centos 7.3 veya 7.4 tabanlı linux sunucusunu merkezi hesaplama yöneticisine bağlarken(freeipa - ipa ) aşağıdaki durum mevcut ise;
SSSD enabled
SSSD service restart was unsuccessful.
Configured /etc/openldap/ldap.conf
Unable to find 'admin' user with 'getent passwd admin@localdomain.net'!
Unable to reliably detect configuration. Check NSS setup manually.
NTP enabled
Configured /etc/
Hata ile karşılasacaksınız. Bu bir bug scientific linux ve redhat de giderilmiş, fakat bu düzeltme centos'a yansımamış gibi görünüyor.
Aksaklığın çözümü;
chmod 600 /etc/sssd/sssd.conf
systemctl restart sssd
[root@cnode002 ~]# ipa-client-install
Discovery was successful!
Client hostname: cnode002.localdomain.net
Realm: localdomain.net
DNS Domain: localdomain.net
IPA Server: headnode.localdomain.net
BaseDN: dc=hpc,dc=localdomain,dc=lan,dc=tr
Continue to configure the system with these values? [no]: yes
Synchronizing time with KDC...
Attempting to sync time using ntpd. Will timeout after 15 seconds
Attempting to sync time using ntpd. Will timeout after 15 seconds
Unable to sync time with NTP server, assuming the time is in sync. Please check that 123 UDP port is opened.
User authorized to enroll computers: admin
Password for admin@localdomain.net:
Successfully retrieved CA cert
Subject: CN=Certificate Authority,O=localdomain.net
Issuer: CN=Certificate Authority,O=localdomain.net
Valid From: 2017-09-23 14:03:23
Valid Until: 2037-09-23 14:03:23
Enrolled in IPA realm localdomain.net
Created /etc/ipa/default.conf
New SSSD config will be created
Configured sudoers in /etc/nsswitch.conf
Configured /etc/sssd/sssd.conf
Configured /etc/krb5.conf for IPA realm localdomain.net
trying https://headnode.localdomain.net/ipa/json
[try 1]: Forwarding 'schema' to json server 'https://headnode.localdomain.net /ipa/json'
trying https://headnode.localdomain.net/ipa/session/json
[try 1]: Forwarding 'ping' to json server 'https://headnode.localdomain.net/i pa/session/json'
[try 1]: Forwarding 'ca_is_enabled' to json server 'https://headnode.hpc.localdomain .lan.tr/ipa/session/json'
Systemwide CA database updated.
Hostname (cnode002.localdomain.net) does not have A/AAAA record.
Missing reverse record(s) for address(es): 10.111.1.2.
Adding SSH public key from /etc/ssh/ssh_host_rsa_key.pub
Adding SSH public key from /etc/ssh/ssh_host_ecdsa_key.pub
Adding SSH public key from /etc/ssh/ssh_host_ed25519_key.pub
Adding SSH public key from /etc/ssh/ssh_host_dsa_key.pub
[try 1]: Forwarding 'host_mod' to json server 'https://headnode.hpc.localdomain.lan. tr/ipa/session/json'
SSSD enabled
SSSD service restart was unsuccessful.
Configured /etc/openldap/ldap.conf
Unable to find 'admin' user with 'getent passwd admin@localdomain.net'!
Unable to reliably detect configuration. Check NSS setup manually.
NTP enabled
Configured /etc/ssh/ssh_config
Configured /etc/ssh/sshd_config
Configuring localdomain.net as NIS domain.
Client configuration complete.
The ipa-client-install command was successful
[root@cnode002 ~]# ls -la /etc/sssd/
total 16
drwx--x--x+ 3 sssd sssd 35 Sep 24 11:26 .
drwxr-xr-x+ 111 root root 8192 Sep 24 11:26 ..
