Learn more about these different git repos.
Other Git URLs
Even when SSSD can be run as sssd user, for cross-forest keytabs the validation code expects that keytab is owned by root.
(Tue Jul 14 07:59:45 2015) [sssd[be[example.com]]] [ipa_server_trust_add_send] (0x1000): Trust direction of subdom adx.test from forest adx.test is: one-way inbound: local domain trusts the
(Tue Jul 14 07:59:45 2015) [sssd[be[example.com]]] [perform_checks] (0x0020): File must be owned by uid .
(Tue Jul 14 07:59:45 2015) [sssd[be[example.com]]] [ipa_check_keytab] (0x0040): Failed to check for /var/lib/sss/keytabs/adx.test.keytab
(Tue Jul 14 07:59:45 2015) [sssd[be[example.com]]] [ipa_server_trust_add_1way] (0x0040): Failed to check for keytab: 22
(Tue Jul 14 07:59:45 2015) [sssd[be[example.com]]] [create_trusts_at_startup_done] (0x0080): ipa_server_create_trusts_send request failed : Invalid argument
FreeIPA 4.2 assumes that sssd wants to run as 'sssd' user and chowns the keytab to sssd:sssd.
milestone: NEEDS_TRIAGE => SSSD 1.13.1
priority: major => blocker
owner: somebody => jhrozek
status: new => assigned
patch: 0 => 1
resolution: => fixed
status: assigned => closed
rhbz: => 0
Metadata Update from @abbra:
- Issue assigned to jhrozek
- Issue set to the milestone: SSSD 1.13.1
SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here:
If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.
Thank you for understanding. We apologize for all inconvenience.
to comment on this ticket.