[Freeipa-users] Problems with FreeIPA-client configuration on OpenSUSE 12.2

Thu Dec 5 08:02:12 UTC 2013

Hello community, I have problems with FreeIPA-client configuration on 
OpenSUSE 12.2, and I think I can't fix it without your help. I have 
following errors in my /var/log/messages, when I try login in by freeipa 
account:

############################################################
Dec  2 18:21:24 linux-l3wy sshd[12481]: Invalid user admin from 
192.168.0.159
Dec  2 18:21:24 linux-l3wy sshd[12481]: input_userauth_request: invalid 
user admin [preauth]
Dec  2 18:21:24 linux-l3wy sssd_be: No worthy mechs found
Dec  2 18:21:24 linux-l3wy sshd[12481]: Postponed keyboard-interactive 
for invalid user admin from 192.168.0.159 port 38175 ssh2 [preauth]
Dec  2 18:21:41 linux-l3wy sshd[12484]: pam_sss(sshd:auth): 
authentication failure; logname= uid=0 euid=0 tty=ssh ruser= 
rhost=192.168.0.159 user=admin
Dec  2 18:21:41 linux-l3wy sshd[12484]: pam_sss(sshd:auth): received for 
user admin: 10 (User not known to the underlying authentication module)
Dec  2 18:21:41 linux-l3wy sshd[12481]: error: PAM: User not known to 
the underlying authentication module for illegal user admin from 
192.168.0.159
Dec  2 18:21:41 linux-l3wy sshd[12481]: Failed keyboard-interactive/pam 
for invalid user admin from 192.168.0.159 port 38175 ssh2
Dec  2 18:21:41 linux-l3wy sshd[12481]: Postponed keyboard-interactive 
for invalid user admin from 192.168.0.159 port 38175 ssh2 [preauth]
Dec  2 18:21:50 linux-l3wy sshd[12481]: Connection closed by 
192.168.0.159 [preauth]
############################################################

About client configuration:
My installed packages
sssd-ldap-1.11.2-110.6.x86_64
sssd-ipa-1.11.2-110.6.x86_64
sssd-1.11.2-110.6.x86_64
sssd-tools-1.11.2-110.6.x86_64
sssd-krb5-common-1.11.2-110.6.x86_64

*//etc/sss/**/d/sssd.conf:/*
############################################################
[domain/example.com]
cache_credentials = True
krb5_store_password_if_offline = True
ipa_domain = example.com
id_provider = ipa
auth_provider = ipa
access_provider = ipa
ipa_hostname = client1.example.com
chpass_provider = ipa
ipa_server = _srv_, ipa.example.com
ldap_tls_cacert = /etc/ipa/ca.crt

[sssd]
services = nss, pam, ssh
config_file_version = 2
domains = example.com
debug_level=9
############################################################

/etc/krb5.conf:
############################################################
[libdefaults]
   default_realm = EXAMPLE.COM
   #dns_lookup_realm = false
   #dns_lookup_kdc = false
   dns_lookup_realm = true
   dns_lookup_kdc = true
   rdns = false
   ticket_lifetime = 24h
   forwardable = yes
   #allow_weak_crypto = true

[realms]
   example.COM = {
     pkinit_anchors = FILE:/etc/ipa/ca.crt
     #kdc = ipa.example.com:88
     #admin_server = ipa.example.com:749
     #default_domain = example.com
   }

[domain_realm]
   .example.com = example.COM
   example.com = example.COM

[logging]
   default = FILE:/var/log/krb5libs.log
   kdc = FILE:/var/log/krb5kdc.log
   admin_server = FILE:/var/log/kadmind.log
############################################################

P.S. Thank you for your time, and sorry for my English.

-- 
Sergey Prokhorov
System Engineer
e-mail:sprokhorov at intech-global.com  

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20131205/d8c42e29/attachment.htm>