[Freeipa-users] Not able to SSH with User Created in IPA Server
Yogesh Sharma
yks0000 at gmail.com
Thu Mar 26 14:17:34 UTC 2015
I have tried with FQDN of host also as registered, but error remain same:
(Thu Mar 26 19:43:01 2015) [[sssd[krb5_child[13730]]]] [unpack_buffer]
(0x0100): cmd [241] uid [1312800004] gid [1312800004] validate [true]
enterprise principal [false] offline [false] UPN [test1 at SD.INT]
(Thu Mar 26 19:43:01 2015) [[sssd[krb5_child[13730]]]] [unpack_buffer]
(0x0100): ccname: [FILE:/tmp/krb5cc_1312800004_XXXXXX] keytab:
[/etc/krb5.keytab]
(Thu Mar 26 19:43:01 2015) [[sssd[krb5_child[13730]]]]
[set_lifetime_options] (0x0100): Cannot read [SSSD_KRB5_RENEWABLE_LIFETIME]
from environment.
(Thu Mar 26 19:43:01 2015) [[sssd[krb5_child[13730]]]]
[set_lifetime_options] (0x0100): Cannot read [SSSD_KRB5_LIFETIME] from
environment.
(Thu Mar 26 19:43:01 2015) [[sssd[krb5_child[13730]]]]
[set_canonicalize_option] (0x0100): SSSD_KRB5_CANONICALIZE is set to [true]
(Thu Mar 26 19:43:01 2015) [[sssd[krb5_child[13730]]]] [k5c_setup_fast]
(0x0100): SSSD_KRB5_FAST_PRINCIPAL is set to [host/
dns-inf-stg-sg1-01.sd.int at SD.INT]
(Thu Mar 26 19:43:02 2015) [[sssd[krb5_child[13730]]]] [get_and_save_tgt]
(0x0020): 981: [-1765328361][Password has expired]
(Thu Mar 26 19:43:06 2015) [[sssd[krb5_child[13730]]]] [map_krb5_error]
(0x0020): 1043: [-1765328360][Preauthentication failed]
(Thu Mar 26 19:43:06 2015) [sssd[be[sd.int]]] [child_sig_handler] (0x0100):
child [13730] finished successfully.
(Thu Mar 26 19:43:06 2015) [sssd[be[sd.int]]] [ipa_get_migration_flag_done]
(0x0100): Password migration is not enabled.
(Thu Mar 26 19:43:06 2015) [sssd[be[sd.int]]] [be_pam_handler_callback]
(0x0100): Backend returned: (0, 17, <NULL>) [Success]
Once I manually initialize the user Ticket on IPA Server using kinit
username, I am able to login with and without FQDN.
[root at ldap-inf-stg-sg1-01 lib]# kinit test1
Password for test1 at SD.INT:
Password expired. You must change it now.
Enter new password:
Enter it again:
Password change rejected: Password is too short
Password not changed.. Please try again.
Enter new password:
Enter it again:
root at yogesh-ubuntu-pc:/home/yogesh# ssh test1 at dns-inf-stg-sg1-01.sd.int
test1 at dns-inf-stg-sg1-01.sd.int's password:
Last login: Thu Mar 26 19:45:36 2015 from 125.63.90.34
-sh-4.1$ logout
Connection to dns-inf-stg-sg1-01.sd.int closed.
root at yogesh-ubuntu-pc:/home/yogesh# ssh test1 at 52.74.84.94
test1 at 52.74.84.94's password:
Last login: Thu Mar 26 19:45:55 2015 from 125.63.90.34
-sh-4.1$
*Best Regards,__________________________________________*
*Yogesh Sharma*
*Email: yks0000 at gmail.com <yks0000 at gmail.com> | Web: www.initd.in
<http://www.initd.in>*
RHCE, VCE-CIA, RackSpace Cloud U
[image: My LinkedIn Profile] <http://in.linkedin.com/in/yks0000>
On Thu, Mar 26, 2015 at 7:42 PM, Yogesh Sharma <yks0000 at gmail.com> wrote:
> Thanks, but when I trying to use admin user (default user created by IPA),
> I am able to login. The issue is happening only with new users we are
> trying to create.
