Ranbir via FreeIPA-users wrote:
On Fri, 2022-06-10 at 08:53 -0400, Rob Crittenden via FreeIPA-users
> Are the clients also running Rocky?
The first two clients are running Rocky Linux 8 and Centos 7. The Rocky
system is brand new, while the CentOS 7 server was using NIS before.
I've successfully done NIS to ipa swaps before.
And which one isn't working? And what release? Knowing the version is
often very important for troubleshooting.
> This means that SSSD can't look up users. Follow standard SSSD
> troubleshooting for more information.
How do you do that during the client setup? The problem is reported
during the install.
Do what? Client setup and client install here seem to be equivalent
statements. As I said, in this case the client remains fully configured,
expecting that the failure was transient. So you can debug away with a
fully configured client.
At the end of ipa-client-install a call to getent passwd admin is done
to ensure that SSSD is up and working. If that fails then there is
> The lookup failure isn't treated as fatal in case it is a
> network issue. This also leaves the system more available for
The problem is also that /etc/nsswitch.conf isn't being updated. Does
the client install use /etc/nsswitch.conf after it's supposed to get
updated to use sssd for lookups?
You need to look in /var/log/ipaclient-install.log to see what it's doing.
RHEL 7 uses authconfig, RHEL 8 authselect, to configure the PAM stack.
It's possible that some previous config is conflicting. The log may tell