[Freeipa-users] Very Odd Fedora 21 Auth Issue (Server: IPA 4.1.0)
craig.redhat at shakenautomotive.com.au
craig.redhat at shakenautomotive.com.au
Tue Jun 23 07:24:32 UTC 2015
Hi,
This is one odd issue?!
Red Hat Enterprise Linux 7.1
#Server Side
Red Hat Enterprise Linux Server release 7.1 (Maipo)
ipa-server-4.1.0-18.el7_1.3.x86_64
#Client side
Fedora release 21 (Twenty One)
* freeipa-client-4.1.4-1.fc21.x86_64
* sssd-client-1.12.4-3.fc21.x86_64
Issue:
User cannot login to their PC
Error: /var/log/secure
Jun 23 17:08:48 johnpc sshd[3591]: pam_unix(sshd:auth): authentication
failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=localhost user=john
Jun 23 17:08:48 johnpc sshd[3591]: pam_sss(sshd:auth): authentication
failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=localhost user=john
Jun 23 17:08:48 johnpc sshd[3591]: pam_sss(sshd:auth): received for user
john: 7 (Authentication failure)
However:
1. Kerberous works;
kinit john
john at johnpc /etc/pam.d> klist
Ticket cache: KEYRING:persistent:365:365
Default principal: john at EXAMPLE.EXAMPLEAUS.COM.AU
Valid starting Expires Service principal
23/06/15 16:49:30 24/06/15 16:49:28
krbtgt/EXAMPLE.EXAMPLEAUS.COM.AU at EXAMPLE.EXAMPLEAUS.COM.AU
2. LDAP works;
john at johnpc ~> getent passwd john
john:x:365:132::/home/john:/bin/bash
3. ssh to IPA server works with a password (so not relying on the kerberous
ticket);
john at erio ~> ssh john at sysvm-ipa1
john at sysvm-ipa1's password:
Last login: Tue Jun 23 16:50:02 2015 from johnpc.example.exampleaus.com.au
Any advice would be greatly appreciated?
Regards,
Craig
More information about the Freeipa-users
mailing list