[Freeipa-users] freeipa permission denied for user
Rakesh Rajasekharan
rakesh.rajasekharan at gmail.com
Thu Feb 18 13:11:23 UTC 2016
I set up freeipa on our environment and its works perfectly for most of the
hosts.. but on few I am getting a permission denied.
[root at ipa-client-1c :~] ssh tempuser at localhost
tempuser at localhost's password:
Permission denied, please try again.
tempuser at localhost's password:
I checked the hbac, but that seems to be fine
root at ipa-master-test-1b ] ipa hbactest --user=tempuser --host=x.x.x.x
--service=sshd
--------------------
Access granted: True
--------------------
Matched rules: allow_all
Another thing I noticed is the nsswitch.conf had the below entries after
the freeipa installation
passwd: files sss ldap
shadow: files sss ldap
group: files sss ldap
hosts: files dns
bootparams: nisplus [NOTFOUND=return] files
ethers: files
netmasks: files
networks: files
protocols: files
rpc: files
services: files sss
netgroup: files sss ldap
publickey: nisplus
automount: files ldap
aliases: files nisplus
sudoers: files sss
The ldap shouldn't be there above I guess..
and from the logs, i have the below errors
==> /var/log/secure <==
Feb 18 03:29:33 ip-x-x-x-x sshd[24851]: pam_unix(sshd:auth): authentication
failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=x.x.x.x user=tempuser
Feb 18 03:29:33 ip-x-x-x-x sshd[24851]: pam_sss(sshd:auth): authentication
failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=x.x.x.x user=tempuser
Feb 18 03:29:33 ip-x-x-x-x sshd[24851]: pam_sss(sshd:auth): received for
user tempuser: 4 (System error)
Feb 18 03:29:35 ip-x-x-x-x sshd[24851]: Failed password for tempuser from
x.x.x.x port 36687 ssh2
Feb 18 03:29:39 ip-x-x-x-x sshd[24853]: Connection closed by x.x.x.x
Feb 18 03:34:17 ip-x-x-x-x sshd[25108]: pam_unix(sshd:auth): authentication
failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=127.0.0.1 user=tempuser
Feb 18 03:34:17 ip-x-x-x-x sshd[25108]: pam_sss(sshd:auth): authentication
failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=127.0.0.1 user=tempuser
Feb 18 03:34:17 ip-x-x-x-x sshd[25108]: pam_sss(sshd:auth): received for
user tempuser: 4 (System error)
Feb 18 03:34:19 ip-x-x-x-x sshd[25108]: Failed password for tempuser from
127.0.0.1 port 59870 ssh2
==> /var/log/messages <==
Feb 18 03:37:45 ip-x-x-x-x sssd[be[xyz.com]]: Shutting down
Feb 18 03:37:45 ip-x-x-x-x sssd: Starting up
Feb 18 03:37:46 ip-x-x-x-x sssd[be[xyz.com]]: Starting up
Feb 18 03:37:46 ip-x-x-x-x sssd[nss]: Starting up
Feb 18 03:37:46 ip-x-x-x-x sssd[sudo]: Starting up
Feb 18 03:37:46 ip-x-x-x-x sssd[pam]: Starting up
Feb 18 03:37:46 ip-x-x-x-x sssd[pac]: Starting up
Feb 18 03:37:46 ip-x-x-x-x sssd[ssh]: Starting up
Feb 18 03:37:46 ip-x-x-x-x sssd[be[xyz.com]]: dereference processing failed
: Input/output error
Feb 18 03:37:46 ip-x-x-x-x sssd[be[xyz.com]]: dereference processing failed
: Input/output error
Feb 18 03:38:41 ip-x-x-x-x [sssd[krb5_child[25324]]]: Permission denied
Feb 18 03:38:41 ip-x-x-x-x [sssd[krb5_child[25324]]]: Permission denied
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160218/4e0d3782/attachment.htm>
More information about the Freeipa-users
mailing list