I get crazy. I can login to the client with AD passwd but it seems that have no right credentials to access automounted homedir . But I can access homedir on the server as owner of homedir. Both, have the same sssd.conf, krb5.conf
My configuration allows for accessing nfs share on machine level but not on user level on the client at least..
On nfs4+krb client: ====================== Ssh longina@jedi
Could not chdir to home directory /home/longina: Permission denied -bash: /home/longina/.bash_profile: Permission denied
longina@jedi:/$ cd /home/longina -bash: cd: /home/longina: Permission denied longina@jedi:/$ ----------------------------- root@jedi:~# less /proc/mounts proc /proc proc rw,nosuid,nodev,noexec,relatime 0 0 ....... ....... systemd /sys/fs/cgroup/systemd cgroup rw,nosuid,nodev,noexec,relatime,name=systemd 0 0 /etc/auto.home /home autofs rw,relatime,fd=12,pgrp=1934,timeout=300,minproto=5,maxproto=5,indirect 0 0 /etc/auto.msshare /Mshare autofs rw,relatime,fd=18,pgrp=1934,timeout=300,minproto=5,maxproto=5,indirect 0 0 gvfsd-fuse /run/user/111/gvfs fuse.gvfsd-fuse rw,nosuid,nodev,relatime,user_id=111,group_id=117 0 0 jota.nat.c.example.org:/nfs4/jota/longina /home/longina nfs4 rw,relatime,vers=4.0,rsize=1048576,wsize=1048576,namlen=255,hard,proto=tcp,port=0,timeo=600,retrans=2,sec=krb5p,clientaddr=10.80.8.91,local_lock=none,addr=10.144.4.254 0 0 ===============================
On nfs-krb5 server - no problem with accessing homedir for user 'longina': root@jota:~# su - longina longina@jota:/$ cd /nfs4/jota/longina longina@jota:/nfs4/jota/longina$ mkdir created_by_longina_on_jota longina@jota:/nfs4/jota/longina$ ls -l total 12 drwxr-xr-x 2 longina domain users 4096 Mar 12 09:53 created_by_longina_on_jota -rw-r--r-- 1 longina domain users 0 Mar 10 10:21 created_by_long_on_jota drwxr-xr-x 2 longina domain users 4096 Feb 27 13:46 created_on_jota
cat /etc/exports: .... /nfs4/jota 10.80.8.0/24(rw,sync,no_subtree_check,sec=krb5p:krb5i:krb5) ....
Best Longina -----Original Message----- From: sssd-users-bounces@lists.fedorahosted.org [mailto:sssd-users-bounces@lists.fedorahosted.org] On Behalf Of Longina Przybyszewska Sent: 10. marts 2014 12:59 To: 'dpal@redhat.com'; sssd-users@lists.fedorahosted.org Subject: Re: [SSSD-users] sssd-1.11.1 Trusty automount nfs4+krb+sssd
The krb5.conf is configured differently on both machines: on server , is defined one realm, one domain. On client, multidomain, multi realm.
User is from domain/realm known on both machines (NAT.C.EXAMPLE.COM)
Best Longina
-----Original Message----- From: sssd-users-bounces@lists.fedorahosted.org [mailto:sssd-users-bounces@lists.fedorahosted.org] On Behalf Of Dmitri Pal Sent: 7. marts 2014 16:32 To: sssd-users@lists.fedorahosted.org Subject: Re: [SSSD-users] sssd-1.11.1 Trusty automount nfs4+krb+sssd
On 03/07/2014 06:02 AM, Longina Przybyszewska wrote:
Hi again, The pieces of the automount works almost... ;( My transition step towards getting automount on login with 'autofs' as sssd service, looks like that:
-I can authenticate with sssd and AD as id/access/auth_provider
- can login to machine from login GUI directly into local home
directory /Lshare/long
- here from, using cd /home/long activates automount; Directory is mounted, but user has no permissions to access it
- sssd on client is configured without 'autofs' service (as I have no sign of automount nis-schema In AD, even if there is installed SFU) -nsswitch says : automount: files sss
If you are not using SSSD for delivering the maps then you do not need 'sss' here. But this is not the problem you are seeing.
