Answer the question
In order to leave comments, you need to log in
A
A
Andrey2022-03-09 14:22:24
Andrey, 2022-03-09 14:22:24
FreeIPA trust relationship with AD, does not let under accounts from AD?
there is a domain on FreeIPA, trust relations with AD are established and it all seems to have taken off, but there is a problem - on machines that FreeIPA stops running in the domain under accounts from AD, that is, you can either log in or not.
In the logs at this moment:
spoiler
-- Результат: done.
мар 09 13:57:16 polyakov.freeipa.local sssd_pac[36353]: Starting up
мар 09 13:57:26 polyakov.freeipa.local sudo[36357]: root : TTY=pts/0 ; PWD=/home/polyakov ; USER=root ; COMMAND=/usr/bin/su
мар 09 13:57:26 polyakov.freeipa.local sudo[36357]: pam_unix(sudo:session): session opened for user root by polyakov(uid=0)
мар 09 13:57:26 polyakov.freeipa.local su[36358]: (to root) polyakov on pts/0
мар 09 13:57:26 polyakov.freeipa.local su[36358]: pam_unix(su:session): session opened for user root by polyakov(uid=0)
мар 09 13:58:04 polyakov.freeipa.local sshd[36388]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.1.9.82 [email protected]
мар 09 13:58:05 polyakov.freeipa.local sshd[36388]: pam_sss(sshd:auth): authentication success; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.1.9.82 [email protected]
мар 09 13:59:35 polyakov.freeipa.local sssd_be[584]: GSSAPI client step 1
мар 09 13:59:35 polyakov.freeipa.local sssd_be[584]: GSSAPI client step 1
мар 09 13:59:35 polyakov.freeipa.local sssd_be[584]: GSSAPI client step 1
мар 09 13:59:35 polyakov.freeipa.local sssd_be[584]: GSSAPI client step 2
мар 09 13:59:41 polyakov.freeipa.local sssd_be[584]: GSSAPI client step 1
мар 09 13:59:41 polyakov.freeipa.local sssd_be[584]: GSSAPI client step 1
мар 09 13:59:41 polyakov.freeipa.local sssd_be[584]: GSSAPI client step 1
мар 09 13:59:41 polyakov.freeipa.local sssd_be[584]: GSSAPI client step 2
мар 09 13:59:54 polyakov.freeipa.local xrdp-sesman[597]: (597)(140446557468224)[INFO ] ++ reconnected session: username [email protected], display :10.0, session_pid 1167, ip ::ffff:10.>
мар 09 13:59:54 polyakov.freeipa.local xrdp-sesman[597]: (597)(140446557468224)[DEBUG] Closed socket 9 (AF_INET6 ::1 port 3350)
мар 09 13:59:54 polyakov.freeipa.local xrdp-sesman[597]: (597)(140446557468224)[INFO ] A connection received from ::1 port 57250
мар 09 13:59:54 polyakov.freeipa.local xrdp-sesman[597]: pam_unix(xrdp-sesman:auth): authentication failure; logname= uid=0 euid=0 tty=xrdp-sesman ruser= rhost= [email protected]
мар 09 13:59:54 polyakov.freeipa.local xrdp-sesman[597]: pam_sss(xrdp-sesman:auth): authentication success; logname= uid=0 euid=0 tty=xrdp-sesman ruser= rhost= [email protected]
мар 09 13:59:56 polyakov.freeipa.local xrdp-sesman[597]: (597)(140446557468224)[INFO ] ++ reconnected session: username [email protected], display :10.0, session_pid 1167, ip ::ffff:10.>
мар 09 13:59:56 polyakov.freeipa.local xrdp-sesman[597]: (597)(140446557468224)[DEBUG] Closed socket 4 (AF_INET6 ::1 port 3350)
мар 09 14:01:04 polyakov.freeipa.local sssd_be[584]: GSSAPI client step 1
мар 09 14:01:04 polyakov.freeipa.local sssd_be[584]: GSSAPI client step 1
мар 09 14:01:04 polyakov.freeipa.local sssd_be[584]: GSSAPI client step 1
мар 09 14:01:04 polyakov.freeipa.local sssd_be[584]: GSSAPI client step 2
мар 09 14:01:04 polyakov.freeipa.local sssd_be[584]: GSSAPI client step 1
мар 09 14:01:04 polyakov.freeipa.local sssd_be[584]: GSSAPI client step 1
мар 09 14:01:04 polyakov.freeipa.local sssd_be[584]: GSSAPI client step 1
мар 09 14:01:04 polyakov.freeipa.local sssd_be[584]: GSSAPI client step 2The machines are different, the behavior is the same, sometimes it starts up via ssh / xrdp, sometimes it doesn’t ......
Google has already turned it over, I can’t understand where the rake is.
Similar questions
U
B
L
Y
N
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question