Bug 813884 - 'Error looking up public keys' message shown while doing ssh to ipa-server from ipa-client system
Summary: 'Error looking up public keys' message shown while doing ssh to ipa-server fr...
Keywords:
Status: CLOSED DUPLICATE of bug 801719
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: sssd
Version: 6.3
Hardware: Unspecified
OS: Linux
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: Stephen Gallagher
QA Contact: IDM QE LIST
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2012-04-18 16:37 UTC by Kaleem
Modified: 2020-05-04 10:32 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2012-06-14 17:13:35 UTC
Target Upstream Version:

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


Links
System ID Private Priority Status Summary Last Updated
Github SSSD sssd issues 2398 0 None None None 2020-05-04 10:32:07 UTC

Description Kaleem 2012-04-18 16:37:00 UTC 
Description of problem:
After joining system successfully as ipa-client, Following message shown when i do ssh to ipa-server after kinit

Error looking up public keys
Last login: Wed Apr 18 21:43:55 2012 from 10.65.201.176
Could not chdir to home directory /home/admin: No such file or directory
-bash-4.1$

Version-Release number of selected component (if applicable):
[root@dhcp201-176 ~]# rpm -q ipa-client
ipa-client-2.2.0-9.el6.x86_64
[root@dhcp201-176 ~]#


How reproducible:
Always

Steps to Reproduce:
1.Install IPA Server
2.Join a system as ipa-client using ipa-client-install

  [root@dhcp201-176 ~]# ipa-client-install --domain=testrelm.com --realm=TESTRELM.COM -p admin -w Secret123 -U --server=ipa63server.testrelm.com
Discovery was successful!
Hostname: dhcp201-176.englab.pnq.redhat.com
Realm: TESTRELM.COM
DNS Domain: testrelm.com
IPA Server: ipa63server.testrelm.com
BaseDN: dc=testrelm,dc=com


Synchronizing time with KDC...

Enrolled in IPA realm TESTRELM.COM
Created /etc/ipa/default.conf
Configured /etc/sssd/sssd.conf
Configured /etc/krb5.conf for IPA realm TESTRELM.COM
Warning: Could not update DNS SSHFP records.
SSSD enabled
NTP enabled
Configured /etc/ssh/ssh_config
Configured /etc/ssh/sshd_config
Client configuration complete.
[root@dhcp201-176 ~]#

3.kinit as admin

   [root@dhcp201-176 ~]# kinit admin
Password for admin: 
[root@dhcp201-176 ~]#

4.ssh to ipa-server system.
  
  [root@dhcp201-176 ~]# ssh admin.com
Error looking up public keys
Last login: Wed Apr 18 21:43:55 2012 from 10.65.201.176
Could not chdir to home directory /home/admin: No such file or directory
-bash-4.1$

Actual results:
    Following message is shown 
    "Error looking up public keys"

Expected results:
    Message "Error looking up public keys" should not appear while doing ssh to ipa-server.
Comment 2 Rob Crittenden 2012-04-18 19:35:52 UTC 
Does the server have an SSHFP key?

Is the server running an IPA-based DNS?

It would be helpful to see the client install log, /var/log/ipaclient-install.log.
Comment 3 Martin Kosek 2012-04-20 11:52:27 UTC 
The issue here is that server SSHFP records are only filled when you install IPA via "ipa-server-install --setup-dns" because they are filled as a part of client installation.

When DNS support is installed separately (ipa-dns-install), SSHFP records for the server are not filled and clients connecting to the master will receive "Error looking up public keys" error. I will open an upstream ticket to fix that.
Comment 4 Martin Kosek 2012-04-20 11:53:30 UTC 
Upstream ticket:
https://fedorahosted.org/freeipa/ticket/2657
Comment 5 Martin Kosek 2012-06-07 11:28:37 UTC 
As discussed with Jan Cholasta, this is a bug on SSSD side, he plans to have it fixed in scope of https://fedorahosted.org/sssd/ticket/1356.

Moving this Bug to sssd component.
Comment 6 Jenny Severance 2012-06-14 17:13:35 UTC 

*** This bug has been marked as a duplicate of bug 801719 ***
Note You need to log in before you can comment on or make changes to this bug.