[Freeipa-users] Problem with AD authentication after updating to 7.2 OS server
Morgan Marodin
morgan at marodin.it
Fri Nov 27 16:35:42 UTC 2015
Hi Sumit.
I don't know why, but now kerberos ticket authentication is working on 6.7
clients.
On 7.2 clients now password authetications with Active Directory
credentials is working ... but not with kerberos ticket.
There are my 7.2 client SSSD logs:
---------------------------------------------------
==> /var/log/sssd/sssd_nss.log <==
(Fri Nov 27 17:12:51 2015) [sssd[nss]] [get_client_cred] (0x4000): Client
creds: euid[0] egid[0] pid[2383].
(Fri Nov 27 17:12:51 2015) [sssd[nss]] [reset_idle_timer] (0x4000): Idle
timer re-set for client [0x7f56192197a0][21]
(Fri Nov 27 17:12:51 2015) [sssd[nss]] [accept_fd_handler] (0x0400): Client
connected!
(Fri Nov 27 17:12:51 2015) [sssd[nss]] [reset_idle_timer] (0x4000): Idle
timer re-set for client [0x7f56192197a0][21]
(Fri Nov 27 17:12:51 2015) [sssd[nss]] [sss_cmd_get_version] (0x0200):
Received client version [1].
(Fri Nov 27 17:12:51 2015) [sssd[nss]] [sss_cmd_get_version] (0x0200):
Offered version [1].
(Fri Nov 27 17:12:51 2015) [sssd[nss]] [reset_idle_timer] (0x4000): Idle
timer re-set for client [0x7f56192197a0][21]
(Fri Nov 27 17:12:51 2015) [sssd[nss]] [reset_idle_timer] (0x4000): Idle
timer re-set for client [0x7f56192197a0][21]
(Fri Nov 27 17:12:51 2015) [sssd[nss]] [nss_cmd_getbynam] (0x0400): Running
command [17] with input [morgan.marodin at mydomain.com].
(Fri Nov 27 17:12:51 2015) [sssd[nss]] [sss_parse_name_for_domains]
(0x0200): name 'morgan.marodin at mydomain.com' matched expression for domain '
mydomain.com', user is morgan.marodin
(Fri Nov 27 17:12:51 2015) [sssd[nss]] [nss_cmd_getbynam] (0x0100):
Requesting info for [morgan.marodin] from [mydomain.com]
(Fri Nov 27 17:12:51 2015) [sssd[nss]] [sss_ncache_check_str] (0x2000):
Checking negative cache for [NCE/USER/mydomain.com/morgan.marodin]
(Fri Nov 27 17:12:51 2015) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0100):
Requesting info for [morgan.marodin at mydomain.com]
(Fri Nov 27 17:12:51 2015) [sssd[nss]] [ldb] (0x4000): Added timed event
"ltdb_callback": 0x7f5619210d40
(Fri Nov 27 17:12:51 2015) [sssd[nss]] [ldb] (0x4000): Added timed event
"ltdb_timeout": 0x7f5619217200
(Fri Nov 27 17:12:51 2015) [sssd[nss]] [ldb] (0x4000): Running timer event
0x7f5619210d40 "ltdb_callback"
(Fri Nov 27 17:12:51 2015) [sssd[nss]] [ldb] (0x4000): Destroying timer
event 0x7f5619217200 "ltdb_timeout"
(Fri Nov 27 17:12:51 2015) [sssd[nss]] [ldb] (0x4000): Ending timer event
0x7f5619210d40 "ltdb_callback"
(Fri Nov 27 17:12:51 2015) [sssd[nss]] [get_dp_name_and_id] (0x0400): Not a
LOCAL view, continuing with provided values.
(Fri Nov 27 17:12:51 2015) [sssd[nss]] [check_cache] (0x0400): Cached entry
is valid, returning..
