[Freeipa-users] Cannot loging via SSH with AD user TO IPA Domain.

Thu Jan 2 22:33:16 UTC 2014

Here are the *sssd.log, **sssd_nss.log. *Other logs where empty of did not
contain the output for the relevant log in.

https://gist.github.com/anonymous/8228284

2014/1/2 Dmitri Pal <dpal at redhat.com>

>  On 01/02/2014 04:45 PM, Genadi Postrilko wrote:
>
>  Its a newly installed IPA Server, haven't added any Rules.
>
>  The relevant output from /var/log/secure :
>
> Jan  2 13:36:24 ipaserver sshd[4864]: Invalid user  from 192.168.227.100
> Jan  2 13:36:24 ipaserver sshd[4865]: input_userauth_request: invalid user
> Jan  2 13:36:26 ipaserver sshd[4865]: Connection closed by 192.168.227.100
> Jan  2 13:36:35 ipaserver sshd[4868]: Invalid user Administrator at ADDC.COMfrom 192.168.227.100
> Jan  2 13:36:35 ipaserver sshd[4869]: input_userauth_request: invalid user
> Administrator at ADDC.COM
> Jan  2 13:36:44 ipaserver sshd[4868]: pam_unix(sshd:auth): check pass;
> user unknown
> Jan  2 13:36:44 ipaserver sshd[4868]: pam_unix(sshd:auth): authentication
> failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.227.100
> Jan  2 13:36:44 ipaserver sshd[4868]: pam_succeed_if(sshd:auth): error
> retrieving information about user Administrator at ADDC.COM
> Jan  2 13:36:46 ipaserver sshd[4868]: Failed password for invalid user
> Administrator at ADDC.COM from 192.168.227.100 port 62484 ssh2
>
>
>
>  2014/1/2 Rob Crittenden <rcritten at redhat.com>
>
>> Genadi Postrilko wrote:
>>
>>>  Hi all.
>>>
>>> I have a running IPA Server (3.0.0-37) on RHEL 6.2.
>>> I'm trying  to create Trust between IPA server and AD (In different DNS
>>> domains). I followed the red hat guide
>>>
>>> https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/pdf/Identity_Management_Guide/Red_Hat_Enterprise_Linux-6-Identity_Management_Guide-en-US.pdf
>>> .
>>>
>>> When i completed the needed step to create the trust and retrieved a krb
>>> ticket from the AD server:
>>>
>>> [root at ipaserver ~]# kinit Administrator at ADDC.COM
>>>  <mailto:Administrator at ADDC.COM>
>>> Password for Administrator at ADDC.COM <mailto:Administrator at ADDC.COM>:
>>>
>>> [root at ipaserver ~]# klist
>>> Ticket cache: FILE:/tmp/krb5cc_0
>>>  Default principal: Administrator at ADDC.COM <mailto:
>>> Administrator at ADDC.COM>
>>>
>>>
>>> Valid starting     Expires            Service principal
>>> 01/02/14 12:20:30  01/02/14 22:20:34  krbtgt/ADDC.COM at ADDC.COM
>>>  <mailto:ADDC.COM at ADDC.COM>
>>>
>>>          renew until 01/03/14 12:20:30
>>>
>>> But when i try to connect to the IPA server via SHH (Putty) i get
>>> "Access denied" message:
>>>
>>>  login as: Administrator at ADDC.COM <mailto:Administrator at ADDC.COM>
>>> Administrator at ADDC.COM@192.168.227.128 <http://192.168.227.128>'s
>>> password:
>>>
>>> Access denied
>>>
>>> Any ideas on what i could have done wrong in the process of creating the
>>> trust?
>>>
>>
>> I'd check the sssd logs and /var/log/secure.
>>
>> Do you have any HBAC rules?
>>
>> rob
>>
>
>
>
> _______________________________________________
> Freeipa-users mailing listFreeipa-users at redhat.comhttps://www.redhat.com/mailman/listinfo/freeipa-users
>
>
> Looks an error similar to what I see in the other thread.
> Unfortunately be might need to wait till Monday for Alexander, Sumit and
> Jakub to come back and provide help.
>
> --
> Thank you,
> Dmitri Pal
>
> Sr. Engineering Manager for IdM portfolio
> Red Hat Inc.
>
>
> -------------------------------
> Looking to carve out IT costs?www.redhat.com/carveoutcosts/
>
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140103/7c048ed9/attachment.htm>