drwx--x--x+ 2 sssd sssd 6 Sep 7 05:18 conf.d
-rw-r--r-- 1 root root 489 Sep 24 11:26 sssd.conf
[root@cnode002 ~]# chmod 600 /etc/sssd/sssd.conf
[root@cnode002 ~]# systemctl restart sssd
[root@cnode002 ~]# id admin
uid=1234000000(admin) gid=1234000000(admins) groups=1234000000(admins)
[root@cnode002 ~]#
[root@cnode002 ~]# systemctl status sssd
● sssd.service - System Security Services Daemon
Loaded: loaded (/usr/lib/systemd/system/sssd.service; enabled; vendor preset: disabled)
Drop-In: /etc/systemd/system/sssd.service.d
└─journal.conf
Active: active (running) since Sun 2017-09-24 11:27:37 +03; 8min ago
Main PID: 2612 (sssd)
CGroup: /system.slice/sssd.service
├─2612 /usr/sbin/sssd -i -f
├─2614 /usr/libexec/sssd/sssd_be --domain hpc.localdomain.lan --uid 0 --gid 0 --debug-to-files
├─2615 /usr/libexec/sssd/sssd_nss --uid 0 --gid 0 --debug-to-files
├─2616 /usr/libexec/sssd/sssd_sudo --uid 0 --gid 0 --debug-to-files
├─2617 /usr/libexec/sssd/sssd_pam --uid 0 --gid 0 --debug-to-files
├─2618 /usr/libexec/sssd/sssd_ssh --uid 0 --gid 0 --debug-to-files
└─2619 /usr/libexec/sssd/sssd_pac --uid 0 --gid 0 --debug-to-files
Sep 24 11:27:37 cnode002 sssd[nss][2615]: Starting up
Sep 24 11:27:37 cnode002 sssd[pac][2619]: Starting up
Sep 24 11:27:37 cnode002 sssd[pam][2617]: Starting up
Sep 24 11:27:37 cnode002 sssd[sudo][2616]: Starting up
Sep 24 11:27:37 cnode002 sssd[ssh][2618]: Starting up
Sep 24 11:27:37 cnode002 sssd_be[2614]: GSSAPI client step 1
Sep 24 11:27:37 cnode002 sssd_be[2614]: GSSAPI client step 1
Sep 24 11:27:37 cnode002 sssd_be[2614]: GSSAPI client step 1
Sep 24 11:27:37 cnode002 sssd_be[2614]: GSSAPI client step 2
Sep 24 11:27:37 cnode002 systemd[1]: Started System Security Services Daemon.
[root@cnode002 ~]#
[root@cnode002 ~]# id admin
uid=1234000000(admin) gid=1234000000(admins) groups=1234000000(admins)
[root@cnode002 ~]#
SSSD enabled
SSSD service restart was unsuccessful.
Configured /etc/openldap/ldap.conf
Unable to find 'admin' user with 'getent passwd admin@localdomain.net'!
Unable to reliably detect configuration. Check NSS setup manually.
NTP enabled
Configured /etc/
Hata ile karşılasacaksınız. Bu bir bug scientific linux ve redhat de giderilmiş, fakat bu düzeltme centos'a yansımamış gibi görünüyor.
Aksaklığın çözümü;
chmod 600 /etc/sssd/sssd.conf
systemctl restart sssd
[root@cnode002 ~]# ipa-client-install
Discovery was successful!
Client hostname: cnode002.localdomain.net
Realm: localdomain.net
DNS Domain: localdomain.net
IPA Server: headnode.localdomain.net
BaseDN: dc=hpc,dc=localdomain,dc=lan,dc=tr
Continue to configure the system with these values? [no]: yes
Synchronizing time with KDC...
Attempting to sync time using ntpd. Will timeout after 15 seconds
Attempting to sync time using ntpd. Will timeout after 15 seconds
Unable to sync time with NTP server, assuming the time is in sync. Please check that 123 UDP port is opened.
User authorized to enroll computers: admin
Password for admin@localdomain.net:
Successfully retrieved CA cert
Subject: CN=Certificate Authority,O=localdomain.net
Issuer: CN=Certificate Authority,O=localdomain.net
Valid From: 2017-09-23 14:03:23
Valid Until: 2037-09-23 14:03:23
Enrolled in IPA realm localdomain.net
Created /etc/ipa/default.conf
New SSSD config will be created
Configured sudoers in /etc/nsswitch.conf
Configured /etc/sssd/sssd.conf
Configured /etc/krb5.conf for IPA realm localdomain.net
trying https://headnode.localdomain.net/ipa/json
[try 1]: Forwarding 'schema' to json server 'https://headnode.localdomain.net /ipa/json'
trying https://headnode.localdomain.net/ipa/session/json
[try 1]: Forwarding 'ping' to json server 'https://headnode.localdomain.net/i pa/session/json'
[try 1]: Forwarding 'ca_is_enabled' to json server 'https://headnode.hpc.localdomain .lan.tr/ipa/session/json'
Systemwide CA database updated.