(Fri Nov 27 17:12:51 2015) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0400):
Returning info for user [morgan.marodin at mydomain.com]
(Fri Nov 27 17:12:51 2015) [sssd[nss]] [reset_idle_timer] (0x4000): Idle
timer re-set for client [0x7f56192197a0][21]
==> /var/log/sssd/sssd.log <==
(Fri Nov 27 17:12:52 2015) [sssd] [service_send_ping] (0x0100): Pinging
ipa.mydomain.com
(Fri Nov 27 17:12:52 2015) [sssd] [sbus_add_timeout] (0x2000):
0x7fad1ed51b10
(Fri Nov 27 17:12:52 2015) [sssd] [service_send_ping] (0x0100): Pinging nss
(Fri Nov 27 17:12:52 2015) [sssd] [sbus_add_timeout] (0x2000):
0x7fad1ed3c400
==> /var/log/sssd/sssd_ipa.mydomain.com.log <==
(Fri Nov 27 17:12:52 2015) [sssd[be[ipa.mydomain.com]]] [sbus_dispatch]
(0x4000): dbus conn: 0x7fc5b4628010
(Fri Nov 27 17:12:52 2015) [sssd[be[ipa.mydomain.com]]] [sbus_dispatch]
(0x4000): Dispatching.
==> /var/log/sssd/sssd.log <==
(Fri Nov 27 17:12:52 2015) [sssd] [service_send_ping] (0x0100): Pinging sudo
==> /var/log/sssd/sssd_ipa.mydomain.com.log <==
(Fri Nov 27 17:12:52 2015) [sssd[be[ipa.mydomain.com]]]
[sbus_message_handler] (0x2000): Received SBUS method
org.freedesktop.sssd.service.ping on path /org/freedesktop/sssd/service
(Fri Nov 27 17:12:52 2015) [sssd[be[ipa.mydomain.com]]]
[sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit
==> /var/log/sssd/sssd_nss.log <==
(Fri Nov 27 17:12:52 2015) [sssd[nss]] [sbus_dispatch] (0x4000): dbus conn:
0x7f5619211cf0
(Fri Nov 27 17:12:52 2015) [sssd[nss]] [sbus_dispatch] (0x4000):
Dispatching.
(Fri Nov 27 17:12:52 2015) [sssd[nss]] [sbus_message_handler] (0x2000):
Received SBUS method org.freedesktop.sssd.service.ping on path
/org/freedesktop/sssd/service
==> /var/log/sssd/sssd.log <==
(Fri Nov 27 17:12:52 2015) [sssd] [sbus_add_timeout] (0x2000):
0x7fad1ed51d40
(Fri Nov 27 17:12:52 2015) [sssd] [service_send_ping] (0x0100): Pinging pam
(Fri Nov 27 17:12:52 2015) [sssd] [sbus_add_timeout] (0x2000):
0x7fad1ed467b0
(Fri Nov 27 17:12:52 2015) [sssd] [service_send_ping] (0x0100): Pinging ssh
==> /var/log/sssd/sssd_ipa.mydomain.com.log <==
==> /var/log/sssd/sssd_nss.log <==
(Fri Nov 27 17:12:52 2015) [sssd[nss]] [sbus_get_sender_id_send] (0x2000):
Not a sysbus message, quit
==> /var/log/sssd/sssd.log <==
(Fri Nov 27 17:12:52 2015) [sssd] [sbus_add_timeout] (0x2000):
0x7fad1ed3fd40
(Fri Nov 27 17:12:52 2015) [sssd] [service_send_ping] (0x0100): Pinging pac
==> /var/log/sssd/sssd_nss.log <==
==> /var/log/sssd/sssd.log <==
(Fri Nov 27 17:12:52 2015) [sssd] [sbus_add_timeout] (0x2000):
0x7fad1ed50420
==> /var/log/sssd/sssd_nss.log <==
==> /var/log/sssd/sssd.log <==
==> /var/log/sssd/sssd_sudo.log <==
(Fri Nov 27 17:12:52 2015) [sssd[sudo]] [sbus_dispatch] (0x4000): dbus
conn: 0x7f7cafe397a0
(Fri Nov 27 17:12:52 2015) [sssd[sudo]] [sbus_dispatch] (0x4000):
Dispatching.
