[Freeipa-users] Troubleshooting SSO
Gould, Joshua
Joshua.Gould at osumc.edu
Mon Mar 30 14:09:00 UTC 2015
I configured the .k5login per the RH docs.
$ cat .k5login
adm-faru03 at TEST.OSUWMC
TEST.OSUWMC\adm-faru03
$
I upped the debugging to DEBUG3 but I can¹t make sense of the error. Can
you help? I¹m getting better but I can¹t get this one yet.
Mar 30 09:57:20 mid-ipa-vp01 sshd[12793]: Connection from 10.80.5.239 port
50824 on 10.127.26.73 port 22
Mar 30 09:57:20 mid-ipa-vp01 sshd[12793]: debug1: Client protocol version
2.0; client software version PuTTY_Release_0.64
Mar 30 09:57:20 mid-ipa-vp01 sshd[12793]: debug1: no match:
PuTTY_Release_0.64
Mar 30 09:57:20 mid-ipa-vp01 sshd[12793]: debug1: Enabling compatibility
mode for protocol 2.0
Mar 30 09:57:20 mid-ipa-vp01 sshd[12793]: debug1: Local version string
SSH-2.0-OpenSSH_6.6.1
Mar 30 09:57:20 mid-ipa-vp01 sshd[12793]: debug2: fd 3 setting O_NONBLOCK
Mar 30 09:57:20 mid-ipa-vp01 sshd[12793]: debug3: ssh_sandbox_init:
preparing rlimit sandbox
Mar 30 09:57:20 mid-ipa-vp01 sshd[12793]: debug2: Network child is on pid
12794
Mar 30 09:57:20 mid-ipa-vp01 sshd[12793]: debug3: preauth child monitor
started
Mar 30 09:57:20 mid-ipa-vp01 sshd[12793]: debug1: SELinux support enabled
[preauth]
Mar 30 09:57:20 mid-ipa-vp01 sshd[12793]: debug3:
ssh_selinux_change_context: setting context from
'system_u:system_r:sshd_t:s0-s0:c0.c1023' to
'system_u:system_r:sshd_net_t:s0-s0:c0.c1023' [preauth]
Mar 30 09:57:20 mid-ipa-vp01 sshd[12793]: debug3: privsep user:group 74:74
[preauth]
Mar 30 09:57:20 mid-ipa-vp01 sshd[12793]: debug1: permanently_set_uid:
74/74 [preauth]
Mar 30 09:57:20 mid-ipa-vp01 sshd[12793]: debug1: list_hostkey_types:
ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
Mar 30 09:57:20 mid-ipa-vp01 sshd[12793]: debug1: SSH2_MSG_KEXINIT sent
[preauth]
Mar 30 09:57:20 mid-ipa-vp01 sshd[12793]: debug1: SSH2_MSG_KEXINIT
received [preauth]
Mar 30 09:57:20 mid-ipa-vp01 sshd[12793]: debug2: kex_parse_kexinit:
curve25519-sha256 at libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha
2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchan
ge-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 [preauth]
Mar 30 09:57:20 mid-ipa-vp01 sshd[12793]: debug2: kex_parse_kexinit:
ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
Mar 30 09:57:20 mid-ipa-vp01 sshd[12793]: debug2: kex_parse_kexinit:
aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm at openssh.c
om,aes256-gcm at openssh.com,chacha20-poly1305 at openssh.com,aes128-cbc,3des-cbc
,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc at lysato
r.liu.se [preauth]
Mar 30 09:57:20 mid-ipa-vp01 sshd[12793]: debug2: kex_parse_kexinit:
aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm at openssh.c
om,aes256-gcm at openssh.com,chacha20-poly1305 at openssh.com,aes128-cbc,3des-cbc
,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc at lysato
r.liu.se [preauth]
