FreeIPA client on workstations
Clash Royale CLAN TAG#URR8PPP
up vote
0
down vote
favorite
I have set up a FreeIPA server, and I am having trouble getting my workstations to log in with the enterprise account. I have been Googling my issues for the last 3 hours or so, but no luck.
I have have my IPA server running on Fedora 27 Server, with the DNS set up as well. I have 2 Fedora Workstation machines, one a desktop, the other a laptop. I installed freeipa-client
, set my DNS to my ipa-server
and ipa-client-install --mkhomedir --force-ntpd
ran with no errors. I ran kinit admin
and klist
shows the expected output.
I then went to the the Users GUI in the Gnome Settings, and went through the Enterprise Account set up. When I logged out, I could see the FreeIPA account in GDM, but I get prompted for username after selecting it, and then I cannot log in with the correct password with either username
or username@EXAMPLE.COM
, and even after creating a homedir manually and setting the permissions so the enterprise uid:gid own the folder.
After a reboot, the Enterprise Account disappears from the Users list, and klist
cannot find the keyring. I have retried kinit
under a user account and root, but not luck after a restart. I then tried editing /etc/krb5.conf
and setting my default_ccache_name
to a directory under /var/
instead of the KEYRING:persistant
, and klist
seems to persist after restarts, and my Enterprise account shows up after restarts, but I am unable to log in.
I am not sure how to proceed, if I need to edit krb5.conf, sssd configs, or freeipa configs, or if I need to do something completely different. Any help or suggestions would be greatly appreciated. If any logs should be posted, let me know.
fedora gnome3 kerberos sssd freeipa
add a comment |Â
up vote
0
down vote
favorite
I have set up a FreeIPA server, and I am having trouble getting my workstations to log in with the enterprise account. I have been Googling my issues for the last 3 hours or so, but no luck.
I have have my IPA server running on Fedora 27 Server, with the DNS set up as well. I have 2 Fedora Workstation machines, one a desktop, the other a laptop. I installed freeipa-client
, set my DNS to my ipa-server
and ipa-client-install --mkhomedir --force-ntpd
ran with no errors. I ran kinit admin
and klist
shows the expected output.
I then went to the the Users GUI in the Gnome Settings, and went through the Enterprise Account set up. When I logged out, I could see the FreeIPA account in GDM, but I get prompted for username after selecting it, and then I cannot log in with the correct password with either username
or username@EXAMPLE.COM
, and even after creating a homedir manually and setting the permissions so the enterprise uid:gid own the folder.
After a reboot, the Enterprise Account disappears from the Users list, and klist
cannot find the keyring. I have retried kinit
under a user account and root, but not luck after a restart. I then tried editing /etc/krb5.conf
and setting my default_ccache_name
to a directory under /var/
instead of the KEYRING:persistant
, and klist
seems to persist after restarts, and my Enterprise account shows up after restarts, but I am unable to log in.
I am not sure how to proceed, if I need to edit krb5.conf, sssd configs, or freeipa configs, or if I need to do something completely different. Any help or suggestions would be greatly appreciated. If any logs should be posted, let me know.
fedora gnome3 kerberos sssd freeipa
Is it solved? Are you able to connect by ssh with the freeipa account?
â Kevin Lemaire
Jul 3 at 14:13
add a comment |Â
up vote
0
down vote
favorite
up vote
0
down vote
favorite
I have set up a FreeIPA server, and I am having trouble getting my workstations to log in with the enterprise account. I have been Googling my issues for the last 3 hours or so, but no luck.
I have have my IPA server running on Fedora 27 Server, with the DNS set up as well. I have 2 Fedora Workstation machines, one a desktop, the other a laptop. I installed freeipa-client
, set my DNS to my ipa-server
and ipa-client-install --mkhomedir --force-ntpd
ran with no errors. I ran kinit admin
and klist
shows the expected output.
I then went to the the Users GUI in the Gnome Settings, and went through the Enterprise Account set up. When I logged out, I could see the FreeIPA account in GDM, but I get prompted for username after selecting it, and then I cannot log in with the correct password with either username
or username@EXAMPLE.COM
, and even after creating a homedir manually and setting the permissions so the enterprise uid:gid own the folder.
After a reboot, the Enterprise Account disappears from the Users list, and klist
cannot find the keyring. I have retried kinit
under a user account and root, but not luck after a restart. I then tried editing /etc/krb5.conf
and setting my default_ccache_name
to a directory under /var/
instead of the KEYRING:persistant
, and klist
seems to persist after restarts, and my Enterprise account shows up after restarts, but I am unable to log in.
I am not sure how to proceed, if I need to edit krb5.conf, sssd configs, or freeipa configs, or if I need to do something completely different. Any help or suggestions would be greatly appreciated. If any logs should be posted, let me know.
fedora gnome3 kerberos sssd freeipa
I have set up a FreeIPA server, and I am having trouble getting my workstations to log in with the enterprise account. I have been Googling my issues for the last 3 hours or so, but no luck.
I have have my IPA server running on Fedora 27 Server, with the DNS set up as well. I have 2 Fedora Workstation machines, one a desktop, the other a laptop. I installed freeipa-client
, set my DNS to my ipa-server
and ipa-client-install --mkhomedir --force-ntpd
ran with no errors. I ran kinit admin
and klist
shows the expected output.
I then went to the the Users GUI in the Gnome Settings, and went through the Enterprise Account set up. When I logged out, I could see the FreeIPA account in GDM, but I get prompted for username after selecting it, and then I cannot log in with the correct password with either username
or username@EXAMPLE.COM
, and even after creating a homedir manually and setting the permissions so the enterprise uid:gid own the folder.
After a reboot, the Enterprise Account disappears from the Users list, and klist
cannot find the keyring. I have retried kinit
under a user account and root, but not luck after a restart. I then tried editing /etc/krb5.conf
and setting my default_ccache_name
to a directory under /var/
instead of the KEYRING:persistant
, and klist
seems to persist after restarts, and my Enterprise account shows up after restarts, but I am unable to log in.
I am not sure how to proceed, if I need to edit krb5.conf, sssd configs, or freeipa configs, or if I need to do something completely different. Any help or suggestions would be greatly appreciated. If any logs should be posted, let me know.
fedora gnome3 kerberos sssd freeipa
asked Apr 27 at 0:22
zgangwer20
11
11
Is it solved? Are you able to connect by ssh with the freeipa account?
â Kevin Lemaire
Jul 3 at 14:13
add a comment |Â
Is it solved? Are you able to connect by ssh with the freeipa account?
â Kevin Lemaire
Jul 3 at 14:13
Is it solved? Are you able to connect by ssh with the freeipa account?
â Kevin Lemaire
Jul 3 at 14:13
Is it solved? Are you able to connect by ssh with the freeipa account?
â Kevin Lemaire
Jul 3 at 14:13
add a comment |Â
active
oldest
votes
active
oldest
votes
active
oldest
votes
active
oldest
votes
active
oldest
votes
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f440309%2ffreeipa-client-on-workstations%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Is it solved? Are you able to connect by ssh with the freeipa account?
â Kevin Lemaire
Jul 3 at 14:13