<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<br>
<div class="moz-forward-container">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<span style="color: rgb(51, 51, 51); font-family: Verdana, Arial,
Tahoma, Calibri, Geneva, sans-serif; font-size: 13px;
font-style: normal; font-variant: normal; font-weight: normal;
letter-spacing: normal; line-height: normal; orphans: auto;
text-align: left; text-indent: 0px; text-transform: none;
white-space: normal; widows: auto; word-spacing: 0px;
-webkit-text-stroke-width: 0px; background-color: rgb(254, 254,
254); display: inline !important; float: none;">Hello community,
I have problems with FreeIPA-client configuration on OpenSUSE
12.2, and I think I can't fix it without your help. I have
following errors in my /var/log/messages, when I try login in by
freeipa account:</span><br>
<small><br>
############################################################<br>
Dec 2 18:21:24 linux-l3wy sshd[12481]: Invalid user admin from
192.168.0.159<br>
Dec 2 18:21:24 linux-l3wy sshd[12481]: input_userauth_request:
invalid user admin [preauth]<br>
Dec 2 18:21:24 linux-l3wy sssd_be: No worthy mechs found<br>
Dec 2 18:21:24 linux-l3wy sshd[12481]: Postponed
keyboard-interactive for invalid user admin from 192.168.0.159
port 38175 ssh2 [preauth]<br>
Dec 2 18:21:41 linux-l3wy sshd[12484]: pam_sss(sshd:auth):
authentication failure; logname= uid=0 euid=0 tty=ssh ruser=
rhost=192.168.0.159 user=admin<br>
Dec 2 18:21:41 linux-l3wy sshd[12484]: pam_sss(sshd:auth):
received for user admin: 10 (User not known to the underlying
authentication module)<br>
Dec 2 18:21:41 linux-l3wy sshd[12481]: error: PAM: User not
known to the underlying authentication module for illegal user
admin from 192.168.0.159<br>
Dec 2 18:21:41 linux-l3wy sshd[12481]: Failed
keyboard-interactive/pam for invalid user admin from
192.168.0.159 port 38175 ssh2<br>
Dec 2 18:21:41 linux-l3wy sshd[12481]: Postponed
keyboard-interactive for invalid user admin from 192.168.0.159
port 38175 ssh2 [preauth]<br>
Dec 2 18:21:50 linux-l3wy sshd[12481]: Connection closed by
192.168.0.159 [preauth]</small>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<br>
<small>############################################################</small><br>
<br>
About client configuration:<br>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<span style="color: rgb(51, 51, 51); font-family: Verdana, Arial,
Tahoma, Calibri, Geneva, sans-serif; font-size: 13px;
font-style: normal; font-variant: normal; font-weight: normal;
letter-spacing: normal; line-height: normal; orphans: auto;
text-align: left; text-indent: 0px; text-transform: none;
white-space: normal; widows: auto; word-spacing: 0px;
-webkit-text-stroke-width: 0px; background-color: rgb(254, 254,
254); display: inline !important; float: none;">My installed
packages</span><br style="color: rgb(51, 51, 51); font-family:
Verdana, Arial, Tahoma, Calibri, Geneva, sans-serif; font-size:
13px; font-style: normal; font-variant: normal; font-weight:
normal; letter-spacing: normal; line-height: normal; orphans:
auto; text-align: left; text-indent: 0px; text-transform: none;
white-space: normal; widows: auto; word-spacing: 0px;
-webkit-text-stroke-width: 0px; background-color: rgb(254, 254,
254);">
<span style="color: rgb(51, 51, 51); font-family: Verdana, Arial,
Tahoma, Calibri, Geneva, sans-serif; font-size: 13px;
font-style: normal; font-variant: normal; font-weight: normal;
letter-spacing: normal; line-height: normal; orphans: auto;
text-align: left; text-indent: 0px; text-transform: none;
white-space: normal; widows: auto; word-spacing: 0px;
-webkit-text-stroke-width: 0px; background-color: rgb(254, 254,
254); display: inline !important; float: none;">sssd-ldap-1.11.2-110.6.x86_64</span><br