Mar 30 09:57:20 mid-ipa-vp01 sshd[12793]: debug2: kex_parse_kexinit:
hmac-md5-etm at openssh.com,hmac-sha1-etm at openssh.com,umac-64-etm at openssh.com,
umac-128-etm at openssh.com,hmac-sha2-256-etm at openssh.com,hmac-sha2-512-etm at op
enssh.com,hmac-ripemd160-etm at openssh.com,hmac-sha1-96-etm at openssh.com,hmac-
md5-96-etm at openssh.com,hmac-md5,hmac-sha1,umac-64 at openssh.com,umac-128 at open
ssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160 at openssh.c
om,hmac-sha1-96,hmac-md5-96 [preauth]
Mar 30 09:57:20 mid-ipa-vp01 sshd[12793]: debug2: kex_parse_kexinit:
hmac-md5-etm at openssh.com,hmac-sha1-etm at openssh.com,umac-64-etm at openssh.com,
umac-128-etm at openssh.com,hmac-sha2-256-etm at openssh.com,hmac-sha2-512-etm at op
enssh.com,hmac-ripemd160-etm at openssh.com,hmac-sha1-96-etm at openssh.com,hmac-
md5-96-etm at openssh.com,hmac-md5,hmac-sha1,umac-64 at openssh.com,umac-128 at open
ssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160 at openssh.c
om,hmac-sha1-96,hmac-md5-96 [preauth]
Mar 30 09:57:20 mid-ipa-vp01 sshd[12793]: debug2: kex_parse_kexinit:
none,zlib at openssh.com [preauth]
Mar 30 09:57:20 mid-ipa-vp01 sshd[12793]: debug2: kex_parse_kexinit:
none,zlib at openssh.com [preauth]
Mar 30 09:57:20 mid-ipa-vp01 sshd[12793]: debug2: kex_parse_kexinit:
[preauth]
Mar 30 09:57:20 mid-ipa-vp01 sshd[12793]: debug2: kex_parse_kexinit:
[preauth]
Mar 30 09:57:20 mid-ipa-vp01 sshd[12793]: debug2: kex_parse_kexinit:
first_kex_follows 0 [preauth]
Mar 30 09:57:20 mid-ipa-vp01 sshd[12793]: debug2: kex_parse_kexinit:
reserved 0 [preauth]
Mar 30 09:57:20 mid-ipa-vp01 sshd[12793]: debug2: kex_parse_kexinit:
diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,dif
fie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-
sha1 [preauth]
Mar 30 09:57:20 mid-ipa-vp01 sshd[12793]: debug2: kex_parse_kexinit:
ssh-rsa,ssh-dss [preauth]
Mar 30 09:57:20 mid-ipa-vp01 sshd[12793]: debug2: kex_parse_kexinit:
aes256-ctr,aes256-cbc,rijndael-cbc at lysator.liu.se,aes192-ctr,aes192-cbc,aes
128-ctr,aes128-cbc,blowfish-ctr,blowfish-cbc,3des-ctr,3des-cbc,arcfour256,a
rcfour128 [preauth]
Mar 30 09:57:20 mid-ipa-vp01 sshd[12793]: debug2: kex_parse_kexinit:
aes256-ctr,aes256-cbc,rijndael-cbc at lysator.liu.se,aes192-ctr,aes192-cbc,aes
128-ctr,aes128-cbc,blowfish-ctr,blowfish-cbc,3des-ctr,3des-cbc,arcfour256,a
rcfour128 [preauth]
Mar 30 09:57:20 mid-ipa-vp01 sshd[12793]: debug2: kex_parse_kexinit:
hmac-sha2-256,hmac-sha1,hmac-sha1-96,hmac-md5 [preauth]
Mar 30 09:57:20 mid-ipa-vp01 sshd[12793]: debug2: kex_parse_kexinit:
hmac-sha2-256,hmac-sha1,hmac-sha1-96,hmac-md5 [preauth]
Mar 30 09:57:20 mid-ipa-vp01 sshd[12793]: debug2: kex_parse_kexinit:
none,zlib [preauth]
Mar 30 09:57:20 mid-ipa-vp01 sshd[12793]: debug2: kex_parse_kexinit:
none,zlib [preauth]
Mar 30 09:57:20 mid-ipa-vp01 sshd[12793]: debug2: kex_parse_kexinit:
[preauth]
Mar 30 09:57:20 mid-ipa-vp01 sshd[12793]: debug2: kex_parse_kexinit:
[preauth]
