Bug 813884 - 'Error looking up public keys' message shown while doing ssh to ipa-server from ipa-client system
'Error looking up public keys' message shown while doing ssh to ipa-server fr...
Status: CLOSED DUPLICATE of bug 801719
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: sssd (Show other bugs)
6.3
Unspecified Linux
unspecified Severity unspecified
: rc
: ---
Assigned To: Stephen Gallagher
IDM QE LIST
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2012-04-18 12:37 EDT by Kaleem
Modified: 2012-06-14 13:13 EDT (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2012-06-14 13:13:35 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Kaleem 2012-04-18 12:37:00 EDT
Description of problem:
After joining system successfully as ipa-client, Following message shown when i do ssh to ipa-server after kinit

Error looking up public keys
Last login: Wed Apr 18 21:43:55 2012 from 10.65.201.176
Could not chdir to home directory /home/admin: No such file or directory
-bash-4.1$

Version-Release number of selected component (if applicable):
[root@dhcp201-176 ~]# rpm -q ipa-client
ipa-client-2.2.0-9.el6.x86_64
[root@dhcp201-176 ~]#


How reproducible:
Always

Steps to Reproduce:
1.Install IPA Server
2.Join a system as ipa-client using ipa-client-install

  [root@dhcp201-176 ~]# ipa-client-install --domain=testrelm.com --realm=TESTRELM.COM -p admin -w Secret123 -U --server=ipa63server.testrelm.com
Discovery was successful!
Hostname: dhcp201-176.englab.pnq.redhat.com
Realm: TESTRELM.COM
DNS Domain: testrelm.com
IPA Server: ipa63server.testrelm.com
BaseDN: dc=testrelm,dc=com


Synchronizing time with KDC...

Enrolled in IPA realm TESTRELM.COM
Created /etc/ipa/default.conf
Configured /etc/sssd/sssd.conf
Configured /etc/krb5.conf for IPA realm TESTRELM.COM
Warning: Could not update DNS SSHFP records.
SSSD enabled
NTP enabled
Configured /etc/ssh/ssh_config
Configured /etc/ssh/sshd_config
Client configuration complete.
[root@dhcp201-176 ~]#

3.kinit as admin

   [root@dhcp201-176 ~]# kinit admin
Password for admin@TESTRELM.COM: 
[root@dhcp201-176 ~]#

4.ssh to ipa-server system.
  
  [root@dhcp201-176 ~]# ssh admin@ipa63server.testrelm.com
Error looking up public keys
Last login: Wed Apr 18 21:43:55 2012 from 10.65.201.176
Could not chdir to home directory /home/admin: No such file or directory
-bash-4.1$

Actual results:
    Following message is shown 
    "Error looking up public keys"

Expected results:
    Message "Error looking up public keys" should not appear while doing ssh to ipa-server.
Comment 2 Rob Crittenden 2012-04-18 15:35:52 EDT
Does the server have an SSHFP key?

Is the server running an IPA-based DNS?

It would be helpful to see the client install log, /var/log/ipaclient-install.log.
Comment 3 Martin Kosek 2012-04-20 07:52:27 EDT
The issue here is that server SSHFP records are only filled when you install IPA via "ipa-server-install --setup-dns" because they are filled as a part of client installation.

When DNS support is installed separately (ipa-dns-install), SSHFP records for the server are not filled and clients connecting to the master will receive "Error looking up public keys" error. I will open an upstream ticket to fix that.
Comment 4 Martin Kosek 2012-04-20 07:53:30 EDT
Upstream ticket:
https://fedorahosted.org/freeipa/ticket/2657
Comment 5 Martin Kosek 2012-06-07 07:28:37 EDT
As discussed with Jan Cholasta, this is a bug on SSSD side, he plans to have it fixed in scope of https://fedorahosted.org/sssd/ticket/1356.

Moving this Bug to sssd component.
Comment 6 Jenny Galipeau 2012-06-14 13:13:35 EDT

*** This bug has been marked as a duplicate of bug 801719 ***

Note You need to log in before you can comment on or make changes to this bug.