cat /proc/mounts:
/etc/auto.home /home autofs rw,relatime,fd=13,pgrp=15088,timeout=300,minproto=5,maxproto=5,indirec t 0 0 /etc/auto.nfs /nfs autofs rw,relatime,fd=7,pgrp=15088,timeout=300,minproto=5,maxproto=5,indirect 0 0 /etc/auto.msshare /Mshare autofs rw,relatime,fd=19,pgrp=15088,timeout=300,minproto=5,maxproto=5,indirec t 0 0 jota.a.domain.com:/nfs4/jota/long /home/long nfs4 rw,relatime,vers=4.0,rsize=1048576,wsize=1048576,namlen=255,hard,proto =tcp,port=0,timeo=600,retrans=2,sec=krb5p,clientaddr=10.80.8.91,local_ lock=none,addr=10.144.4.254 0 0
df -h shows ikke that mount.
Both , client and server run the same version of sssd-1.11.1, and user 'long' is seen as a member of the same groups on both machines.
Does it have same UID/GID on both machines?
If I run as root on client 'cd /home/long', homdir is mounted:
cat /proc/mounts /etc/auto.home /home autofs rw,relatime,fd=13,pgrp=15088,timeout=300,minproto=5,maxproto=5,indirec t 0 0 /etc/auto.nfs /nfs autofs rw,relatime,fd=7,pgrp=15088,timeout=300,minproto=5,maxproto=5,indirect 0 0 /etc/auto.msshare /Mshare autofs rw,relatime,fd=19,pgrp=15088,timeout=300,minproto=5,maxproto=5,indirec t 0 0 jota.a.domain.com:/nfs4/jota/long /home/long nfs4 rw,relatime,vers=4.0,rsize=1048576,wsize=1048576,namlen=255,hard,proto =tcp,port=0,timeo=600,retrans=2,sec=krb5p,clientaddr=10.80.8.91,local_ lock=none,addr=10.144.4.254 0 0
df -h ... jota.a.domain.com:/nfs4/jota/long 1.8T 2.1G 1.7T 1% /home/long Any ideas ?
Best longina
Med venlig hilsen
Longina Przybyszewska Systemprogrammør, IT-service
Tlf. +45 6550 2359 Mobil +45 6011 2359 Email longina@sdu.dk Web http://www.sdu.dk/ansat/longina Adr. Campusvej 55, 5230 Odense M
SYDDANSK UNIVERSITET _______________________________________________________________ Campusvej 55 * 5230 * Odense M * Tlf. +45 6550 1000 * www.sdu.dk
-----Original Message----- From: sssd-users-bounces@lists.fedorahosted.org [mailto:sssd-users-bounces@lists.fedorahosted.org] On Behalf Of Longina Przybyszewska Sent: 27. februar 2014 16:56 To: 'End-user discussions about the System Security Services Daemon' Subject: Re: [SSSD-users] sssd-1.11.1 Trusty automount nfs4+krb+sssd problem
Hi, Ubuntu Saucy nfs4+krb+sssd server Ubuntu Trusty client,sssd+autofs
I can manually mount directory (nfs4+krb) as root on the client.
Is it possible on client, use SSSD with autofs service, with automounter referring to the flat files , /etc/auto.master ,/etc/auto.home, not to ldap?
How can I check if autofs delivered with distribution supports sssd?
Best longina
-----Original Message----- From: sssd-users-bounces@lists.fedorahosted.org [mailto:sssd-users-bounces@lists.fedorahosted.org] On Behalf Of Ondrej Valousek Sent: 20. februar 2014 13:48 To: End-user discussions about the System Security Services Daemon Subject: Re: [SSSD-users] sssd-1.11.1 Saucy automount(nfs4+krb problem)
Created BZ: https://bugzilla.redhat.com/show_bug.cgi?id=1067423
attached is a patch resolving the issue. Ondrej ________________________________________ From: sssd-users-bounces@lists.fedorahosted.org [sssd-users-bounces@lists.fedorahosted.org] on behalf of Simo Sorce [simo@redhat.com] Sent: Wednesday, February 19, 2014 7:35 PM To: End-user discussions about the System Security Services Daemon Subject: Re: [SSSD-users] sssd-1.11.1 Saucy automount(nfs4+krb problem)
On Wed, 2014-02-19 at 15:04 +0000, Ondrej Valousek wrote:
Hi Simo,
I are you getting on about this with Steve?