Mar 30 09:57:20 mid-ipa-vp01 sshd[12793]: debug2: kex_parse_kexinit:
first_kex_follows 0 [preauth]
Mar 30 09:57:20 mid-ipa-vp01 sshd[12793]: debug2: kex_parse_kexinit:
reserved 0 [preauth]
Mar 30 09:57:20 mid-ipa-vp01 sshd[12793]: debug2: mac_setup: setup
hmac-sha2-256 [preauth]
Mar 30 09:57:20 mid-ipa-vp01 sshd[12793]: debug1: kex: client->server
aes256-ctr hmac-sha2-256 none [preauth]
Mar 30 09:57:20 mid-ipa-vp01 sshd[12793]: debug2: mac_setup: setup
hmac-sha2-256 [preauth]
Mar 30 09:57:20 mid-ipa-vp01 sshd[12793]: debug1: kex: server->client
aes256-ctr hmac-sha2-256 none [preauth]
Mar 30 09:57:20 mid-ipa-vp01 sshd[12793]: debug1: kex:
diffie-hellman-group-exchange-sha256 need=32 dh_need=32 [preauth]
Mar 30 09:57:20 mid-ipa-vp01 sshd[12793]: debug3: mm_request_send
entering: type 120 [preauth]
Mar 30 09:57:20 mid-ipa-vp01 sshd[12793]: debug3:
mm_request_receive_expect entering: type 121 [preauth]
Mar 30 09:57:20 mid-ipa-vp01 sshd[12793]: debug3: mm_request_receive
entering [preauth]
Mar 30 09:57:20 mid-ipa-vp01 sshd[12793]: debug3: mm_request_receive
entering
Mar 30 09:57:20 mid-ipa-vp01 sshd[12793]: debug3: monitor_read: checking
request 120
Mar 30 09:57:20 mid-ipa-vp01 sshd[12793]: debug3: mm_request_send
entering: type 121
Mar 30 09:57:20 mid-ipa-vp01 sshd[12793]: debug1: kex:
diffie-hellman-group-exchange-sha256 need=32 dh_need=32 [preauth]
Mar 30 09:57:20 mid-ipa-vp01 sshd[12793]: debug3: mm_request_send
entering: type 120 [preauth]
Mar 30 09:57:20 mid-ipa-vp01 sshd[12793]: debug3:
mm_request_receive_expect entering: type 121 [preauth]
Mar 30 09:57:20 mid-ipa-vp01 sshd[12793]: debug3: mm_request_receive
entering [preauth]
Mar 30 09:57:20 mid-ipa-vp01 sshd[12793]: debug3: mm_request_receive
entering
Mar 30 09:57:20 mid-ipa-vp01 sshd[12793]: debug3: monitor_read: checking
request 120
Mar 30 09:57:20 mid-ipa-vp01 sshd[12793]: debug3: mm_request_send
entering: type 121
Mar 30 09:57:20 mid-ipa-vp01 sshd[12793]: debug1:
SSH2_MSG_KEX_DH_GEX_REQUEST_OLD received [preauth]
Mar 30 09:57:20 mid-ipa-vp01 sshd[12793]: debug3: mm_request_send
entering: type 0 [preauth]
Mar 30 09:57:20 mid-ipa-vp01 sshd[12793]: debug3: mm_choose_dh: waiting
for MONITOR_ANS_MODULI [preauth]
Mar 30 09:57:20 mid-ipa-vp01 sshd[12793]: debug3:
mm_request_receive_expect entering: type 1 [preauth]
Mar 30 09:57:20 mid-ipa-vp01 sshd[12793]: debug3: mm_request_receive
entering [preauth]
Mar 30 09:57:20 mid-ipa-vp01 sshd[12793]: debug3: mm_request_receive
entering
Mar 30 09:57:20 mid-ipa-vp01 sshd[12793]: debug3: monitor_read: checking
request 0
Mar 30 09:57:20 mid-ipa-vp01 sshd[12793]: debug3: mm_answer_moduli: got
parameters: 1024 4096 8192
Mar 30 09:57:20 mid-ipa-vp01 sshd[12793]: debug3: mm_request_send
entering: type 1
Mar 30 09:57:20 mid-ipa-vp01 sshd[12793]: debug2: monitor_read: 0 used
once, disabling now
Mar 30 09:57:20 mid-ipa-vp01 sshd[12793]: debug3: mm_choose_dh: remaining
0 [preauth]
Mar 30 09:57:20 mid-ipa-vp01 sshd[12793]: debug1:
SSH2_MSG_KEX_DH_GEX_GROUP sent [preauth]
Mar 30 09:57:20 mid-ipa-vp01 sshd[12793]: debug2: bits set: 2077/4096
[preauth]
Mar 30 09:57:20 mid-ipa-vp01 sshd[12793]: debug1: expecting
SSH2_MSG_KEX_DH_GEX_INIT [preauth]
Mar 30 09:57:20 mid-ipa-vp01 sshd[12793]: debug2: bits set: 2021/4096
[preauth]
Mar 30 09:57:20 mid-ipa-vp01 sshd[12793]: debug3: mm_key_sign entering
[preauth]
Mar 30 09:57:20 mid-ipa-vp01 sshd[12793]: debug3: mm_request_send
entering: type 6 [preauth]
Mar 30 09:57:20 mid-ipa-vp01 sshd[12793]: debug3: mm_key_sign: waiting for
MONITOR_ANS_SIGN [preauth]
Mar 30 09:57:20 mid-ipa-vp01 sshd[12793]: debug3:
mm_request_receive_expect entering: type 7 [preauth]
Mar 30 09:57:20 mid-ipa-vp01 sshd[12793]: debug3: mm_request_receive
entering [preauth]
Mar 30 09:57:20 mid-ipa-vp01 sshd[12793]: debug3: mm_request_receive
entering
Mar 30 09:57:20 mid-ipa-vp01 sshd[12793]: debug3: monitor_read: checking
request 6
Mar 30 09:57:20 mid-ipa-vp01 sshd[12793]: debug3: mm_answer_sign
Mar 30 09:57:20 mid-ipa-vp01 sshd[12793]: debug3: mm_answer_sign:
signature 0x7f4788d8c440(271)
Mar 30 09:57:20 mid-ipa-vp01 sshd[12793]: debug3: mm_request_send
entering: type 7
Mar 30 09:57:20 mid-ipa-vp01 sshd[12793]: debug2: monitor_read: 6 used
once, disabling now
Mar 30 09:57:20 mid-ipa-vp01 sshd[12793]: debug1:
SSH2_MSG_KEX_DH_GEX_REPLY sent [preauth]
Mar 30 09:57:20 mid-ipa-vp01 sshd[12793]: debug2: kex_derive_keys [preauth]
Mar 30 09:57:20 mid-ipa-vp01 sshd[12793]: debug2: set_newkeys: mode 1
[preauth]
Mar 30 09:57:20 mid-ipa-vp01 sshd[12793]: debug1: SSH2_MSG_NEWKEYS sent
[preauth]
Mar 30 09:57:20 mid-ipa-vp01 sshd[12793]: debug1: expecting
SSH2_MSG_NEWKEYS [preauth]
Mar 30 09:57:20 mid-ipa-vp01 sshd[12793]: debug2: set_newkeys: mode 0
[preauth]
Mar 30 09:57:20 mid-ipa-vp01 sshd[12793]: debug1: SSH2_MSG_NEWKEYS
received [preauth]
Mar 30 09:57:20 mid-ipa-vp01 sshd[12793]: debug1: KEX done [preauth]
Mar 30 09:57:20 mid-ipa-vp01 sshd[12793]: debug1: userauth-request for
user adm-faru03 at test.osuwmc service ssh-connection method none [preauth]
Mar 30 09:57:20 mid-ipa-vp01 sshd[12793]: debug1: attempt 0 failures 0
[preauth]
Mar 30 09:57:20 mid-ipa-vp01 sshd[12793]: debug3: mm_getpwnamallow
entering [preauth]
Mar 30 09:57:20 mid-ipa-vp01 sshd[12793]: debug3: mm_request_send
entering: type 8 [preauth]
Mar 30 09:57:20 mid-ipa-vp01 sshd[12793]: debug3: mm_getpwnamallow:
waiting for MONITOR_ANS_PWNAM [preauth]
Mar 30 09:57:20 mid-ipa-vp01 sshd[12793]: debug3:
mm_request_receive_expect entering: type 9 [preauth]
Mar 30 09:57:20 mid-ipa-vp01 sshd[12793]: debug3: mm_request_receive
entering [preauth]
Mar 30 09:57:20 mid-ipa-vp01 sshd[12793]: debug3: mm_request_receive
entering
Mar 30 09:57:20 mid-ipa-vp01 sshd[12793]: debug3: monitor_read: checking
request 8
Mar 30 09:57:20 mid-ipa-vp01 sshd[12793]: debug3: mm_answer_pwnamallow
Mar 30 09:57:20 mid-ipa-vp01 sshd[12793]: debug3: Trying to reverse map
address 10.80.5.239.