(Fri Nov 27 17:12:52 2015) [sssd[sudo]] [sbus_message_handler] (0x2000):
Received SBUS method org.freedesktop.sssd.service.ping on path
/org/freedesktop/sssd/service
==> /var/log/sssd/sssd.log <==
(Fri Nov 27 17:12:52 2015) [sssd] [sbus_remove_timeout] (0x2000):
0x7fad1ed51b10
==> /var/log/sssd/sssd_sudo.log <==
(Fri Nov 27 17:12:52 2015) [sssd[sudo]] [sbus_get_sender_id_send] (0x2000):
Not a sysbus message, quit
==> /var/log/sssd/sssd_pam.log <==
(Fri Nov 27 17:12:52 2015) [sssd[pam]] [sbus_dispatch] (0x4000): dbus conn:
0x7fc5eaa6c7a0
(Fri Nov 27 17:12:52 2015) [sssd[pam]] [sbus_dispatch] (0x4000):
Dispatching.
(Fri Nov 27 17:12:52 2015) [sssd[pam]] [sbus_message_handler] (0x2000):
Received SBUS method org.freedesktop.sssd.service.ping on path
/org/freedesktop/sssd/service
(Fri Nov 27 17:12:52 2015) [sssd[pam]] [sbus_get_sender_id_send] (0x2000):
Not a sysbus message, quit
==> /var/log/sssd/sssd.log <==
(Fri Nov 27 17:12:52 2015) [sssd] [sbus_dispatch] (0x4000): dbus conn:
0x7fad1ed36500
(Fri Nov 27 17:12:52 2015) [sssd] [sbus_dispatch] (0x4000): Dispatching.
(Fri Nov 27 17:12:52 2015) [sssd] [ping_check] (0x0100): Service
ipa.mydomain.com replied to ping
==> /var/log/sssd/sssd_pam.log <==
==> /var/log/sssd/sssd_sudo.log <==
==> /var/log/sssd/sssd_pam.log <==
==> /var/log/sssd/sssd.log <==
(Fri Nov 27 17:12:52 2015) [sssd] [sbus_remove_timeout] (0x2000):
0x7fad1ed3c400
(Fri Nov 27 17:12:52 2015) [sssd] [sbus_dispatch] (0x4000): dbus conn:
0x7fad1ed45270
==> /var/log/sssd/sssd_ssh.log <==
(Fri Nov 27 17:12:52 2015) [sssd[ssh]] [sbus_dispatch] (0x4000): dbus conn:
0x7f28ec7b97a0
(Fri Nov 27 17:12:52 2015) [sssd[ssh]] [sbus_dispatch] (0x4000):
Dispatching.
(Fri Nov 27 17:12:52 2015) [sssd[ssh]] [sbus_message_handler] (0x2000):
Received SBUS method org.freedesktop.sssd.service.ping on path
/org/freedesktop/sssd/service
(Fri Nov 27 17:12:52 2015) [sssd[ssh]] [sbus_get_sender_id_send] (0x2000):
Not a sysbus message, quit
==> /var/log/sssd/sssd_sudo.log <==
==> /var/log/sssd/sssd_pam.log <==
==> /var/log/sssd/sssd.log <==
(Fri Nov 27 17:12:52 2015) [sssd] [sbus_dispatch] (0x4000): Dispatching.
(Fri Nov 27 17:12:52 2015) [sssd] [ping_check] (0x0100): Service nss
replied to ping
==> /var/log/sssd/sssd_ssh.log <==
==> /var/log/sssd/sssd.log <==
==> /var/log/sssd/sssd_pac.log <==
(Fri Nov 27 17:12:52 2015) [sssd[pac]] [sbus_dispatch] (0x4000): dbus conn:
0x7f3abbf7f7a0
(Fri Nov 27 17:12:52 2015) [sssd[pac]] [sbus_dispatch] (0x4000):
Dispatching.