style="color: rgb(51, 51, 51); font-family: Verdana, Arial,
Tahoma, Calibri, Geneva, sans-serif; font-size: 13px;
font-style: normal; font-variant: normal; font-weight: normal;
letter-spacing: normal; line-height: normal; orphans: auto;
text-align: left; text-indent: 0px; text-transform: none;
white-space: normal; widows: auto; word-spacing: 0px;
-webkit-text-stroke-width: 0px; background-color: rgb(254, 254,
254);">
<span style="color: rgb(51, 51, 51); font-family: Verdana, Arial,
Tahoma, Calibri, Geneva, sans-serif; font-size: 13px;
font-style: normal; font-variant: normal; font-weight: normal;
letter-spacing: normal; line-height: normal; orphans: auto;
text-align: left; text-indent: 0px; text-transform: none;
white-space: normal; widows: auto; word-spacing: 0px;
-webkit-text-stroke-width: 0px; background-color: rgb(254, 254,
254); display: inline !important; float: none;">sssd-ipa-1.11.2-110.6.x86_64</span><br
style="color: rgb(51, 51, 51); font-family: Verdana, Arial,
Tahoma, Calibri, Geneva, sans-serif; font-size: 13px;
font-style: normal; font-variant: normal; font-weight: normal;
letter-spacing: normal; line-height: normal; orphans: auto;
text-align: left; text-indent: 0px; text-transform: none;
white-space: normal; widows: auto; word-spacing: 0px;
-webkit-text-stroke-width: 0px; background-color: rgb(254, 254,
254);">
<span style="color: rgb(51, 51, 51); font-family: Verdana, Arial,
Tahoma, Calibri, Geneva, sans-serif; font-size: 13px;
font-style: normal; font-variant: normal; font-weight: normal;
letter-spacing: normal; line-height: normal; orphans: auto;
text-align: left; text-indent: 0px; text-transform: none;
white-space: normal; widows: auto; word-spacing: 0px;
-webkit-text-stroke-width: 0px; background-color: rgb(254, 254,
254); display: inline !important; float: none;">sssd-1.11.2-110.6.x86_64</span><br
style="color: rgb(51, 51, 51); font-family: Verdana, Arial,
Tahoma, Calibri, Geneva, sans-serif; font-size: 13px;
font-style: normal; font-variant: normal; font-weight: normal;
letter-spacing: normal; line-height: normal; orphans: auto;
text-align: left; text-indent: 0px; text-transform: none;
white-space: normal; widows: auto; word-spacing: 0px;
-webkit-text-stroke-width: 0px; background-color: rgb(254, 254,
254);">
<span style="color: rgb(51, 51, 51); font-family: Verdana, Arial,
Tahoma, Calibri, Geneva, sans-serif; font-size: 13px;
font-style: normal; font-variant: normal; font-weight: normal;
letter-spacing: normal; line-height: normal; orphans: auto;
text-align: left; text-indent: 0px; text-transform: none;
white-space: normal; widows: auto; word-spacing: 0px;
-webkit-text-stroke-width: 0px; background-color: rgb(254, 254,
254); display: inline !important; float: none;">sssd-tools-1.11.2-110.6.x86_64</span><br
style="color: rgb(51, 51, 51); font-family: Verdana, Arial,
Tahoma, Calibri, Geneva, sans-serif; font-size: 13px;
font-style: normal; font-variant: normal; font-weight: normal;
letter-spacing: normal; line-height: normal; orphans: auto;
text-align: left; text-indent: 0px; text-transform: none;
white-space: normal; widows: auto; word-spacing: 0px;
-webkit-text-stroke-width: 0px; background-color: rgb(254, 254,
254);">
<span style="color: rgb(51, 51, 51); font-family: Verdana, Arial,
Tahoma, Calibri, Geneva, sans-serif; font-size: 13px;
font-style: normal; font-variant: normal; font-weight: normal;
letter-spacing: normal; line-height: normal; orphans: auto;
text-align: left; text-indent: 0px; text-transform: none;
white-space: normal; widows: auto; word-spacing: 0px;
-webkit-text-stroke-width: 0px; background-color: rgb(254, 254,
254); display: inline !important; float: none;">sssd-krb5-common-1.11.2-110.6.x86_64<br>
<br>