Mar 30 09:57:20 mid-ipa-vp01 sshd[12793]: debug2: parse_server_config:
config reprocess config len 899
Mar 30 09:57:20 mid-ipa-vp01 sshd[12793]: debug3: mm_answer_pwnamallow:
sending MONITOR_ANS_PWNAM: 1
Mar 30 09:57:20 mid-ipa-vp01 sshd[12793]: debug3: mm_request_send
entering: type 9
Mar 30 09:57:20 mid-ipa-vp01 sshd[12793]: debug2: monitor_read: 8 used
once, disabling now
Mar 30 09:57:20 mid-ipa-vp01 sshd[12793]: debug2: input_userauth_request:
setting up authctxt for adm-faru03 at test.osuwmc [preauth]
Mar 30 09:57:20 mid-ipa-vp01 sshd[12793]: debug3: mm_start_pam entering
[preauth]
Mar 30 09:57:20 mid-ipa-vp01 sshd[12793]: debug3: mm_request_send
entering: type 100 [preauth]
Mar 30 09:57:20 mid-ipa-vp01 sshd[12793]: debug3: mm_inform_authserv
entering [preauth]
Mar 30 09:57:20 mid-ipa-vp01 sshd[12793]: debug3: mm_request_send
entering: type 4 [preauth]
Mar 30 09:57:20 mid-ipa-vp01 sshd[12793]: debug3: mm_inform_authrole
entering [preauth]
Mar 30 09:57:20 mid-ipa-vp01 sshd[12793]: debug3: mm_request_send
entering: type 80 [preauth]
Mar 30 09:57:20 mid-ipa-vp01 sshd[12793]: debug2: input_userauth_request:
try method none [preauth]
Mar 30 09:57:20 mid-ipa-vp01 sshd[12793]: debug3: userauth_finish: failure
partial=0 next methods="publickey,gssapi-keyex,gssapi-with-mic,password"
[preauth]
Mar 30 09:57:20 mid-ipa-vp01 sshd[12793]: debug3: mm_request_receive
entering
Mar 30 09:57:20 mid-ipa-vp01 sshd[12793]: debug3: monitor_read: checking
request 100
Mar 30 09:57:20 mid-ipa-vp01 sshd[12793]: debug1: PAM: initializing for
"adm-faru03 at test.osuwmc"
Mar 30 09:57:20 mid-ipa-vp01 sshd[12793]: debug1: PAM: setting PAM_RHOST
to "svr-addc-vt01.test.osuwmc"
Mar 30 09:57:20 mid-ipa-vp01 sshd[12793]: debug1: PAM: setting PAM_TTY to
"ssh"
Mar 30 09:57:20 mid-ipa-vp01 sshd[12793]: debug2: monitor_read: 100 used
once, disabling now
Mar 30 09:57:20 mid-ipa-vp01 sshd[12793]: debug1: userauth-request for
user adm-faru03 at test.osuwmc service ssh-connection method gssapi-with-mic
[preauth]
Mar 30 09:57:20 mid-ipa-vp01 sshd[12793]: debug1: attempt 1 failures 0
[preauth]
Mar 30 09:57:20 mid-ipa-vp01 sshd[12793]: debug2: input_userauth_request:
try method gssapi-with-mic [preauth]
Mar 30 09:57:20 mid-ipa-vp01 sshd[12793]: debug3: mm_request_send
entering: type 42 [preauth]
Mar 30 09:57:20 mid-ipa-vp01 sshd[12793]: debug3:
mm_request_receive_expect entering: type 43 [preauth]
Mar 30 09:57:20 mid-ipa-vp01 sshd[12793]: debug3: mm_request_receive
entering [preauth]
Mar 30 09:57:20 mid-ipa-vp01 sshd[12793]: debug3: mm_request_receive
entering
Mar 30 09:57:20 mid-ipa-vp01 sshd[12793]: debug3: monitor_read: checking
request 4
Mar 30 09:57:20 mid-ipa-vp01 sshd[12793]: debug3: mm_answer_authserv:
service=ssh-connection, style=
Mar 30 09:57:20 mid-ipa-vp01 sshd[12793]: debug2: monitor_read: 4 used
once, disabling now
Mar 30 09:57:20 mid-ipa-vp01 sshd[12793]: debug3: mm_request_receive
entering
Mar 30 09:57:20 mid-ipa-vp01 sshd[12793]: debug3: monitor_read: checking
request 80
Mar 30 09:57:20 mid-ipa-vp01 sshd[12793]: debug3: mm_answer_authrole: role=
Mar 30 09:57:20 mid-ipa-vp01 sshd[12793]: debug2: monitor_read: 80 used
