how to debug sssd

Eric Doutreleau Eric.Doutreleau at it-sudparis.eu
Wed Nov 25 17:03:48 UTC 2009 

i m trying to setup sssd on a fedora 12 machine

i m carefully following the instructions of this page

https://fedorahosted.org/sssd/wiki/HOWTO_Configure

then i m trying to configure the LOCAL provider.

first of all on this page it wasn't written which pam file i should modify
as i make the test with sshd i have modify the password-auth-ac file as 
it is mentionned.

here it is

#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.

auth        required      pam_env.so
auth        sufficient    pam_unix.so nullok try_first_pass
auth        requisite     pam_succeed_if.so uid >= 500 quiet
auth        sufficient    pam_sss.so use_first_pass
auth        required      pam_deny.so

account     required      pam_unix.so
account     sufficient    pam_localuser.so
account     sufficient    pam_succeed_if.so uid < 500 quiet
account     [default=bad success=ok user_unknown=ignore] pam_sss.so
account     required      pam_permit.so

password    requisite     pam_cracklib.so try_first_pass retry=3
password    sufficient    pam_unix.so sha512 shadow nullok 
try_first_pass use_authtok
password    sufficient    pam_sss.so use_authtok
password    required      pam_deny.so

session    required    pam_mkhomedir.so skel=/etc/skel/ umask=0022
session     optional      pam_keyinit.so revoke
session     required      pam_limits.so
session     [success=1 default=ignore] pam_succeed_if.so service in 
crond quiet use_uid
session     sufficient    pam_sss.so
session     required      pam_unix.so



i create my local user glupglup
but when i try to ssh i got the following message

ssh glupglup at localhost
The authenticity of host 'localhost (::1)' can't be established.
RSA key fingerprint is bc:78:fe:ef:4d:e3:93:10:cc:ff:7e:e6:75:a4:25:53.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'localhost' (RSA) to the list of known hosts.
glupglup at localhost's password:
Connection closed by ::1


i look in the /var/log/secure file
i have
Nov 25 18:00:16 localhost unix_chkpwd[26069]: check pass; user unknown
Nov 25 18:00:16 localhost unix_chkpwd[26069]: password check failed for 
user (glupglup)
Nov 25 18:00:16 localhost sshd[26067]: pam_unix(sshd:auth): 
authentication failure; logname= uid=0 euid=0 tty=ssh ruser= 
rhost=157.159.21.158  user=glupglup
Nov 25 18:00:16 localhost sshd[26067]: pam_sss(sshd:auth): 
authentication success; logname= uid=0 euid=0 tty=ssh ruser= 
rhost=157.159.21.158 user=glupglup
Nov 25 18:00:16 localhost unix_chkpwd[26070]: could not obtain user info 
(glupglup)
Nov 25 18:00:16 localhost sshd[26067]: pam_sss(sshd:account): 
authentication success; logname= uid=0 euid=0 tty=ssh ruser= 
rhost=157.159.21.158 user=glupglup
Nov 25 18:00:16 localhost sshd[26067]: Failed password for glupglup from 
157.159.21.158 port 35169 ssh2
Nov 25 18:00:16 localhost sshd[26068]: fatal: Access denied for user 
glupglup by PAM account configuration

Has someone already succed in configuring sssd?

More information about the fedora-list mailing list