</span><br>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<b><i><span style="color: rgb(51, 51, 51); font-family: Verdana,
Arial, Tahoma, Calibri, Geneva, sans-serif; font-size: 13px;
font-style: normal; font-variant: normal; font-weight:
normal; letter-spacing: normal; line-height: normal;
orphans: auto; text-align: left; text-indent: 0px;
text-transform: none; white-space: normal; widows: auto;
word-spacing: 0px; -webkit-text-stroke-width: 0px;
background-color: rgb(254, 254, 254); display: inline
!important; float: none;">/etc/sss</span></i></b><b><i><span
style="color: rgb(51, 51, 51); font-family: Verdana, Arial,
Tahoma, Calibri, Geneva, sans-serif; font-size: 13px;
font-style: normal; font-variant: normal; font-weight:
normal; letter-spacing: normal; line-height: normal;
orphans: auto; text-align: left; text-indent: 0px;
text-transform: none; white-space: normal; widows: auto;
word-spacing: 0px; -webkit-text-stroke-width: 0px;
background-color: rgb(254, 254, 254); display: inline
!important; float: none;">d/sssd.conf:</span></i></b><br>
<small>############################################################</small>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<small><br>
[domain/example.com]<br>
cache_credentials = True<br>
krb5_store_password_if_offline = True<br>
ipa_domain = example.com<br>
id_provider = ipa<br>
auth_provider = ipa<br>
access_provider = ipa<br>
ipa_hostname = client1.example.com<br>
chpass_provider = ipa<br>
ipa_server = _srv_, ipa.example.com<br>
ldap_tls_cacert = /etc/ipa/ca.crt<br>
<br>
[sssd]<br>
services = nss, pam, ssh<br>
config_file_version = 2<br>
domains = example.com</small><br>
<small>debug_level=9</small><small><br>
############################################################</small><br>
<br>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<span style="color: rgb(51, 51, 51); font-family: Verdana, Arial,
Tahoma, Calibri, Geneva, sans-serif; font-size: 13px;
font-style: normal; font-variant: normal; font-weight: normal;
letter-spacing: normal; line-height: normal; orphans: auto;
text-align: left; text-indent: 0px; text-transform: none;
white-space: normal; widows: auto; word-spacing: 0px;
-webkit-text-stroke-width: 0px; background-color: rgb(254, 254,
254); display: inline !important; float: none;">/etc/krb5.conf:<br>
</span><small>############################################################<br>
[libdefaults]<br>
default_realm = EXAMPLE.COM<br>
#dns_lookup_realm = false<br>
#dns_lookup_kdc = false<br>
dns_lookup_realm = true<br>
dns_lookup_kdc = true<br>
rdns = false<br>
ticket_lifetime = 24h<br>
forwardable = yes<br>
#allow_weak_crypto = true<br>
<br>
[realms]<br>
example.COM = {<br>
pkinit_anchors = <a moz-do-not-send="true"
class="moz-txt-link-freetext" href="FILE:/etc/ipa/ca.crt">FILE:/etc/ipa/ca.crt</a><br>
#kdc = ipa.example.com:88<br>
#admin_server = ipa.example.com:749<br>
#default_domain = example.com<br>
}<br>
<br>
[domain_realm]<br>
.example.com = example.COM<br>
example.com = example.COM<br>
<br>
[logging]<br>
default = <a moz-do-not-send="true"
class="moz-txt-link-freetext"
href="FILE:/var/log/krb5libs.log">FILE:/var/log/krb5libs.log</a><br>
kdc = <a moz-do-not-send="true" class="moz-txt-link-freetext"
href="FILE:/var/log/krb5kdc.log">FILE:/var/log/krb5kdc.log</a><br>
admin_server = <a moz-do-not-send="true"
class="moz-txt-link-freetext" href="FILE:/var/log/kadmind.log">FILE:/var/log/kadmind.log</a><br>
</small><small>############################################################</small><br>
<br>
<small>P.S. Thank you for your time, and sorry for my English.</small><br>
<pre class="moz-signature" cols="72">--
Sergey Prokhorov
System Engineer
e-mail: <a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:sprokhorov@intech-global.com">sprokhorov@intech-global.com</a> </pre>
<br>
</div>
<br>
</body>
</html>