'TRIED' vs 'TIRED' I do not do this kind of spelling mistakes. That is
the reason nothing works on your system.
SH
On 25/08/2022 09:42, Sami Hulkko via FreeIPA-users wrote:
Hi,
No probs in Ubuntu 22.04.1 thats for shore. Ever tired with real thing?
SH
On 25/08/2022 07:41, Ranbir via FreeIPA-users wrote:
> Hello All,
>
> Has anyone successfully enrolled an Ubuntu 22 client into an AlmaLinux
> 9 IdM or Rocky Linux 9 IdM domain in a trust with AD _and_ managed to
> have consistently fast and reliable logins into that Ubuntu 22 client
> with AD users? I sure haven't.
>
> I have been smashing my head into a wall trying to get stupid Ubuntu 22
> to work. After enabling debug_level 9, I managed to figure out that my
> test client was missing the krb5-pkinit package so I installed that. I
> also noticed errors in sssd_pac.log about the backend being offline. I
> eventually figured out that I needed to add "services = pac" to the
> client's sssd.conf. Note: I had removed the services line because in
> Ubuntu 22, the various services are instead started as needed via their
> sockets (e.g. sssd-autofs.socket, sssd-nss.socket, etc.). If you leave
> them defined in the services line, you get tons of errors during system
> startup.
>
> I've resolved those errors, but I'm still seeing extremely slow logins
> when it works. Usually, the login just fails. However, if I login as
> root and lookup AD users, they are found and returned to the terminal.
>
> The sssd.conf from the client running sssd 2.6.3 is below. If anyone
> has any pointers, please send them over. I wish I didn't have to get
> Ubuntu 22 clients working with freeipa, but I do. :(
>
>
>
> [
domain/idm.domain.com]
> id_provider = ipa
> ipa_server = _srv_,
p1idma01.idm.domain.com
> ipa_domain =
idm.domain.com
> ipa_hostname =
u22test.idm.domain.com
> auth_provider = ipa
> chpass_provider = ipa
> access_provider = ipa
> cache_credentials = True
> ldap_tls_cacert = /etc/ipa/ca.crt
> ldap_deref_threshold = 0
> krb5_store_password_if_offline = True
> selinux_provider = none
> sudo_provider = ipa
> autofs_provider = ipa
> subdomains_provider = ipa
> session_provider = ipa
> hostid_provider = ipa
> ipa_automount_location = yow
> debug_level = 9
>
> [
domain/idm.domain.com/corp.ad.domain.com]
> ad_site = ottawa
>
> [sssd]
> #services = nss, pam, ssh, sudo, autofs
> services = pac
> domains =
idm.domain.com
> debug_level = 9
>
> [nss]
> default_shell = /bin/bash
> homedir_substring = /home
> debug_level = 9
>
> [pam]
> debug_level = 9
>
> [sudo]
>
> [autofs]
>
> [ssh]
>
> [pac]
>
> [ifp]
>
> [session_recording]
>
>
>
> _______________________________________________
> FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
> To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org
> Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho...
> Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
--
Me worry? That's why my first CD was Peter Gabriel SO....
Sami Hulkko
sahulkko(a)gmail.com
sahulkko(a)icloud.com
samihulkko(a)quantum-black-hole.com
+358 45 85693 919