/krb5cc_332405654_RsFXEu Default principal: longina@NAT.C.EXAMPLE.ORG
Valid starting Expires Service principal 03/12/2014 11:27:21 03/12/2014 21:27:21 krbtgt/NAT.C.EXAMPLE.ORG@NAT.C.EXAMPLE.ORG renew until 03/13/2014 11:27:21 03/12/2014 11:27:22 03/12/2014 21:27:21 nfs/jota.nat.example.org@NAT.C.EXAMPLE.ORG renew until 03/13/2014 11:27:21 longina@jedi:/$
Your principal is what you expect, you're getting a service principal for what you expect to be connecting to, but you're getting permission denied at the far end.
rpc.idmapd issues on the server?
Have you run that with debugging and seen what it's up to?
jh _______________________________________________ sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users