[Freeipa-users] uninstalled IPA client and reinstalled and enrolled to new server cant authenticate

[Jakub Hrozek]

On Tue, Apr 01, 2014 at 05:58:00PM +0000, Todd Maugh wrote:
> I am seeing this error in /var/log/secure
> 
> [root at black-64.qa ~]# tail /var/log/secure
> Apr  1 17:54:05 black-64 sshd[3649]: pam_sss(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.194.1.250 user=tmaugh
> Apr  1 17:54:05 black-64 sshd[3649]: pam_sss(sshd:auth): received for user tmaugh: 4 (System error)
> Apr  1 17:54:07 black-64 sshd[3649]: Failed password for tmaugh from 10.194.1.250 port 44697 ssh2
> Apr  1 17:54:12 black-64 sshd[3649]: pam_sss(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.194.1.250 user=tmaugh
> Apr  1 17:54:12 black-64 sshd[3649]: pam_sss(sshd:auth): received for user tmaugh: 4 (System error)

"System Error" means something like "Unhandled exception" from pam_sss.
In general, this shouldn't happen, although System Error is not always
indicative of a bug in SSSD. We use System Error as the default return
code if no other condition matches, so sometimes we just fail to
translate the error code properly -- at one point, we used to return
System Error on clock skew for instance.

Could you attach or paste (to me directly if needed) the domain log file
and also the krb5_child.log ?

> Apr  1 17:54:14 black-64 sshd[3649]: Failed password for tmaugh from 10.194.1.250 port 44697 ssh2
> Apr  1 17:54:15 black-64 sshd[3650]: Connection closed by 10.194.1.250
> Apr  1 17:54:15 black-64 sshd[3649]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.194.1.250  user=tmaugh
> Apr  1 17:56:49 black-64 sshd[3713]: Accepted publickey for root from 10.194.1.250 port 38249 ssh2
> Apr  1 17:56:49 black-64 sshd[3713]: pam_unix(sshd:session): session opened for user root by (uid=0)