[Freeipa-users] Authentication failure when a reset the password

Joe Linoff jlinoff at tabula.com
Sat Jun 30 01:11:14 UTC 2012


Hi Everybody.

 

I ran into a strange problem today: I reset a user password in the GUI
to "Test1234" for testing but when I tried to login as that user and
enter the password, I got an authentication error. Does anyone know why
this might be occurring or how I can debug it?

 

Here are some additional details: 

*        OS: CentOS 6.2

*        FreeIPA: 2.1.3

 

Here are the steps I went through:

1.      I log into the server as "A".

2.      I run "kinit admin

3.      I add a user "B" with password: "F00bar5pam!"

4.      I  verify that the user exists https://localhost

5.      I reset the password in the web interface to "Test1234" (yeah, I
know, completely lame)

6.      The GUI tells me that it reset.

7.      I then try "ssh B at some-host" using the "Test1234" and get
permission denied. That is odd, it may indicate an HBAC error.

8.      So I try "su - B" with password "Test1234" and get "su:
incorrect password"

9.      Now I am stumped so I look /var/log/secure and see these
entries:
Jun 29 17:53:11 cuthbert su: pam_sss(su-l:auth): authentication failure;
logname=A uid=500 euid=0 tty=pts/1 ruser=A rhost= user=B
Jun 29 17:53:11 cuthbert su: pam_sss(su-l:auth): received for B: 4
(System error)

10.   I didn't see anything strange in
/var/log/dirsrv/slapd-EXAMPLE-COM/access

11.   I didn't see anything strange in
/var/log/dirsrc/slapd-PKI-API/access

12.   I didn't see any SELinux errors in /var/log/audit/audit.log

13.   I didn't see anything suspicious in /var/log/krb5kdc.log

14.   In /var/log/pki-ca/debug there was some stuff about no sessions
have been created but I am not sure whether that has anything to do with
this

 

What is system error 4 (step #9)? Is that the source of the problem?

 

Any help would be greatly appreciated.

 

Thanks,

 

Joe

 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20120629/7b9873f9/attachment.htm>


More information about the Freeipa-users mailing list