[Freeipa-users] Authentication failure when a reset the password
Joe Linoff
jlinoff at tabula.com
Sat Jun 30 01:11:14 UTC 2012
Hi Everybody.
I ran into a strange problem today: I reset a user password in the GUI
to "Test1234" for testing but when I tried to login as that user and
enter the password, I got an authentication error. Does anyone know why
this might be occurring or how I can debug it?
Here are some additional details:
* OS: CentOS 6.2
* FreeIPA: 2.1.3
Here are the steps I went through:
1. I log into the server as "A".
2. I run "kinit admin
3. I add a user "B" with password: "F00bar5pam!"
4. I verify that the user exists https://localhost
5. I reset the password in the web interface to "Test1234" (yeah, I
know, completely lame)
6. The GUI tells me that it reset.
7. I then try "ssh B at some-host" using the "Test1234" and get
permission denied. That is odd, it may indicate an HBAC error.
8. So I try "su - B" with password "Test1234" and get "su:
incorrect password"
9. Now I am stumped so I look /var/log/secure and see these
entries:
Jun 29 17:53:11 cuthbert su: pam_sss(su-l:auth): authentication failure;
logname=A uid=500 euid=0 tty=pts/1 ruser=A rhost= user=B
Jun 29 17:53:11 cuthbert su: pam_sss(su-l:auth): received for B: 4
(System error)
10. I didn't see anything strange in
/var/log/dirsrv/slapd-EXAMPLE-COM/access
11. I didn't see anything strange in
/var/log/dirsrc/slapd-PKI-API/access
12. I didn't see any SELinux errors in /var/log/audit/audit.log
13. I didn't see anything suspicious in /var/log/krb5kdc.log
14. In /var/log/pki-ca/debug there was some stuff about no sessions
have been created but I am not sure whether that has anything to do with
this
What is system error 4 (step #9)? Is that the source of the problem?
Any help would be greatly appreciated.
Thanks,
Joe
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20120629/7b9873f9/attachment.htm>
More information about the Freeipa-users
mailing list