Hi,
No probs in Ubuntu 22.04.1 thats for shore. Ever tired with real thing?
SH
On 25/08/2022 07:41, Ranbir via FreeIPA-users wrote:
Hello All,
Has anyone successfully enrolled an Ubuntu 22 client into an AlmaLinux
9 IdM or Rocky Linux 9 IdM domain in a trust with AD _and_ managed to
have consistently fast and reliable logins into that Ubuntu 22 client
with AD users? I sure haven't.
I have been smashing my head into a wall trying to get stupid Ubuntu 22
to work. After enabling debug_level 9, I managed to figure out that my
test client was missing the krb5-pkinit package so I installed that. I
also noticed errors in sssd_pac.log about the backend being offline. I
eventually figured out that I needed to add "services = pac" to the
client's sssd.conf. Note: I had removed the services line because in
Ubuntu 22, the various services are instead started as needed via their
sockets (e.g. sssd-autofs.socket, sssd-nss.socket, etc.). If you leave
them defined in the services line, you get tons of errors during system
startup.
I've resolved those errors, but I'm still seeing extremely slow logins
when it works. Usually, the login just fails. However, if I login as
root and lookup AD users, they are found and returned to the terminal.
The sssd.conf from the client running sssd 2.6.3 is below. If anyone
has any pointers, please send them over. I wish I didn't have to get
Ubuntu 22 clients working with freeipa, but I do. :(
[
domain/idm.domain.com]
id_provider = ipa
ipa_server = _srv_,
p1idma01.idm.domain.com
ipa_domain =
idm.domain.com
ipa_hostname =
u22test.idm.domain.com
auth_provider = ipa
chpass_provider = ipa
access_provider = ipa
cache_credentials = True
ldap_tls_cacert = /etc/ipa/ca.crt
ldap_deref_threshold = 0
krb5_store_password_if_offline = True
selinux_provider = none
sudo_provider = ipa
autofs_provider = ipa
subdomains_provider = ipa
session_provider = ipa
hostid_provider = ipa
ipa_automount_location = yow
debug_level = 9
[
domain/idm.domain.com/corp.ad.domain.com]
ad_site = ottawa
[sssd]
#services = nss, pam, ssh, sudo, autofs
services = pac
domains =
idm.domain.com
debug_level = 9
[nss]
default_shell = /bin/bash
homedir_substring = /home
debug_level = 9
[pam]
debug_level = 9
[sudo]
[autofs]
[ssh]
[pac]
[ifp]
[session_recording]
--
Me worry? That's why my first CD was Peter Gabriel SO....
Sami Hulkko
sahulkko(a)gmail.com
sahulkko(a)icloud.com
samihulkko(a)quantum-black-hole.com
+358 45 85693 919