>
>
>
> ===
> TEST user Login Logs:
>
> (Thu Mar 26 19:30:51 2015) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0100):
> Requesting info for [test at sd.int]
> (Thu Mar 26 19:30:51 2015) [sssd[be[sd.int]]] [be_get_account_info]
> (0x0100): Got request for [4097][1][name=test]
> (Thu Mar 26 19:30:51 2015) [sssd[be[sd.int]]]
> [sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not parse
> domain SID from [(null)]
> (Thu Mar 26 19:30:51 2015) [sssd[be[sd.int]]] [sdap_attrs_get_sid_str]
> (0x0080): No [objectSIDString] attribute while id-mapping. [0][Success]
> (Thu Mar 26 19:30:51 2015) [sssd[be[sd.int]]]
> [sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not parse
> domain SID from [(null)]
> (Thu Mar 26 19:30:51 2015) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0100):
> Requesting info for [test at sd.int]
> (Thu Mar 26 19:30:51 2015) [sssd[nss]] [nss_cmd_getbynam] (0x0100):
> Requesting info for [test] from [<ALL>]
> (Thu Mar 26 19:30:51 2015) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0100):
> Requesting info for [test at sd.int]
> (Thu Mar 26 19:30:51 2015) [sssd[nss]] [nss_cmd_getbynam] (0x0100):
> Requesting info for [test] from [<ALL>]
> (Thu Mar 26 19:30:51 2015) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0100):
> Requesting info for [test at sd.int]
> (Thu Mar 26 19:30:51 2015) [sssd[pam]] [pam_cmd_authenticate] (0x0100):
> entering pam_cmd_authenticate
> (Thu Mar 26 19:30:51 2015) [sssd[pam]] [pam_print_data] (0x0100): command:
> PAM_AUTHENTICATE
> (Thu Mar 26 19:30:51 2015) [sssd[pam]] [pam_print_data] (0x0100): domain:
> not set
> (Thu Mar 26 19:30:51 2015) [sssd[pam]] [pam_print_data] (0x0100): user:
> test
> (Thu Mar 26 19:30:51 2015) [sssd[pam]] [pam_print_data] (0x0100): service:
> sshd
> (Thu Mar 26 19:30:51 2015) [sssd[pam]] [pam_print_data] (0x0100): tty: ssh
> (Thu Mar 26 19:30:51 2015) [sssd[pam]] [pam_print_data] (0x0100): ruser:
> not set
> (Thu Mar 26 19:30:51 2015) [sssd[pam]] [pam_print_data] (0x0100): rhost:
> 125.63.90.34
> (Thu Mar 26 19:30:51 2015) [sssd[pam]] [pam_print_data] (0x0100): authtok
> type: 1
> (Thu Mar 26 19:30:51 2015) [sssd[pam]] [pam_print_data] (0x0100):
> newauthtok type: 0
> (Thu Mar 26 19:30:51 2015) [sssd[pam]] [pam_print_data] (0x0100): priv: 1
> (Thu Mar 26 19:30:51 2015) [sssd[pam]] [pam_print_data] (0x0100): cli_pid:
> 13615
> (Thu Mar 26 19:30:51 2015) [sssd[be[sd.int]]] [acctinfo_callback]
> (0x0100): Request processed. Returned 0,0,Success
> (Thu Mar 26 19:30:51 2015) [sssd[be[sd.int]]] [be_get_account_info]
> (0x0100): Got request for [3][1][name=test]
> (Thu Mar 26 19:30:51 2015) [sssd[be[sd.int]]]
> [sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not parse
> domain SID from [(null)]
> (Thu Mar 26 19:30:51 2015) [sssd[be[sd.int]]]
> [sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not parse
> domain SID from [(null)]
> (Thu Mar 26 19:30:51 2015) [sssd[be[sd.int]]] [sdap_attrs_get_sid_str]
> (0x0080): No [objectSIDString] attribute while id-mapping. [0][Success]
> (Thu Mar 26 19:30:51 2015) [sssd[be[sd.int]]]
> [sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not parse
> domain SID from [(null)]
> (Thu Mar 26 19:30:51 2015) [sssd[be[sd.int]]]
> [sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not parse
> domain SID from [(null)]
> (Thu Mar 26 19:30:51 2015) [sssd[be[sd.int]]] [sdap_attrs_get_sid_str]
