[Freeipa-users] Problems with FreeIPA-client configuration on OpenSUSE 12.2

Jakub Hrozek jhrozek at redhat.com
Fri Dec 6 08:03:49 UTC 2013 

On Thu, Dec 05, 2013 at 09:49:11AM +0100, Jakub Hrozek wrote:
> On Thu, Dec 05, 2013 at 12:02:12PM +0400, Прохоров Сергей wrote:
> > 
> > Hello community, I have problems with FreeIPA-client configuration
> > on OpenSUSE 12.2, and I think I can't fix it without your help. I
> > have following errors in my /var/log/messages, when I try login in
> > by freeipa account:
> > 
> > ############################################################
> > Dec  2 18:21:24 linux-l3wy sshd[12481]: Invalid user admin from
> > 192.168.0.159
> > Dec  2 18:21:24 linux-l3wy sshd[12481]: input_userauth_request:
> > invalid user admin [preauth]
> > Dec  2 18:21:24 linux-l3wy sssd_be: No worthy mechs found
> > Dec  2 18:21:24 linux-l3wy sshd[12481]: Postponed
> > keyboard-interactive for invalid user admin from 192.168.0.159 port
> > 38175 ssh2 [preauth]
> > Dec  2 18:21:41 linux-l3wy sshd[12484]: pam_sss(sshd:auth):
> > authentication failure; logname= uid=0 euid=0 tty=ssh ruser=
> > rhost=192.168.0.159 user=admin
> > Dec  2 18:21:41 linux-l3wy sshd[12484]: pam_sss(sshd:auth): received
> > for user admin: 10 (User not known to the underlying authentication
> > module)
> > Dec  2 18:21:41 linux-l3wy sshd[12481]: error: PAM: User not known
> > to the underlying authentication module for illegal user admin from
> > 192.168.0.159
> > Dec  2 18:21:41 linux-l3wy sshd[12481]: Failed
> > keyboard-interactive/pam for invalid user admin from 192.168.0.159
> > port 38175 ssh2
> > Dec  2 18:21:41 linux-l3wy sshd[12481]: Postponed
> > keyboard-interactive for invalid user admin from 192.168.0.159 port
> > 38175 ssh2 [preauth]
> > Dec  2 18:21:50 linux-l3wy sshd[12481]: Connection closed by
> > 192.168.0.159 [preauth]
> > ############################################################
> 
> Hi Sergey,
> 
> are you able to run "getent passwd admin" from the command line? SSH is
> complaining that admin is not a known account.
> 
> I suspect that for whatevet reason the sssd is unable to connect to the
> IPA servers. getent passwd admin or id admin don't return anything, you
> should put debug_level=6 into the [domain] section, restart sssd and
> then check out /var/log/sssd/sssd_example.com log.

btw Sergey sent me the SSSD logs directly and it seems he was missing
cyrus-sasl-gssapi, which sounds like SUSE packaging bug.

More information about the Freeipa-users mailing list