This is the current situation: <steved> simo: post a patch with what you want and lets talk about it....
:-)
Would it be better to open a RFE for this? I would like to know where we are standing - whether there is any chance that RHEL6 will be fixed or it would only go to RHEL 7.
An RFE for RHEL7 would be nice.
Simo.
-- Simo Sorce * Red Hat, Inc * New York
sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users _______________________________________________ sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users _______________________________________________ sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users _______________________________________________ sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users
-- Thank you, Dmitri Pal
Sr. Engineering Manager for IdM portfolio Red Hat Inc.
------------------------------- Looking to carve out IT costs? www.redhat.com/carveoutcosts/
_______________________________________________ sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users _______________________________________________ sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users
On Wed, 12 Mar 2014, Longina Przybyszewska wrote:
I get crazy. I can login to the client with AD passwd but it seems that have no right credentials to access automounted homedir . But I can access homedir on the server as owner of homedir. Both, have the same sssd.conf, krb5.conf
My configuration allows for accessing nfs share on machine level but not on user level on the client at least..
On nfs4+krb client:
Ssh longina@jedi
Could not chdir to home directory /home/longina: Permission denied -bash: /home/longina/.bash_profile: Permission denied
longina@jedi:/$ cd /home/longina -bash: cd: /home/longina: Permission denied
How are you remote logging in? Is this with a password, ssh key, or kerberos credential?
I assume a klist run on jedi shows you have no credential?
jh
I login from GUI (lightdm) and ssh with AD passwd - in both cases no permissions. SSh allows me to login to "/". GUI throw my away.
I use AD as provider for everything Ssh jedi.nat.c.example.com Last login: Wed Mar 12 09:43:32 2014 from ariadne.a.example.org Could not chdir to home directory /home/longina: Permission denied -bash: /home/longina/.bash_profile: Permission denied longina@jedi:/$ klist Ticket cache: FILE:/tmp/krb5cc_332405654_RsFXEu Default principal: longina@NAT.C.EXAMPLE.ORG
Valid starting Expires Service principal 03/12/2014 11:27:21 03/12/2014 21:27:21 krbtgt/NAT.C.EXAMPLE.ORG@NAT.C.EXAMPLE.ORG renew until 03/13/2014 11:27:21 03/12/2014 11:27:22 03/12/2014 21:27:21 nfs/jota.nat.example.org@NAT.C.EXAMPLE.ORG renew until 03/13/2014 11:27:21 longina@jedi:/$
Med venlig hilsen
Longina Przybyszewska Systemprogrammør, IT-service
Tlf. +45 6550 2359 Mobil +45 6011 2359 Email longina@sdu.dk Web http://www.sdu.dk/ansat/longina Adr. Campusvej 55, 5230 Odense M
SYDDANSK UNIVERSITET _______________________________________________________________ Campusvej 55 * 5230 * Odense M * Tlf. +45 6550 1000 * www.sdu.dk -----Original Message----- From: sssd-users-bounces@lists.fedorahosted.org [mailto:sssd-users-bounces@lists.fedorahosted.org] On Behalf Of John Hodrien Sent: 12. marts 2014 11:25 To: End-user discussions about the System Security Services Daemon Subject: Re: [SSSD-users] no permission -sssd-1.11.1 Trusty automount nfs4+krb
On Wed, 12 Mar 2014, Longina Przybyszewska wrote:
I get crazy. I can login to the client with AD passwd but it seems that have no right credentials to access automounted homedir . But I can access homedir on the server as owner of homedir. Both, have the same sssd.conf, krb5.conf
My configuration allows for accessing nfs share on machine level but not on user level on the client at least..
On nfs4+krb client:
Ssh longina@jedi
Could not chdir to home directory /home/longina: Permission denied -bash: /home/longina/.bash_profile: Permission denied
longina@jedi:/$ cd /home/longina -bash: cd: /home/longina: Permission denied
How are you remote logging in? Is this with a password, ssh key, or kerberos credential?
