[Freeipa-users] Fedora 13 client login problems
Dan Scott
danieljamesscott at gmail.com
Mon Jun 28 16:14:51 UTC 2010
Hello,
I've just installed a new Fedora 13 client and configured it to use
FreeIPA. During ipa-client install, I received the following error:
nss_ldap is not able to use DNS discovery! However, the /etc/ldap.conf
and /etc/krb5.conf appear to be configured correctly.
I am unable to login to the machine. Here is an extract from /var/log/secure:
Jun 28 12:12:01 pc45 sshd[2263]: Invalid user djscott from 192.168.1.35
Jun 28 12:12:01 pc45 sshd[2264]: input_userauth_request: invalid user djscott
Jun 28 12:12:07 pc45 sshd[2263]: pam_unix(sshd:auth): check pass; user unknown
Jun 28 12:12:07 pc45 sshd[2263]: pam_unix(sshd:auth): authentication
failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=pc35.example.com
Jun 28 12:12:07 pc45 sshd[2263]: pam_succeed_if(sshd:auth): error
retrieving information about user djscott
Jun 28 12:12:09 pc45 sshd[2263]: Failed password for invalid user
djscott from 192.168.1.35 port 50502 ssh2
Here is the PAM configuration:
[root at pc45 ~]# cat /etc/pam.d/sshd
#%PAM-1.0
auth required pam_sepermit.so
auth include password-auth
account required pam_nologin.so
account include password-auth
password include password-auth
# pam_selinux.so close should be the first session rule
session required pam_selinux.so close
session required pam_loginuid.so
# pam_selinux.so open should only be followed by sessions to be
executed in the user context
session required pam_selinux.so open env_params
#session optional pam_keyinit.so force revoke
session include password-auth
[root at pc45 ~]# cat /etc/pam.d/password-auth
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required pam_env.so
auth sufficient pam_unix.so nullok try_first_pass
auth requisite pam_succeed_if.so uid >= 500 quiet
auth sufficient pam_krb5.so use_first_pass
auth required pam_deny.so
account required pam_unix.so broken_shadow
account sufficient pam_localuser.so
account sufficient pam_succeed_if.so uid < 500 quiet
account [default=bad success=ok user_unknown=ignore] pam_krb5.so
account required pam_permit.so
password requisite pam_cracklib.so try_first_pass retry=3
password sufficient pam_unix.so sha512 shadow nullok
try_first_pass use_authtok
password sufficient pam_krb5.so use_authtok
password required pam_deny.so
session optional pam_keyinit.so revoke
session required pam_limits.so
session optional pam_mkhomedir.so
session [success=1 default=ignore] pam_succeed_if.so service in
crond quiet use_uid
session required pam_unix.so
session optional pam_krb5.so
[root at pc45 ~]#
Does anyone have any suggestions for why this is not working?
Thanks,
Dan Scott
More information about the Freeipa-users
mailing list