FreeIPA client on workstations
Clash Royale CLAN TAG#URR8PPP
up vote
0
down vote
favorite
I have set up a FreeIPA server, and I am having trouble getting my workstations to log in with the enterprise account. I have been Googling my issues for the last 3 hours or so, but no luck.
I have have my IPA server running on Fedora 27 Server, with the DNS set up as well. I have 2 Fedora Workstation machines, one a desktop, the other a laptop. I installed freeipa-client, set my DNS to my ipa-server and ipa-client-install --mkhomedir --force-ntpd ran with no errors. I ran kinit admin and klist shows the expected output.
I then went to the the Users GUI in the Gnome Settings, and went through the Enterprise Account set up. When I logged out, I could see the FreeIPA account in GDM, but I get prompted for username after selecting it, and then I cannot log in with the correct password with either username or username@EXAMPLE.COM, and even after creating a homedir manually and setting the permissions so the enterprise uid:gid own the folder.
After a reboot, the Enterprise Account disappears from the Users list, and klist cannot find the keyring. I have retried kinit under a user account and root, but not luck after a restart. I then tried editing /etc/krb5.conf and setting my default_ccache_name to a directory under /var/ instead of the KEYRING:persistant, and klist seems to persist after restarts, and my Enterprise account shows up after restarts, but I am unable to log in.
I am not sure how to proceed, if I need to edit krb5.conf, sssd configs, or freeipa configs, or if I need to do something completely different. Any help or suggestions would be greatly appreciated. If any logs should be posted, let me know.
fedora gnome3 kerberos sssd freeipa
asked Apr 27 at 0:22
zgangwer20
11
add a comment |Â
up vote
0
down vote
favorite
I have set up a FreeIPA server, and I am having trouble getting my workstations to log in with the enterprise account. I have been Googling my issues for the last 3 hours or so, but no luck.
I have have my IPA server running on Fedora 27 Server, with the DNS set up as well. I have 2 Fedora Workstation machines, one a desktop, the other a laptop. I installed freeipa-client, set my DNS to my ipa-server and ipa-client-install --mkhomedir --force-ntpd ran with no errors. I ran kinit admin and klist shows the expected output.
I then went to the the Users GUI in the Gnome Settings, and went through the Enterprise Account set up. When I logged out, I could see the FreeIPA account in GDM, but I get prompted for username after selecting it, and then I cannot log in with the correct password with either username or username@EXAMPLE.COM, and even after creating a homedir manually and setting the permissions so the enterprise uid:gid own the folder.
After a reboot, the Enterprise Account disappears from the Users list, and klist cannot find the keyring. I have retried kinit under a user account and root, but not luck after a restart. I then tried editing /etc/krb5.conf and setting my default_ccache_name to a directory under /var/ instead of the KEYRING:persistant, and klist seems to persist after restarts, and my Enterprise account shows up after restarts, but I am unable to log in.
I am not sure how to proceed, if I need to edit krb5.conf, sssd configs, or freeipa configs, or if I need to do something completely different. Any help or suggestions would be greatly appreciated. If any logs should be posted, let me know.
fedora gnome3 kerberos sssd freeipa
asked Apr 27 at 0:22
zgangwer20
11
Is it solved? Are you able to connect by ssh with the freeipa account?
– Kevin Lemaire
Jul 3 at 14:13
add a comment |Â
up vote
0
down vote
favorite
up vote
0
down vote
favorite
I have set up a FreeIPA server, and I am having trouble getting my workstations to log in with the enterprise account. I have been Googling my issues for the last 3 hours or so, but no luck.
I have have my IPA server running on Fedora 27 Server, with the DNS set up as well. I have 2 Fedora Workstation machines, one a desktop, the other a laptop. I installed freeipa-client, set my DNS to my ipa-server and ipa-client-install --mkhomedir --force-ntpd ran with no errors. I ran kinit admin and klist shows the expected output.
I then went to the the Users GUI in the Gnome Settings, and went through the Enterprise Account set up. When I logged out, I could see the FreeIPA account in GDM, but I get prompted for username after selecting it, and then I cannot log in with the correct password with either username or username@EXAMPLE.COM, and even after creating a homedir manually and setting the permissions so the enterprise uid:gid own the folder.
After a reboot, the Enterprise Account disappears from the Users list, and klist cannot find the keyring. I have retried kinit under a user account and root, but not luck after a restart. I then tried editing /etc/krb5.conf and setting my default_ccache_name to a directory under /var/ instead of the KEYRING:persistant, and klist seems to persist after restarts, and my Enterprise account shows up after restarts, but I am unable to log in.
I am not sure how to proceed, if I need to edit krb5.conf, sssd configs, or freeipa configs, or if I need to do something completely different. Any help or suggestions would be greatly appreciated. If any logs should be posted, let me know.
fedora gnome3 kerberos sssd freeipa
asked Apr 27 at 0:22
zgangwer20
11
I have set up a FreeIPA server, and I am having trouble getting my workstations to log in with the enterprise account. I have been Googling my issues for the last 3 hours or so, but no luck.
I have have my IPA server running on Fedora 27 Server, with the DNS set up as well. I have 2 Fedora Workstation machines, one a desktop, the other a laptop. I installed freeipa-client, set my DNS to my ipa-server and ipa-client-install --mkhomedir --force-ntpd ran with no errors. I ran kinit admin and klist shows the expected output.
I then went to the the Users GUI in the Gnome Settings, and went through the Enterprise Account set up. When I logged out, I could see the FreeIPA account in GDM, but I get prompted for username after selecting it, and then I cannot log in with the correct password with either username or username@EXAMPLE.COM, and even after creating a homedir manually and setting the permissions so the enterprise uid:gid own the folder.
After a reboot, the Enterprise Account disappears from the Users list, and klist cannot find the keyring. I have retried kinit under a user account and root, but not luck after a restart. I then tried editing /etc/krb5.conf and setting my default_ccache_name to a directory under /var/ instead of the KEYRING:persistant, and klist seems to persist after restarts, and my Enterprise account shows up after restarts, but I am unable to log in.
I am not sure how to proceed, if I need to edit krb5.conf, sssd configs, or freeipa configs, or if I need to do something completely different. Any help or suggestions would be greatly appreciated. If any logs should be posted, let me know.
fedora gnome3 kerberos sssd freeipa
asked Apr 27 at 0:22
zgangwer20
11
asked Apr 27 at 0:22
zgangwer20
11
asked Apr 27 at 0:22
zgangwer20
11
asked Apr 27 at 0:22
zgangwer20
11
11
Is it solved? Are you able to connect by ssh with the freeipa account?
– Kevin Lemaire
Jul 3 at 14:13
add a comment |Â
Is it solved? Are you able to connect by ssh with the freeipa account?
– Kevin Lemaire
Jul 3 at 14:13
Is it solved? Are you able to connect by ssh with the freeipa account?
– Kevin Lemaire
Jul 3 at 14:13
Is it solved? Are you able to connect by ssh with the freeipa account?
– Kevin Lemaire
Jul 3 at 14:13
add a comment |Â
active
oldest
votes
active
oldest
votes
active
oldest
votes
active
oldest
votes
active
oldest
votes
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f440309%2ffreeipa-client-on-workstations%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Is it solved? Are you able to connect by ssh with the freeipa account?
– Kevin Lemaire
Jul 3 at 14:13