[Freeipa-users] Admin password not accepted during replica install

Janelle janellenicole80 at gmail.com
Sat Aug 1 20:52:27 UTC 2015 

which points to the configuration of sssd.conf and/or nsswitch.conf
It is in there. If you say there are no AllowGroups in sshd, it has to 
be in one of those 2 places.

~J

On 8/1/15 1:26 PM, Matt . wrote:
> kinit admin works perfectly, that is such strange.
>
> 2015-08-01 22:15 GMT+02:00 Janelle <janellenicole80 at gmail.com>:
>> lastly -- on the master - do you get the same error if you "kinit admin"?
>> ~J
>>
>>
>> On 8/1/15 1:05 PM, Matt . wrote:
>>> This actually the most important part, and the GSS Failure concerns me:
>>>
>>> debug1: SSH2_MSG_SERVICE_ACCEPT received
>>> debug2: key: /root/.ssh/id_rsa ((nil)),
>>> debug2: key: /root/.ssh/id_dsa ((nil)),
>>> debug2: key: /root/.ssh/id_ecdsa ((nil)),
>>> debug2: key: /root/.ssh/id_ed25519 ((nil)),
>>> debug1: Authentications that can continue:
>>> publickey,gssapi-keyex,gssapi-with-mic,password
>>> debug3: start over, passed a different list
>>> publickey,gssapi-keyex,gssapi-with-mic,password
>>> debug3: preferred
>>> gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password
>>> debug3: authmethod_lookup gssapi-keyex
>>> debug3: remaining preferred:
>>> gssapi-with-mic,publickey,keyboard-interactive,password
>>> debug3: authmethod_is_enabled gssapi-keyex
>>> debug1: Next authentication method: gssapi-keyex
>>> debug1: No valid Key exchange context
>>> debug2: we did not send a packet, disable method
>>> debug3: authmethod_lookup gssapi-with-mic
>>> debug3: remaining preferred: publickey,keyboard-interactive,password
>>> debug3: authmethod_is_enabled gssapi-with-mic
>>> debug1: Next authentication method: gssapi-with-mic
>>> debug1: Unspecified GSS failure.  Minor code may provide more information
>>> No Kerberos credentials available
>>>
>>> debug1: Unspecified GSS failure.  Minor code may provide more information
>>> No Kerberos credentials available
>>>
>>> debug1: Unspecified GSS failure.  Minor code may provide more information
>>>
>>>
>>> debug1: Unspecified GSS failure.  Minor code may provide more information
>>> No Kerberos credentials available
>>>
>>> debug2: we did not send a packet, disable method
>>> debug3: authmethod_lookup publickey
>>> debug3: remaining preferred: keyboard-interactive,password
>>> debug3: authmethod_is_enabled publickey
>>> debug1: Next authentication method: publickey
>>> debug1: Trying private key: /root/.ssh/id_rsa
>>> debug3: no such identity: /root/.ssh/id_rsa: No such file or directory
>>> debug1: Trying private key: /root/.ssh/id_dsa
>>> debug3: no such identity: /root/.ssh/id_dsa: No such file or directory
>>> debug1: Trying private key: /root/.ssh/id_ecdsa
>>> debug3: no such identity: /root/.ssh/id_ecdsa: No such file or directory
>>> debug1: Trying private key: /root/.ssh/id_ed25519
>>> debug3: no such identity: /root/.ssh/id_ed25519: No such file or directory
>>> debug2: we did not send a packet, disable method
>>> debug3: authmethod_lookup password
>>> debug3: remaining preferred: ,password
>>> debug3: authmethod_is_enabled password
>>> debug1: Next authentication method: password
>>> admin at ipa-01.domain.local's password:
>>> debug3: packet_send2: adding 64 (len 58 padlen 6 extra_pad 64)
>>> debug2: we sent a password packet, wait for reply
>>> debug1: Authentications that can continue:
>>> publickey,gssapi-keyex,gssapi-with-mic,password
>>> Permission denied, please try again.
>>>
>>> 2015-08-01 22:02 GMT+02:00 Janelle <janellenicole80 at gmail.com>:
>>>> What is in the logs on the machine that is failing? Can you login to
>>>> admin
>>>> from anywhere?  Logs are you best friend.
>>>> Also, a simply "ssh -vvv" will help.
>>>>
>>>> ~J
>>>>
>>>>
>>>> On 8/1/15 12:51 PM, Matt . wrote:
>>>>> Hi,
>>>>>
>>>>> This didn't fix it yet.
>>>>>
>>>>> I wonder if there are any checks I can do as in the very past I was
>>>>> able to do a simple replica without any issues.
>>>>>
>>>>> Matt
>>>>>
>>>>> 2015-08-01 21:34 GMT+02:00 Janelle <janellenicole80 at gmail.com>:
>>>>>> Double check you do not have "AllowGroups" set in your
>>>>>> /etc/ssh/sshd_config
>>>>>> file. If you do, add the "admins" group.
>>>>>>
>>>>>> Also, make sure on the master, that the /etc/nsswitch.conf was properly
>>>>>> updated. Several server installs I have done, have left off the "sss"
>>>>>> for
>>>>>> "passwd", "group" and "shadow".
>>>>>>
>>>>>> passwd:     files sss
>>>>>> shadow:     files sss
>>>>>> group:      files sss
>>>>>>
>>>>>> I bet one of those will fix your problem. Restart sssd and/of sshd if
>>>>>> you
>>>>>> have to make changes.
>>>>>>
>>>>>> ~Janelle
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> On 8/1/15 10:13 AM, Matt . wrote:
>>>>>>> Hi Guys,
>>>>>>>
>>>>>>> I'm doing a replica install there my admin password for the SSH check
>>>>>>> to the master is not accepted.
>>>>>>>
>>>>>>> The password is not expired, I can use it on the GUI and even changing
>>>>>>> it in the GUI doesn't fix this.
>>>>>>>
>>>>>>> What can I check ?
>>>>>>>
>>>>>>> Cheers,
>>>>>>>
>>>>>>> Matt
>>>>>>>

More information about the Freeipa-users mailing list