I assume a klist run on jedi shows you have no credential?
jh _______________________________________________ sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users
On Wed, 12 Mar 2014, Longina Przybyszewska wrote:
I login from GUI (lightdm) and ssh with AD passwd - in both cases no permissions. SSh allows me to login to "/". GUI throw my away.
I use AD as provider for everything Ssh jedi.nat.c.example.com Last login: Wed Mar 12 09:43:32 2014 from ariadne.a.example.org Could not chdir to home directory /home/longina: Permission denied -bash: /home/longina/.bash_profile: Permission denied longina@jedi:/$ klist Ticket cache: FILE:/tmp/krb5cc_332405654_RsFXEu Default principal: longina@NAT.C.EXAMPLE.ORG
Valid starting Expires Service principal 03/12/2014 11:27:21 03/12/2014 21:27:21 krbtgt/NAT.C.EXAMPLE.ORG@NAT.C.EXAMPLE.ORG renew until 03/13/2014 11:27:21 03/12/2014 11:27:22 03/12/2014 21:27:21 nfs/jota.nat.example.org@NAT.C.EXAMPLE.ORG renew until 03/13/2014 11:27:21 longina@jedi:/$
Your principal is what you expect, you're getting a service principal for what you expect to be connecting to, but you're getting permission denied at the far end.
rpc.idmapd issues on the server?
Have you run that with debugging and seen what it's up to?
jh
Right.
From server: root@jota:/home/alongina# rpc.idmapd -f -vvv rpc.idmapd: libnfsidmap: using domain: nat.c.example.com rpc.idmapd: libnfsidmap: Realms list: 'NAT.C.EXAMPLE.COM' rpc.idmapd: libnfsidmap: processing 'Method' list rpc.idmapd: libnfsidmap: loaded plugin /lib/x86_64-linux-gnu/libnfsidmap/nsswitch.so for method nsswitch
rpc.idmapd: Expiration time is 600 seconds. rpc.idmapd: Opened /proc/net/rpc/nfs4.nametoid/channel rpc.idmapd: Opened /proc/net/rpc/nfs4.idtoname/channel rpc.idmapd: nfsdcb: authbuf=gss/krb5p authtype=user rpc.idmapd: Server : (user) id "0" -> name "root@nat.c.example.com" rpc.idmapd: nfsdcb: authbuf=gss/krb5p authtype=group rpc.idmapd: Server : (group) id "0" -> name "root@nat.c.example.com" rpc.idmapd: nfsdcb: authbuf=gss/krb5p authtype=user rpc.idmapd: Server : (user) id "1000" -> name "alongina@nat.c.example.com" rpc.idmapd: nfsdcb: authbuf=gss/krb5p authtype=group rpc.idmapd: Server : (group) id "1000" -> name "alongina@nat.c.example.com" rpc.idmapd: nfsdcb: authbuf=gss/krb5p authtype=user rpc.idmapd: Server : (user) id "332405654" -> name "longina@nat.c.example.com" rpc.idmapd: nfsdcb: authbuf=gss/krb5p authtype=group rpc.idmapd: Server : (group) id "332400513" -> name "domain users@nat.c.example.com"
Best/Mange hilsner Longina
-----Original Message----- From: sssd-users-bounces@lists.fedorahosted.org [mailto:sssd-users-bounces@lists.fedorahosted.org] On Behalf Of John Hodrien Sent: 12. marts 2014 11:54 To: End-user discussions about the System Security Services Daemon Subject: Re: [SSSD-users] no permission -sssd-1.11.1 Trusty automount nfs4+krb
On Wed, 12 Mar 2014, Longina Przybyszewska wrote:
I login from GUI (lightdm) and ssh with AD passwd - in both cases no permissions. SSh allows me to login to "/". GUI throw my away.