> (0x0080): No [objectSIDString] attribute while id-mapping. [0][Success]
> (Thu Mar 26 19:30:51 2015) [sssd[be[sd.int]]]
> [sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not parse
> domain SID from [(null)]
> (Thu Mar 26 19:30:51 2015) [sssd[pam]] [pam_check_user_search] (0x0100):
> Requesting info for [test at sd.int]
> (Thu Mar 26 19:30:51 2015) [sssd[pam]] [pam_dp_send_req] (0x0100): Sending
> request with the following data:
> (Thu Mar 26 19:30:51 2015) [sssd[pam]] [pam_print_data] (0x0100): command:
> PAM_AUTHENTICATE
> (Thu Mar 26 19:30:51 2015) [sssd[pam]] [pam_print_data] (0x0100): domain:
> sd.int
> (Thu Mar 26 19:30:51 2015) [sssd[pam]] [pam_print_data] (0x0100): user:
> test
> (Thu Mar 26 19:30:51 2015) [sssd[pam]] [pam_print_data] (0x0100): service:
> sshd
> (Thu Mar 26 19:30:51 2015) [sssd[pam]] [pam_print_data] (0x0100): tty: ssh
> (Thu Mar 26 19:30:51 2015) [sssd[pam]] [pam_print_data] (0x0100): ruser:
> not set
> (Thu Mar 26 19:30:51 2015) [sssd[pam]] [pam_print_data] (0x0100): rhost:
> 125.63.90.34
> (Thu Mar 26 19:30:51 2015) [sssd[pam]] [pam_print_data] (0x0100): authtok
> type: 1
> (Thu Mar 26 19:30:51 2015) [sssd[pam]] [pam_print_data] (0x0100):
> newauthtok type: 0
> (Thu Mar 26 19:30:51 2015) [sssd[pam]] [pam_print_data] (0x0100): priv: 1
> (Thu Mar 26 19:30:51 2015) [sssd[pam]] [pam_print_data] (0x0100): cli_pid:
> 13615
> (Thu Mar 26 19:30:51 2015) [sssd[pam]] [pam_dom_forwarder] (0x0100):
> pam_dp_send_req returned 0
> (Thu Mar 26 19:30:51 2015) [sssd[be[sd.int]]] [acctinfo_callback]
> (0x0100): Request processed. Returned 0,0,Success
> (Thu Mar 26 19:30:51 2015) [sssd[be[sd.int]]] [be_pam_handler] (0x0100):
> Got request with the following data
> (Thu Mar 26 19:30:51 2015) [sssd[be[sd.int]]] [pam_print_data] (0x0100):
> command: PAM_AUTHENTICATE
> (Thu Mar 26 19:30:51 2015) [sssd[be[sd.int]]] [pam_print_data] (0x0100):
> domain: sd.int
> (Thu Mar 26 19:30:51 2015) [sssd[be[sd.int]]] [pam_print_data] (0x0100):
> user: test
> (Thu Mar 26 19:30:51 2015) [sssd[be[sd.int]]] [pam_print_data] (0x0100):
> service: sshd
> (Thu Mar 26 19:30:51 2015) [sssd[be[sd.int]]] [pam_print_data] (0x0100):
> tty: ssh
> (Thu Mar 26 19:30:51 2015) [sssd[be[sd.int]]] [pam_print_data] (0x0100):
> ruser:
> (Thu Mar 26 19:30:51 2015) [sssd[be[sd.int]]] [pam_print_data] (0x0100):
> rhost: 125.63.90.34
> (Thu Mar 26 19:30:51 2015) [sssd[be[sd.int]]] [pam_print_data] (0x0100):
> authtok type: 1
> (Thu Mar 26 19:30:51 2015) [sssd[be[sd.int]]] [pam_print_data] (0x0100):
> newauthtok type: 0
> (Thu Mar 26 19:30:51 2015) [sssd[be[sd.int]]] [pam_print_data] (0x0100):
> priv: 1
> (Thu Mar 26 19:30:51 2015) [sssd[be[sd.int]]] [pam_print_data] (0x0100):
> cli_pid: 13615
> (Thu Mar 26 19:30:51 2015) [sssd[be[sd.int]]] [fo_resolve_service_send]
> (0x0100): Trying to resolve service 'IPA'
> (Thu Mar 26 19:30:51 2015) [[sssd[krb5_child[13625]]]] [unpack_buffer]
> (0x0100): cmd [241] uid [1312800003] gid [1312800003] validate [true]
> enterprise principal [false] offline [false] UPN [test at SD.INT]
> (Thu Mar 26 19:30:51 2015) [[sssd[krb5_child[13625]]]] [unpack_buffer]
> (0x0100): ccname: [FILE:/tmp/krb5cc_1312800003_XXXXXX] keytab:
> [/etc/krb5.keytab]
> (Thu Mar 26 19:30:51 2015) [[sssd[krb5_child[13625]]]]
> [set_lifetime_options] (0x0100): Cannot read [SSSD_KRB5_RENEWABLE_LIFETIME]
> from environment.
