[Freeipa-users] ipa-client password authentication failed

Sun Apr 24 11:31:36 UTC 2016

> On 22 Apr 2016, at 19:21, Rakesh Rajasekharan <rakesh.rajasekharan at gmail.com> wrote:
> 
> Hi Jakub
> 
> 
> the child only had that much info..
> 
> from the domain logs. it looks that it was able to resolve the master . However, the ldap results say found nothing.
> 
> I was earlier running an openldap client on this host and then migrated to IPA.
> 
> /etc/openldap/ldap.conf  was still pointing to the older ldap master..
> 
> #File modified by ipa-client-install
> 
> URI ldaps://older-ldap-master.com:636/
> BASE dc=xyz,dc=com
> TLS_CACERT /etc/ipa/ca.crt
> 
> TLS_CACERTDIR /etc/openldap/cacerts]
> 
> I corrected that to point to IPA and noticed that getent passwd now successfully lists all the users.
> However, the authentication does not work yet. ( ldapsearch -x though shows all the users ).
> 
> I re-tested it now...
> below is the domain log
> (Fri Apr 22 16:57:21 2016) [sssd[be[xyz.com]]] [ldb] (0x4000): start ldb transaction (nesting: 3)
> (Fri Apr 22 16:57:21 2016) [sssd[be[xyz.com]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x118fab0
> 
> (Fri Apr 22 16:57:21 2016) [sssd[be[xyz.com]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x11925f0
> 
> (Fri Apr 22 16:57:21 2016) [sssd[be[xyz.com]]] [ldb] (0x4000): Running timer event 0x118fab0 "ltdb_callback"
> 
> (Fri Apr 22 16:57:21 2016) [sssd[be[xyz.com]]] [ldb] (0x4000): Destroying timer event 0x11925f0 "ltdb_timeout"
> 
> (Fri Apr 22 16:57:21 2016) [sssd[be[xyz.com]]] [ldb] (0x4000): Ending timer event 0x118fab0 "ltdb_callback"
> 
> (Fri Apr 22 16:57:21 2016) [sssd[be[xyz.com]]] [ldb] (0x4000): cancel ldb transaction (nesting: 3)
> (Fri Apr 22 16:57:21 2016) [sssd[be[xyz.com]]] [ldb] (0x4000): commit ldb transaction (nesting: 2)
> (Fri Apr 22 16:57:21 2016) [sssd[be[xyz.com]]] [ldb] (0x4000): commit ldb transaction (nesting: 1)
> (Fri Apr 22 16:57:21 2016) [sssd[be[xyz.com]]] [sdap_save_users] (0x4000): User 0 processed!
> (Fri Apr 22 16:57:21 2016) [sssd[be[xyz.com]]] [ldb] (0x4000): commit ldb transaction (nesting: 0)
> (Fri Apr 22 16:57:21 2016) [sssd[be[xyz.com]]] [sdap_get_users_done] (0x4000): Saving 1 Users - Done
> (Fri Apr 22 16:57:21 2016) [sssd[be[xyz.com]]] [sdap_id_op_done] (0x4000): releasing operation connection
> (Fri Apr 22 16:57:21 2016) [sssd[be[xyz.com]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x118fd20
> 
> (Fri Apr 22 16:57:21 2016) [sssd[be[xyz.com]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x1182770
> 
> (Fri Apr 22 16:57:21 2016) [sssd[be[xyz.com]]] [ldb] (0x4000): Running timer event 0x118fd20 "ltdb_callback"
> 
> (Fri Apr 22 16:57:21 2016) [sssd[be[xyz.com]]] [ldb] (0x4000): Destroying timer event 0x1182770 "ltdb_timeout"
> 
> (Fri Apr 22 16:57:21 2016) [sssd[be[xyz.com]]] [ldb] (0x4000): Ending timer event 0x118fd20 "ltdb_callback"
> 
> (Fri Apr 22 16:57:21 2016) [sssd[be[xyz.com]]] [sdap_id_op_connect_step] (0x4000): reusing cached connection
> (Fri Apr 22 16:57:21 2016) [sssd[be[xyz.com]]] [ipa_get_ad_override_connect_done] (0x4000): Searching for overrides in view [Default Trust View] with filter [(&(objectClass=ipaOverrideAnchor)(ipaAnchorUUID=:IPA:xyz.com:8c7e86dc-0536-11e6-94f8-0e49bd988575))].
> (Fri Apr 22 16:57:21 2016) [sssd[be[xyz.com]]] [sdap_print_server] (0x2000): Searching 10.0.4.175
> (Fri Apr 22 16:57:21 2016) [sssd[be[xyz.com]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(&(objectClass=ipaOverrideAnchor)(ipaAnchorUUID=:IPA:xyz.com:8c7e86dc-0536-11e6-94f8-0e49bd988575))][cn=Default Trust View,cn=views,cn=accounts,dc=xyz,dc=com].
> (Fri Apr 22 16:57:21 2016) [sssd[be[xyz.com]]] [sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 105
> (Fri Apr 22 16:57:21 2016) [sssd[be[xyz.com]]] [sdap_process_result] (0x2000): Trace: sh[0x1173050], connected[1], ops[0x115c810], ldap[0x1164b30]
> (Fri Apr 22 16:57:21 2016) [sssd[be[xyz.com]]] [sdap_process_result] (0x2000): Trace: ldap_result found nothing!
> (Fri Apr 22 16:57:21 2016) [sssd[be[xyz.com]]] [sdap_process_result] (0x2000): Trace: sh[0x1173050], connected[1], ops[0x115c810], ldap[0x1164b30
> 

This log snippet is again completely unrelated to login. It just says there are no overrides applicable for this user. Please run:

date; ssh $user@$host; date;

and attach all logs between the two date outputs.