I use AD as provider for everything Ssh jedi.nat.c.example.com Last login: Wed Mar 12 09:43:32 2014 from ariadne.a.example.org Could not chdir to home directory /home/longina: Permission denied -bash: /home/longina/.bash_profile: Permission denied longina@jedi:/$ klist Ticket cache: FILE:/tmp/krb5cc_332405654_RsFXEu Default principal: longina@NAT.C.EXAMPLE.ORG
Valid starting Expires Service principal 03/12/2014 11:27:21 03/12/2014 21:27:21 krbtgt/NAT.C.EXAMPLE.ORG@NAT.C.EXAMPLE.ORG renew until 03/13/2014 11:27:21 03/12/2014 11:27:22 03/12/2014 21:27:21 nfs/jota.nat.example.org@NAT.C.EXAMPLE.ORG renew until 03/13/2014 11:27:21 longina@jedi:/$
Your principal is what you expect, you're getting a service principal for what you expect to be connecting to, but you're getting permission denied at the far end.
rpc.idmapd issues on the server?
Have you run that with debugging and seen what it's up to?
jh _______________________________________________ sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users
Interesting information from debugging 'rpc.gssd' running on client: Do I need special principal for user 'longina' accessing nfs share? ======================================================= jedi rpc.gssd[487]: handling gssd upcall (/run/rpc_pipefs/nfs/clnt8)
jedi rpc.gssd[487]: handle_gssd_upcall: 'mech=krb5 uid=332405654 enctypes=18,17,16,23,3,1,2 ' jedi rpc.gssd[487]: handling krb5 upcall (/run/rpc_pipefs/nfs/clnt8) jedi rpc.gssd[487]: process_krb5_upcall: service is '<null>' jedi rpc.gssd[487]: creating context using fsuid 332405654 (save_uid 0) jedi rpc.gssd[487]: creating tcp client for server jota.nat.c.example.com jedi rpc.gssd[487]: DEBUG: port already set to 2049 jedi rpc.gssd[487]: creating context with server nfs@jota.nat.c.example.com jedi rpc.gssd[487]: WARNING: Failed to create krb5 context for user with uid 332405654 for server jota.nat.c.example.com jedi rpc.gssd[487]: getting credentials for client with uid 332405654 for server jota.nat.c.example.com jedi rpc.gssd[487]: CC '/tmp/krb5cc_332405654_nRduU6' being considered, with preferred realm 'NAT.C.EXAMPLE.COM' jedi rpc.gssd[487]: CC 'FILE:/tmp/krb5cc_332405654_nRduU6'(longina@NAT.C.EXAMPLE.COM) passed all checks and has mtime of 139\ 4639897 jedi rpc.gssd[487]: CC '/tmp/krb5ccmachine_NAT.C.EXAMPLE.COM' being considered, with preferred realm 'NAT.C.EXAMPLE.COM' jedi rpc.gssd[487]: CC '/tmp/krb5ccmachine_NAT.C.EXAMPLE.COM' owned by 0, not 332405654 jedi rpc.gssd[487]: using FILE:/tmp/krb5cc_332405654_nRduU6 as credentials cache for client with uid 332405654 for server jo\ ta.nat.c.example.com jedi rpc.gssd[487]: using environment variable to select krb5 ccache FILE:/tmp/krb5cc_332405654_nRduU6 jedi rpc.gssd[487]: creating context using fsuid 332405654 (save_uid 0) jedi rpc.gssd[487]: creating tcp client for server jota.nat.c.example.com jedi rpc.gssd[487]: DEBUG: port already set to 2049 jedi rpc.gssd[487]: creating context with server nfs@jota.nat.c.example.com jedi rpc.gssd[487]: WARNING: Failed to create krb5 context for user with uid 332405654 for server jota.nat.c.example.com jedi rpc.gssd[487]: getting credentials for client with uid 332405654 for server jota.nat.c.example.com jedi rpc.gssd[487]: WARNING: Failed to create krb5 context for user with uid 332405654 for server jota.nat.c.example.com jedi rpc.gssd[487]: doing error downcallaccessing homedir?