> (Thu Mar 26 19:30:51 2015) [[sssd[krb5_child[13625]]]]
> [set_lifetime_options] (0x0100): Cannot read [SSSD_KRB5_LIFETIME] from
> environment.
> (Thu Mar 26 19:30:51 2015) [[sssd[krb5_child[13625]]]]
> [set_canonicalize_option] (0x0100): SSSD_KRB5_CANONICALIZE is set to [true]
> (Thu Mar 26 19:30:51 2015) [[sssd[krb5_child[13625]]]] [k5c_setup_fast]
> (0x0100): SSSD_KRB5_FAST_PRINCIPAL is set to [host/
> dns-inf-stg-sg1-01.sd.int at SD.INT]
> (Thu Mar 26 19:30:52 2015) [sssd] [service_send_ping] (0x0100): Pinging
> sd.int
> (Thu Mar 26 19:30:52 2015) [sssd] [service_send_ping] (0x0100): Pinging nss
> (Thu Mar 26 19:30:52 2015) [sssd] [service_send_ping] (0x0100): Pinging pam
> (Thu Mar 26 19:30:52 2015) [sssd] [service_send_ping] (0x0100): Pinging ssh
> (Thu Mar 26 19:30:52 2015) [sssd] [service_send_ping] (0x0100): Pinging pac
> (Thu Mar 26 19:30:52 2015) [sssd] [ping_check] (0x0100): Service pam
> replied to ping
> (Thu Mar 26 19:30:52 2015) [sssd] [ping_check] (0x0100): Service ssh
> replied to ping
> (Thu Mar 26 19:30:52 2015) [sssd] [ping_check] (0x0100): Service pac
> replied to ping
> (Thu Mar 26 19:30:52 2015) [sssd] [ping_check] (0x0100): Service nss
> replied to ping
> (Thu Mar 26 19:30:52 2015) [sssd] [ping_check] (0x0100): Service sd.int
> replied to ping
> (Thu Mar 26 19:30:52 2015) [[sssd[krb5_child[13625]]]] [get_and_save_tgt]
> (0x0020): 981: [-1765328361][Password has expired]
> (Thu Mar 26 19:30:55 2015) [[sssd[krb5_child[13625]]]] [map_krb5_error]
> (0x0020): 1043: [-1765328360][Preauthentication failed]
> (Thu Mar 26 19:30:55 2015) [sssd[be[sd.int]]] [child_sig_handler]
> (0x0100): child [13625] finished successfully.
> (Thu Mar 26 19:30:55 2015) [sssd[be[sd.int]]]
> [ipa_get_migration_flag_done] (0x0100): Password migration is not enabled.
