[Freeipa-users] IPA weirdness with Samba, Dovecot IMAP and SSHD
Qing Chang
qchang at sri.utoronto.ca
Fri Nov 16 15:59:18 UTC 2012
just migrated all my user from OpenLDAP and MIT Kerberos to IPA.
Out of more than 400 users, there are around 10 that have problem
accessing Samba or Dovecot IMAP or ssh.
They never have problem login to ipa/ipa/ui/login.html.
For Dovecot IMAP following error is generated:
=====
Nov 16 10:15:03 dovecot2 auth: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0
tty=dovecot ruser=uesrid rhost=IP user=userid
Nov 16 10:15:03 dovecot2 auth: pam_sss(dovecot:auth): authentication failure; logname= uid=0 euid=0
tty=dovecot ruser=userid rhost=IP user=useris
Nov 16 10:15:03 dovecot2 auth: pam_sss(dovecot:auth): received for user userid: 4 (System error)
=====
For Samba, it appears that a mapping request never gets to Samba server because
nothing is logged for a problematic user ID although I have turned on excessive logging.
What is really frustrating is that there is no pattern to be found, even my fellow
Sysadmin's ID is also in trouble.
Also, in his case, he has no problem with Dovecot. For another user ID Samba works
but not Dovecot. It looks to me there might be some problem with sssd on the
different servers?
BTW, for at least one user, creating a brand new account for samba did not work either,
while the trick worked for another user:-(.
Please shed some light on this. I don't mind opening a case with RedHat support
if necessary.
Red Hat Enterprise Linux Server release 6.3 (Santiago)
ipa-server.x86_64 2.2.0-16.el6 @rhel-x86_64-server-6
sssd.x86_64 1.8.0-32.el6 @rhel-x86_64-server-6
sssd-client.x86_64 1.8.0-32.el6 @rhel-x86_64-server-6
TIA,
Qing
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20121116/270fd7c1/attachment.htm>
More information about the Freeipa-users
mailing list