Learn more about these different git repos.
Other Git URLs
Even when SSSD can be run as sssd user, for cross-forest keytabs the validation code expects that keytab is owned by root.
(Tue Jul 14 07:59:45 2015) [sssd[be[example.com]]] [ipa_server_trust_add_send] (0x1000): Trust direction of subdom adx.test from forest adx.test is: one-way inbound: local domain trusts the remote domain (Tue Jul 14 07:59:45 2015) [sssd[be[example.com]]] [perform_checks] (0x0020): File must be owned by uid [0]. (Tue Jul 14 07:59:45 2015) [sssd[be[example.com]]] [ipa_check_keytab] (0x0040): Failed to check for /var/lib/sss/keytabs/adx.test.keytab (Tue Jul 14 07:59:45 2015) [sssd[be[example.com]]] [ipa_server_trust_add_1way] (0x0040): Failed to check for keytab: 22 (Tue Jul 14 07:59:45 2015) [sssd[be[example.com]]] [create_trusts_at_startup_done] (0x0080): ipa_server_create_trusts_send request failed [22]: Invalid argument
FreeIPA 4.2 assumes that sssd wants to run as 'sssd' user and chowns the keytab to sssd:sssd.
Fields changed
milestone: NEEDS_TRIAGE => SSSD 1.13.1 priority: major => blocker
owner: somebody => jhrozek status: new => assigned
patch: 0 => 1
resolution: => fixed status: assigned => closed
rhbz: => 0
Metadata Update from @abbra: - Issue assigned to jhrozek - Issue set to the milestone: SSSD 1.13.1
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/3759
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Login to comment on this ticket.