> (Thu Mar 26 19:30:55 2015) [sssd[be[sd.int]]] [be_pam_handler_callback]
> (0x0100): Backend returned: (0, 17, <NULL>) [Success]
> (Thu Mar 26 19:30:55 2015) [sssd[be[sd.int]]] [be_pam_handler_callback]
> (0x0100): Sending result [17][sd.int]
> (Thu Mar 26 19:30:55 2015) [sssd[be[sd.int]]] [be_pam_handler_callback]
> (0x0100): Sent result [17][sd.int]
> (Thu Mar 26 19:30:55 2015) [sssd[pam]] [pam_dp_process_reply] (0x0100):
> received: [17][sd.int]
> (Thu Mar 26 19:31:02 2015) [sssd] [service_send_ping] (0x0100): Pinging
> sd.int
> (Thu Mar 26 19:31:02 2015) [sssd] [service_send_ping] (0x0100): Pinging nss
> (Thu Mar 26 19:31:02 2015) [sssd] [service_send_ping] (0x0100): Pinging pam
> (Thu Mar 26 19:31:02 2015) [sssd] [service_send_ping] (0x0100): Pinging ssh
> (Thu Mar 26 19:31:02 2015) [sssd] [service_send_ping] (0x0100): Pinging pac
> (Thu Mar 26 19:31:02 2015) [sssd] [ping_check] (0x0100): Service pam
> replied to ping
> (Thu Mar 26 19:31:02 2015) [sssd] [ping_check] (0x0100): Service ssh
> replied to ping
> (Thu Mar 26 19:31:02 2015) [sssd] [ping_check] (0x0100): Service pac
> replied to ping
> (Thu Mar 26 19:31:02 2015) [sssd] [ping_check] (0x0100): Service nss
> replied to ping
> (Thu Mar 26 19:31:02 2015) [sssd] [ping_check] (0x0100): Service sd.int
> replied to ping
>
>
>
>
>
>
>
>
> ADMIN User Logs:
>
>
> (Thu Mar 26 19:33:45 2015) [sssd[pam]] [pam_check_user_search] (0x0100):
> Requesting info for [admin at sd.int]
> (Thu Mar 26 19:33:45 2015) [sssd[pam]] [pam_dp_send_req] (0x0100): Sending
> request with the following data:
> (Thu Mar 26 19:33:45 2015) [sssd[pam]] [pam_print_data] (0x0100): command:
> PAM_OPEN_SESSION
> (Thu Mar 26 19:33:45 2015) [sssd[pam]] [pam_print_data] (0x0100): domain:
> sd.int
> (Thu Mar 26 19:33:45 2015) [sssd[pam]] [pam_print_data] (0x0100): user:
> admin
> (Thu Mar 26 19:33:45 2015) [sssd[pam]] [pam_print_data] (0x0100): service:
> sshd
> (Thu Mar 26 19:33:45 2015) [sssd[pam]] [pam_print_data] (0x0100): tty: ssh
> (Thu Mar 26 19:33:45 2015) [sssd[pam]] [pam_print_data] (0x0100): ruser:
> not set
> (Thu Mar 26 19:33:45 2015) [sssd[pam]] [pam_print_data] (0x0100): rhost:
> 125.63.90.34
> (Thu Mar 26 19:33:45 2015) [sssd[pam]] [pam_print_data] (0x0100): authtok
> type: 0
> (Thu Mar 26 19:33:45 2015) [sssd[pam]] [pam_print_data] (0x0100):
> newauthtok type: 0
> (Thu Mar 26 19:33:45 2015) [sssd[pam]] [pam_print_data] (0x0100): priv: 1
> (Thu Mar 26 19:33:45 2015) [sssd[pam]] [pam_print_data] (0x0100): cli_pid:
> 13644
> (Thu Mar 26 19:33:45 2015) [sssd[pam]] [pam_dom_forwarder] (0x0100):
> pam_dp_send_req returned 0
> (Thu Mar 26 19:33:45 2015) [sssd[be[sd.int]]] [be_pam_handler] (0x0100):
> Got request with the following data
> (Thu Mar 26 19:33:45 2015) [sssd[be[sd.int]]] [pam_print_data] (0x0100):
> command: PAM_OPEN_SESSION
> (Thu Mar 26 19:33:45 2015) [sssd[be[sd.int]]] [pam_print_data] (0x0100):
> domain: sd.int
> (Thu Mar 26 19:33:45 2015) [sssd[be[sd.int]]] [pam_print_data] (0x0100):
> user: admin
> (Thu Mar 26 19:33:45 2015) [sssd[be[sd.int]]] [pam_print_data] (0x0100):
> service: sshd
> (Thu Mar 26 19:33:45 2015) [sssd[be[sd.int]]] [pam_print_data] (0x0100):
