[Freeipa-users] Cannot loging via SSH with AD user TO IPA Domain.
Genadi Postrilko
genadipost at gmail.com
Sun Jan 5 20:58:49 UTC 2014
What is content of the log when SSSD is doing auth?
When i log in with IPA domain client, the output of the log is (anything
non standard?):
Jan 5 12:08:37 ipaserver sshd[24434]: pam_unix(sshd:auth): authentication
failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.227.1 user=
ron at EXAMPLE.COM
Jan 5 12:08:37 ipaserver sshd[24434]: pam_sss(sshd:auth): authentication
success; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.227.1 user=
ron at EXAMPLE.COM
Jan 5 12:08:37 ipaserver sshd[24434]: Accepted password for
ron at EXAMPLE.COMfrom 192.168.227.1 port 57144 ssh2
Jan 5 12:08:37 ipaserver sshd[24434]: pam_unix(sshd:session): session
opened for user ron at EXAMPLE.COM by (uid=0)
Here is the /etc/pam.d/system-auth file :
https://gist.github.com/anonymous/8273507
it does contains pam_sss.so module.
When i created the the environment, first i installed the IPA server, then
joined the IPA clients and finally created the trust.
2014/1/5 Dmitri Pal <dpal at redhat.com>
> On 01/04/2014 06:13 PM, Genadi Postrilko wrote:
>
> Output from /var/log/secure:
>
> Jan 4 15:03:02 ipaserver sshd[5958]: Invalid user Administrator at ADDC.COMfrom 192.168.227.1
> Jan 4 15:03:02 ipaserver sshd[5959]: input_userauth_request: invalid user
> Administrator at ADDC.COM
> Jan 4 15:03:06 ipaserver sshd[5958]: pam_unix(sshd:auth): check pass;
> user unknown
> Jan 4 15:03:06 ipaserver sshd[5958]: pam_unix(sshd:auth): authentication
> failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.227.1
> Jan 4 15:03:06 ipaserver sshd[5958]: pam_succeed_if(sshd:auth): error
> retrieving information about user Administrator at ADDC.COM
> Jan 4 15:03:08 ipaserver sshd[5958]: Failed password for invalid user
> Administrator at ADDC.COM from 192.168.227.1 port 53125 ssh2
>
>
> I do not see SSSD doing auth.
> Is pam_sss configured for PAM for SSH?
> See more details here:
>
> https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html-single/Identity_Management_Guide/index.html#installing-host-keys
> http://www.freeipa.org/images/1/10/Freeipa30_SSSD_OpenSSH_integration.pdf
>
> I do not see simple HowTo to configure SSH to use SSSD for cases when
> ipa-client-install is not used. May be we should provide one.
> The expectation is:
> You install IPA, create trust, join client to IPA using ipa-client-install
> and it configures everything you need.
> The order of last two steps can be reversed but the result should be the
> same.
>
>
>
>
> 2014/1/3 Genadi Postrilko <genadipost at gmail.com>
>
>> Here are the other logs as well (ldap_child.log, sssd_pac.log,
>> sssd_ssh.log).
>>
>> https://gist.github.com/anonymous/8242061
>>
>> I attempted to log in (as Administrator at ADDC.COM) at 9:04.
>>
>> Thanks for the help.
>>
>
>
> _______________________________________________
> Freeipa-users mailing listFreeipa-users at redhat.comhttps://www.redhat.com/mailman/listinfo/freeipa-users
>
>
>
> --
> Thank you,
> Dmitri Pal
>
> Sr. Engineering Manager for IdM portfolio
> Red Hat Inc.
>
>
> -------------------------------
> Looking to carve out IT costs?www.redhat.com/carveoutcosts/
>
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140105/ced193b7/attachment.htm>
More information about the Freeipa-users
mailing list