[Freeipa-devel] ipa-adduser stopped working after IPA 1.1 upgrade, any idea why?
Rob Crittenden
rcritten at redhat.com
Fri Jul 11 15:53:18 UTC 2008
Thomas Sailer wrote:
> I installed an Fedora 8 IPA server just before IPA 1.0, and upgraded it
> using yum ever since. Now, after the upgrade to IPA 1.1, ipa-adduser
> stopped working.
>
> The ipa-* command line tools basically work:
> # ipa-finduser t.sailer
> Full Name: Thomas Sailer
> Home Directory: /home/t.sailer
> Login Shell: /bin/bash
> Login: t.sailer
>
> However, when I try to add a new user, I get the following:
> # ipa-adduser -f Test -l User testuser
> * not found
>
> I get the same error message when I try to add a new user in the web
> gui.
I think we'll need to see the LDAP access log to see what is going on.
You'll find it in /var/log/dirsrv/slapd-YOURINSTANCE/access. Just a 20
or 30 line snippet should be fine.
> Another problem I have is that after I add a new user, and then try to
> log into a machine, no matter whether using gdm or ssh, I can login, and
> I even get the correct default principal (verified using klist), but the
> user cannot access NFSv4 shares with sec=krb5p. If I then do kdestroy;
> kinit xx at XX.COM, logout, and login again, everything works. Why doesn't
> it work the first time, without the kdestroy; kinit thing?
Not really sure. I'd look in the KDC log (/var/log/krb5kdc) to see if
something is being denied.
Can you do a klist on the user to see if they got a service ticket for nfs?
rob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3245 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20080711/97633dfa/attachment.bin>
More information about the Freeipa-devel
mailing list