> tty: ssh
> (Thu Mar 26 19:33:45 2015) [sssd[be[sd.int]]] [pam_print_data] (0x0100):
> ruser:
> (Thu Mar 26 19:33:45 2015) [sssd[be[sd.int]]] [pam_print_data] (0x0100):
> rhost: 125.63.90.34
> (Thu Mar 26 19:33:45 2015) [sssd[be[sd.int]]] [pam_print_data] (0x0100):
> authtok type: 0
> (Thu Mar 26 19:33:45 2015) [sssd[be[sd.int]]] [pam_print_data] (0x0100):
> newauthtok type: 0
> (Thu Mar 26 19:33:45 2015) [sssd[be[sd.int]]] [pam_print_data] (0x0100):
> priv: 1
> (Thu Mar 26 19:33:45 2015) [sssd[be[sd.int]]] [pam_print_data] (0x0100):
> cli_pid: 13644
> (Thu Mar 26 19:33:45 2015) [sssd[be[sd.int]]] [be_pam_handler] (0x0100):
> Sending result [0][sd.int]
> (Thu Mar 26 19:33:45 2015) [sssd[pam]] [pam_dp_process_reply] (0x0100):
> received: [0][sd.int]
> (Thu Mar 26 19:33:45 2015) [sssd[nss]] [nss_cmd_getbynam] (0x0100):
> Requesting info for [admin] from [<ALL>]
> (Thu Mar 26 19:33:45 2015) [sssd[nss]] [nss_cmd_initgroups_search]
> (0x0100): Requesting info for [admin at sd.int]
> (Thu Mar 26 19:33:45 2015) [sssd[pam]] [pam_cmd_setcred] (0x0100):
> entering pam_cmd_setcred
> (Thu Mar 26 19:33:45 2015) [sssd[pam]] [pam_print_data] (0x0100): command:
> PAM_SETCRED
> (Thu Mar 26 19:33:45 2015) [sssd[pam]] [pam_print_data] (0x0100): domain:
> not set
> (Thu Mar 26 19:33:45 2015) [sssd[pam]] [pam_print_data] (0x0100): user:
> admin
> (Thu Mar 26 19:33:45 2015) [sssd[pam]] [pam_print_data] (0x0100): service:
> sshd
> (Thu Mar 26 19:33:45 2015) [sssd[pam]] [pam_print_data] (0x0100): tty: ssh
> (Thu Mar 26 19:33:45 2015) [sssd[pam]] [pam_print_data] (0x0100): ruser:
> not set
> (Thu Mar 26 19:33:45 2015) [sssd[pam]] [pam_print_data] (0x0100): rhost:
> 125.63.90.34
> (Thu Mar 26 19:33:45 2015) [sssd[pam]] [pam_print_data] (0x0100): authtok
> type: 0
> (Thu Mar 26 19:33:45 2015) [sssd[pam]] [pam_print_data] (0x0100):
> newauthtok type: 0
> (Thu Mar 26 19:33:45 2015) [sssd[pam]] [pam_print_data] (0x0100): priv: 0
> (Thu Mar 26 19:33:45 2015) [sssd[pam]] [pam_print_data] (0x0100): cli_pid:
> 13648
> (Thu Mar 26 19:33:45 2015) [sssd[pam]] [pam_check_user_search] (0x0100):
> Requesting info for [admin at sd.int]
> (Thu Mar 26 19:33:45 2015) [sssd[pam]] [pam_dp_send_req] (0x0100): Sending
> request with the following data:
> (Thu Mar 26 19:33:45 2015) [sssd[pam]] [pam_print_data] (0x0100): command:
> PAM_SETCRED
> (Thu Mar 26 19:33:45 2015) [sssd[pam]] [pam_print_data] (0x0100): domain:
> sd.int
> (Thu Mar 26 19:33:45 2015) [sssd[pam]] [pam_print_data] (0x0100): user:
> admin
> (Thu Mar 26 19:33:45 2015) [sssd[pam]] [pam_print_data] (0x0100): service:
> sshd
> (Thu Mar 26 19:33:45 2015) [sssd[pam]] [pam_print_data] (0x0100): tty: ssh
> (Thu Mar 26 19:33:45 2015) [sssd[pam]] [pam_print_data] (0x0100): ruser:
> not set
> (Thu Mar 26 19:33:45 2015) [sssd[pam]] [pam_print_data] (0x0100): rhost:
> 125.63.90.34
> (Thu Mar 26 19:33:45 2015) [sssd[pam]] [pam_print_data] (0x0100): authtok
> type: 0
> (Thu Mar 26 19:33:45 2015) [sssd[pam]] [pam_print_data] (0x0100):
> newauthtok type: 0
> (Thu Mar 26 19:33:45 2015) [sssd[pam]] [pam_print_data] (0x0100): priv: 0