Hostname (cnode002.localdomain.net) does not have A/AAAA record.
Missing reverse record(s) for address(es): 10.111.1.2.
Adding SSH public key from /etc/ssh/ssh_host_rsa_key.pub
Adding SSH public key from /etc/ssh/ssh_host_ecdsa_key.pub
Adding SSH public key from /etc/ssh/ssh_host_ed25519_key.pub
Adding SSH public key from /etc/ssh/ssh_host_dsa_key.pub
[try 1]: Forwarding 'host_mod' to json server 'https://headnode.hpc.localdomain.lan. tr/ipa/session/json'
SSSD enabled
SSSD service restart was unsuccessful.
Configured /etc/openldap/ldap.conf
Unable to find 'admin' user with 'getent passwd admin@localdomain.net'!
Unable to reliably detect configuration. Check NSS setup manually.
NTP enabled
Configured /etc/ssh/ssh_config
Configured /etc/ssh/sshd_config
Configuring localdomain.net as NIS domain.
Client configuration complete.
The ipa-client-install command was successful
[root@cnode002 ~]# ls -la /etc/sssd/
total 16
drwx--x--x+ 3 sssd sssd 35 Sep 24 11:26 .
drwxr-xr-x+ 111 root root 8192 Sep 24 11:26 ..
drwx--x--x+ 2 sssd sssd 6 Sep 7 05:18 conf.d
-rw-r--r-- 1 root root 489 Sep 24 11:26 sssd.conf
[root@cnode002 ~]# chmod 600 /etc/sssd/sssd.conf
[root@cnode002 ~]# systemctl restart sssd
[root@cnode002 ~]# id admin
uid=1234000000(admin) gid=1234000000(admins) groups=1234000000(admins)
[root@cnode002 ~]#
[root@cnode002 ~]# systemctl status sssd
● sssd.service - System Security Services Daemon
Loaded: loaded (/usr/lib/systemd/system/sssd.service; enabled; vendor preset: disabled)
Drop-In: /etc/systemd/system/sssd.service.d
└─journal.conf
Active: active (running) since Sun 2017-09-24 11:27:37 +03; 8min ago
Main PID: 2612 (sssd)
CGroup: /system.slice/sssd.service
├─2612 /usr/sbin/sssd -i -f
├─2614 /usr/libexec/sssd/sssd_be --domain hpc.localdomain.lan --uid 0 --gid 0 --debug-to-files
├─2615 /usr/libexec/sssd/sssd_nss --uid 0 --gid 0 --debug-to-files
├─2616 /usr/libexec/sssd/sssd_sudo --uid 0 --gid 0 --debug-to-files
├─2617 /usr/libexec/sssd/sssd_pam --uid 0 --gid 0 --debug-to-files
├─2618 /usr/libexec/sssd/sssd_ssh --uid 0 --gid 0 --debug-to-files
└─2619 /usr/libexec/sssd/sssd_pac --uid 0 --gid 0 --debug-to-files
Sep 24 11:27:37 cnode002 sssd[nss][2615]: Starting up
Sep 24 11:27:37 cnode002 sssd[pac][2619]: Starting up
Sep 24 11:27:37 cnode002 sssd[pam][2617]: Starting up
Sep 24 11:27:37 cnode002 sssd[sudo][2616]: Starting up
Sep 24 11:27:37 cnode002 sssd[ssh][2618]: Starting up
Sep 24 11:27:37 cnode002 sssd_be[2614]: GSSAPI client step 1
Sep 24 11:27:37 cnode002 sssd_be[2614]: GSSAPI client step 1
Sep 24 11:27:37 cnode002 sssd_be[2614]: GSSAPI client step 1
Sep 24 11:27:37 cnode002 sssd_be[2614]: GSSAPI client step 2
Sep 24 11:27:37 cnode002 systemd[1]: Started System Security Services Daemon.
[root@cnode002 ~]#
[root@cnode002 ~]# id admin
uid=1234000000(admin) gid=1234000000(admins) groups=1234000000(admins)
[root@cnode002 ~]#
Yorumlar
Yorum Gönder