jedi rpc.gssd[487]: handling gssd upcall (/run/rpc_pipefs/nfs/clnt8) jedi rpc.gssd[487]: handle_gssd_upcall: 'mech=krb5 uid=332405654 enctypes=18,17,16,23,3,1,2 ' jedi rpc.gssd[487]: handling krb5 upcall (/run/rpc_pipefs/nfs/clnt8) jedi rpc.gssd[487]: process_krb5_upcall: service is '<null>' jedi rpc.gssd[487]: creating context using fsuid 332405654 (save_uid 0) jedi rpc.gssd[487]: creating tcp client for server jota.nat.c.example.com jedi rpc.gssd[487]: DEBUG: port already set to 2049 jedi rpc.gssd[487]: creating context with server nfs@jota.nat.c.example.com jedi rpc.gssd[487]: WARNING: Failed to create krb5 context for user with uid 332405654 for server jota.nat.c.example.com jedi rpc.gssd[487]: getting credentials for client with uid 332405654 for server jota.nat.c.example.com jedi rpc.gssd[487]: CC '/tmp/krb5cc_332405654_nRduU6' being considered, with preferred realm 'NAT.C.EXAMPLE.COM' jedi rpc.gssd[487]: CC 'FILE:/tmp/krb5cc_332405654_nRduU6'(longina@NAT.C.EXAMPLE.COM) passed all checks and has mtime of 139\ 4639897 jedi rpc.gssd[487]: CC '/tmp/krb5ccmachine_NAT.C.EXAMPLE.COM' being considered, with preferred realm 'NAT.C.EXAMPLE.COM' jedi rpc.gssd[487]: CC '/tmp/krb5ccmachine_NAT.C.EXAMPLE.COM' owned by 0, not 332405654 jedi rpc.gssd[487]: using FILE:/tmp/krb5cc_332405654_nRduU6 as credentials cache for client with uid 332405654 for server jo\ ta.nat.c.example.com jedi rpc.gssd[487]: using environment variable to select krb5 ccache FILE:/tmp/krb5cc_332405654_nRduU6 jedi rpc.gssd[487]: creating context using fsuid 332405654 (save_uid 0) jedi rpc.gssd[487]: creating tcp client for server jota.nat.c.example.com jedi rpc.gssd[487]: DEBUG: port already set to 2049 jedi rpc.gssd[487]: creating context with server nfs@jota.nat.c.example.com jedi rpc.gssd[487]: WARNING: Failed to create krb5 context for user with uid 332405654 for server jota.nat.c.example.com jedi rpc.gssd[487]: getting credentials for client with uid 332405654 for server jota.nat.c.example.com jedi rpc.gssd[487]: WARNING: Failed to create krb5 context for user with uid 332405654 for server jota.nat.c.example.com jedi rpc.gssd[487]: doing error downcall
Mange hilsner Longina
-----Original Message----- From: sssd-users-bounces@lists.fedorahosted.org [mailto:sssd-users-bounces@lists.fedorahosted.org] On Behalf Of John Hodrien Sent: 12. marts 2014 11:54 To: End-user discussions about the System Security Services Daemon Subject: Re: [SSSD-users] no permission -sssd-1.11.1 Trusty automount nfs4+krb
On Wed, 12 Mar 2014, Longina Przybyszewska wrote:
I login from GUI (lightdm) and ssh with AD passwd - in both cases no permissions. SSh allows me to login to "/". GUI throw my away.
I use AD as provider for everything Ssh jedi.nat.c.example.com Last login: Wed Mar 12 09:43:32 2014 from ariadne.a.example.org Could not chdir to home directory /home/longina: Permission denied -bash: /home/longina/.bash_profile: Permission denied longina@jedi:/$ klist Ticket cache: FILE:/tmp/krb5cc_332405654_RsFXEu Default principal: longina@NAT.C.EXAMPLE.ORG
Valid starting Expires Service principal 03/12/2014 11:27:21 03/12/2014 21:27:21 krbtgt/NAT.C.EXAMPLE.ORG@NAT.C.EXAMPLE.ORG renew until 03/13/2014 11:27:21 03/12/2014 11:27:22 03/12/2014 21:27:21 nfs/jota.nat.example.org@NAT.C.EXAMPLE.ORG renew until 03/13/2014 11:27:21 longina@jedi:/$
Your principal is what you expect, you're getting a service principal for what you expect to be connecting to, but you're getting permission denied at the far end.
rpc.idmapd issues on the server?
Have you run that with debugging and seen what it's up to?
jh _______________________________________________ sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users
sssd-users@lists.fedorahosted.org
-
John Hodrien -
Longina Przybyszewska