> (Thu Mar 26 19:33:45 2015) [sssd[pam]] [pam_print_data] (0x0100): cli_pid:
> 13648
> (Thu Mar 26 19:33:45 2015) [sssd[pam]] [pam_dom_forwarder] (0x0100):
> pam_dp_send_req returned 0
> (Thu Mar 26 19:33:45 2015) [sssd[be[sd.int]]] [be_pam_handler] (0x0100):
> Got request with the following data
> (Thu Mar 26 19:33:45 2015) [sssd[be[sd.int]]] [pam_print_data] (0x0100):
> command: PAM_SETCRED
> (Thu Mar 26 19:33:45 2015) [sssd[be[sd.int]]] [pam_print_data] (0x0100):
> domain: sd.int
> (Thu Mar 26 19:33:45 2015) [sssd[be[sd.int]]] [pam_print_data] (0x0100):
> user: admin
> (Thu Mar 26 19:33:45 2015) [sssd[be[sd.int]]] [pam_print_data] (0x0100):
> service: sshd
> (Thu Mar 26 19:33:45 2015) [sssd[be[sd.int]]] [pam_print_data] (0x0100):
> tty: ssh
> (Thu Mar 26 19:33:45 2015) [sssd[be[sd.int]]] [pam_print_data] (0x0100):
> ruser:
> (Thu Mar 26 19:33:45 2015) [sssd[be[sd.int]]] [pam_print_data] (0x0100):
> rhost: 125.63.90.34
> (Thu Mar 26 19:33:45 2015) [sssd[be[sd.int]]] [pam_print_data] (0x0100):
> authtok type: 0
> (Thu Mar 26 19:33:45 2015) [sssd[be[sd.int]]] [pam_print_data] (0x0100):
> newauthtok type: 0
> (Thu Mar 26 19:33:45 2015) [sssd[be[sd.int]]] [pam_print_data] (0x0100):
> priv: 0
> (Thu Mar 26 19:33:45 2015) [sssd[be[sd.int]]] [pam_print_data] (0x0100):
> cli_pid: 13648
> (Thu Mar 26 19:33:45 2015) [sssd[be[sd.int]]] [be_pam_handler] (0x0100):
> Sending result [0][sd.int]
> (Thu Mar 26 19:33:45 2015) [sssd[pam]] [pam_dp_process_reply] (0x0100):
> received: [0][sd.int]
> (Thu Mar 26 19:33:46 2015) [sssd[nss]] [nss_cmd_getbynam] (0x0100):
> Requesting info for [admin] from [<ALL>]
> (Thu Mar 26 19:33:46 2015) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0100):
> Requesting info for [admin at sd.int]
> (Thu Mar 26 19:33:46 2015) [sssd[nss]] [nss_cmd_getgrgid_search] (0x0100):
> Requesting info for [1312800000 at sd.int]
> (Thu Mar 26 19:33:46 2015) [sssd[nss]] [nss_cmd_getgrgid_search] (0x0080):
> No matching domain found for [1312800000]
>
> ====
>
>
>
>
>
>
> *Best Regards,__________________________________________*
>
> *Yogesh Sharma*
> *Email: yks0000 at gmail.com <yks0000 at gmail.com> | Web: www.initd.in
> <http://www.initd.in>*
>
> RHCE, VCE-CIA, RackSpace Cloud U
> [image: My LinkedIn Profile] <http://in.linkedin.com/in/yks0000>
>
>
> On Thu, Mar 26, 2015 at 7:10 PM, Simo Sorce <simo at redhat.com> wrote:
>
>> On Thu, 2015-03-26 at 15:42 +0530, Yogesh Sharma wrote:
>> > Hi,
>> >
>> > We are getting error while trying to ssh using users created in IPA
>> > server.
>> >
>> > root at yogesh-ubuntu-pc:~# ssh -vvv cm8158 at 52.74.84.94
>>
>> You should use the machine's fully qualified name if you want to login
>> using GSSAPI/Krb5, an IP address cannot be resolved to a proper key as
>> keys are registerd into the KDC as
>> host/machine.fully.qualified.name at REALM.
>>
>> It's the same thing as with HTTPS, the client need to know the "name" of
>> the server in order to be able to properly communicate with it.
>>
>> Simo.
>>
>> --
>> Simo Sorce * Red Hat, Inc * New York
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150326/3f21edf2/attachment.htm>
More information about the Freeipa-users
mailing list