(Fri Nov 27 17:12:52 2015) [sssd[pac]] [sbus_message_handler] (0x2000):
Received SBUS method org.freedesktop.sssd.service.ping on path
/org/freedesktop/sssd/service
(Fri Nov 27 17:12:52 2015) [sssd[pac]] [sbus_get_sender_id_send] (0x2000):
Not a sysbus message, quit
==> /var/log/sssd/sssd_ssh.log <==
==> /var/log/sssd/sssd.log <==
(Fri Nov 27 17:12:52 2015) [sssd] [sbus_remove_timeout] (0x2000):
0x7fad1ed467b0
(Fri Nov 27 17:12:52 2015) [sssd] [sbus_dispatch] (0x4000): dbus conn:
0x7fad1ed3ce20
(Fri Nov 27 17:12:52 2015) [sssd] [sbus_dispatch] (0x4000): Dispatching.
==> /var/log/sssd/sssd_pac.log <==
==> /var/log/sssd/sssd_ssh.log <==
==> /var/log/sssd/sssd.log <==
(Fri Nov 27 17:12:52 2015) [sssd] [ping_check] (0x0100): Service pam
replied to ping
==> /var/log/sssd/sssd_pac.log <==
==> /var/log/sssd/sssd.log <==
(Fri Nov 27 17:12:52 2015) [sssd] [sbus_remove_timeout] (0x2000):
0x7fad1ed51d40
==> /var/log/sssd/sssd_pac.log <==
==> /var/log/sssd/sssd.log <==
(Fri Nov 27 17:12:52 2015) [sssd] [sbus_dispatch] (0x4000): dbus conn:
0x7fad1ed3b3b0
(Fri Nov 27 17:12:52 2015) [sssd] [sbus_dispatch] (0x4000): Dispatching.
(Fri Nov 27 17:12:52 2015) [sssd] [ping_check] (0x0100): Service sudo
replied to ping
(Fri Nov 27 17:12:52 2015) [sssd] [sbus_remove_timeout] (0x2000):
0x7fad1ed3fd40
(Fri Nov 27 17:12:52 2015) [sssd] [sbus_dispatch] (0x4000): dbus conn:
0x7fad1ed407a0
(Fri Nov 27 17:12:52 2015) [sssd] [sbus_dispatch] (0x4000): Dispatching.
(Fri Nov 27 17:12:52 2015) [sssd] [ping_check] (0x0100): Service ssh
replied to ping
(Fri Nov 27 17:12:52 2015) [sssd] [sbus_remove_timeout] (0x2000):
0x7fad1ed50420
(Fri Nov 27 17:12:52 2015) [sssd] [sbus_dispatch] (0x4000): dbus conn:
0x7fad1ed4afb0
(Fri Nov 27 17:12:52 2015) [sssd] [sbus_dispatch] (0x4000): Dispatching.
(Fri Nov 27 17:12:52 2015) [sssd] [ping_check] (0x0100): Service pac
replied to ping
---------------------------------------------------
Anything else to enable debug mode?
Please let le know, thanks.
Bye, Morgan
2015-11-27 16:44 GMT+01:00 Sumit Bose <sbose at redhat.com>:
> On Fri, Nov 27, 2015 at 04:31:49PM +0100, Morgan Marodin wrote:
> > Hi everyone.
> >
> > After updating my FreeIPA server to 7.2 OS version (it's a RHEL like
> > distribution) I've some problems authenticating with Active Directory
> > credentials.
> >
> > Testing it on 6.7 OS clients it works using Windows password, but using
> > ticket kerberos it doesn't work.
> >
> > Testing it on 7.2 client it doesn't work either with password and
> kerberos
> > tickets.
>
> Let's first start with password authentication. For this we need SSSD
> logs. Please see https://fedorahosted.org/sssd/wiki/Troubleshooting how
> to change the debug levels. The pam and domains logs would be useful. If
> you prefer you can send the logs to me directly.
>
> bye,
> Sumit
>
> >
> > What could be the problem?
> >
> > Please let me know, thanks.
> > Bye, Morgan
>
> > --
> > Manage your subscription for the Freeipa-users mailing list:
> > https://www.redhat.com/mailman/listinfo/freeipa-users
> > Go to http://freeipa.org for more info on the project
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20151127/06e3d8d8/attachment.htm>
More information about the Freeipa-users
mailing list