once, disabling now
Mar 30 09:57:20 mid-ipa-vp01 sshd[12793]: debug3: mm_request_receive
entering
Mar 30 09:57:20 mid-ipa-vp01 sshd[12793]: debug3: monitor_read: checking
request 42
Mar 30 09:57:20 mid-ipa-vp01 sshd[12793]: debug3: mm_request_send
entering: type 43
Mar 30 09:57:20 mid-ipa-vp01 sshd[12793]: Postponed gssapi-with-mic for
adm-faru03 at test.osuwmc from 10.80.5.239 port 50824 ssh2 [preauth]
Mar 30 09:57:23 mid-ipa-vp01 sshd[12793]: debug1: userauth-request for
user adm-faru03 at test.osuwmc service ssh-connection method password
[preauth]
Mar 30 09:57:23 mid-ipa-vp01 sshd[12793]: debug1: attempt 2 failures 0
[preauth]
Mar 30 09:57:23 mid-ipa-vp01 sshd[12793]: debug2: input_userauth_request:
try method password [preauth]
Mar 30 09:57:23 mid-ipa-vp01 sshd[12793]: debug3: mm_auth_password
entering [preauth]
Mar 30 09:57:23 mid-ipa-vp01 sshd[12793]: debug3: mm_request_send
entering: type 12 [preauth]
Mar 30 09:57:23 mid-ipa-vp01 sshd[12793]: debug3: mm_auth_password:
waiting for MONITOR_ANS_AUTHPASSWORD [preauth]
Mar 30 09:57:23 mid-ipa-vp01 sshd[12793]: debug3:
mm_request_receive_expect entering: type 13 [preauth]
Mar 30 09:57:23 mid-ipa-vp01 sshd[12793]: debug3: mm_request_receive
entering [preauth]
Mar 30 09:57:23 mid-ipa-vp01 sshd[12793]: debug3: mm_request_receive
entering
Mar 30 09:57:23 mid-ipa-vp01 sshd[12793]: debug3: monitor_read: checking
request 12
Mar 30 09:57:23 mid-ipa-vp01 sshd[12793]: debug3: PAM: sshpam_passwd_conv
called with 1 messages
Mar 30 09:57:23 mid-ipa-vp01 sshd[12793]: pam_unix(sshd:auth):
authentication failure; logname= uid=0 euid=0 tty=ssh ruser=
rhost=svr-addc-vt01.test.osuwmc user=adm-faru03 at test.osuwmc
Mar 30 09:57:25 mid-ipa-vp01 sshd[12793]: pam_sss(sshd:auth):
authentication success; logname= uid=0 euid=0 tty=ssh ruser=
rhost=svr-addc-vt01.test.osuwmc user=adm-faru03 at test.osuwmc
Mar 30 09:57:25 mid-ipa-vp01 sshd[12793]: debug1: PAM: password
authentication accepted for adm-faru03 at test.osuwmc
On 3/30/15, 9:35 AM, "Sumit Bose" <sbose at redhat.com> wrote:
>assuming you have a valid Kerberos ticket the most probable reason is
>that libkrb5 cannot properly relate the Kerberos principal from the
>ticket to the local user name you use at the login prompt. With DEBUG3
>you should see some messages containing '*userok*'. If you see failures
>related to these messages it most probable is this case.
>
>Recent versions of SSSD will configure a plugin for libkrb5 which can
>handle this. But for older version you either have to create a .k5login
>file in the users home directory containing the Kerberos principal or
>use auth_to_local directives in /etc/krb5.conf as described in
>https://urldefense.proofpoint.com/v2/url?u=http-3A__www.freeipa.org_page_A
>ctive-5FDirectory-5Ftrust-5Fsetup-23Edit-5F.2Fetc.2Fkrb5.conf&d=AwIDaQ&c=k
>9MF1d71ITtkuJx-PdWme51dKbmfPEvxwt8SFEkBfs4&r=C8H0y1Bn8C6Mf5i9qrqkUDy3xSk8z
>PbIs_SvJwojC24&m=4CkfthdUOBBXSFdkUzW4imHzEchORW-ZPDVNXQlaZ3A&s=a7-Ti-Mlcie
>m4dhsLicRf0Qg6sZDhThV-kMNED2rYug&e=
>
>HTH
>
>bye,
>Sumit
More information about the Freeipa-users
mailing list