[Freeipa-users] Password-based authentication with AD users does not work
Ronald Wimmer
ronaldw at ronzo.at
Thu Apr 6 10:10:29 UTC 2017
Hi,
when I try to login to an IPA client with my AD user it works perfectly
when I already have a kerberos ticket for my user. When I do not and I
try a password-based login it fails:
Password-based:
(Thu Apr 6 10:39:12 2017) [sssd[pam]] [pam_check_user_search] (0x0400):
Returning info for user [myuser at xyz.mydomain.at@xyz.mydomain.at]
(Thu Apr 6 10:39:12 2017) [sssd[pam]] [pd_set_primary_name] (0x0400):
User's primary name is myuser at xyz.mydomain.at
(Thu Apr 6 10:39:12 2017) [sssd[pam]] [pam_dp_send_req] (0x0100):
Sending request with the following data:
(Thu Apr 6 10:39:12 2017) [sssd[pam]] [pam_print_data] (0x0100):
command: SSS_PAM_PREAUTH
(Thu Apr 6 10:39:12 2017) [sssd[pam]] [pam_print_data] (0x0100):
domain: XYZ
(Thu Apr 6 10:39:12 2017) [sssd[pam]] [pam_print_data] (0x0100): user:
myuser at xyz.mydomain.at
(Thu Apr 6 10:39:12 2017) [sssd[pam]] [pam_print_data] (0x0100):
service: sshd
(Thu Apr 6 10:39:12 2017) [sssd[pam]] [pam_print_data] (0x0100): tty: ssh
(Thu Apr 6 10:39:12 2017) [sssd[pam]] [pam_print_data] (0x0100): ruser:
not set
(Thu Apr 6 10:39:12 2017) [sssd[pam]] [pam_print_data] (0x0100): rhost:
chupacabra.ipa.mydomain.at
(Thu Apr 6 10:39:12 2017) [sssd[pam]] [pam_print_data] (0x0100):
authtok type: 0
(Thu Apr 6 10:39:12 2017) [sssd[pam]] [pam_print_data] (0x0100):
newauthtok type: 0
(Thu Apr 6 10:39:12 2017) [sssd[pam]] [pam_print_data] (0x0100): priv: 1
(Thu Apr 6 10:39:12 2017) [sssd[pam]] [pam_print_data] (0x0100):
cli_pid: 31816
(Thu Apr 6 10:39:12 2017) [sssd[pam]] [pam_print_data] (0x0100): logon
name: myuser
(Thu Apr 6 10:39:12 2017) [sssd[pam]] [sbus_add_timeout] (0x2000):
0x7f4c122ed450
(Thu Apr 6 10:39:12 2017) [sssd[pam]] [pam_dom_forwarder] (0x0100):
pam_dp_send_req returned 0
(Thu Apr 6 10:39:12 2017) [sssd[pam]] [sbus_remove_timeout] (0x2000):
0x7f4c122ed450
(Thu Apr 6 10:39:12 2017) [sssd[pam]] [sbus_dispatch] (0x4000): dbus
conn: 0x7f4c122e59c0
(Thu Apr 6 10:39:12 2017) [sssd[pam]] [sbus_dispatch] (0x4000):
Dispatching.
(Thu Apr 6 10:39:12 2017) [sssd[pam]] [pam_dp_process_reply] (0x0200):
received: [4 (System error)][XYZ]
(Thu Apr 6 10:39:12 2017) [sssd[pam]] [pam_reply] (0x0200): pam_reply
called with result [4]: System error.
(Thu Apr 6 10:39:12 2017) [sssd[pam]] [pam_reply] (0x0200): blen: 20
(Thu Apr 6 10:39:12 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle
timer re-set for client [0x7f4c122f4640][21]
When I have a Kerberos ticket:
(Thu Apr 6 10:41:00 2017) [sssd[pam]] [pam_check_user_search] (0x0400):
Returning info for user [myuser at xyz.mydomain.at@xyz.mydomain.at]
(Thu Apr 6 10:41:00 2017) [sssd[pam]] [pd_set_primary_name] (0x0400):
User's primary name is myuser at xyz.mydomain.at
(Thu Apr 6 10:41:00 2017) [sssd[pam]] [pam_dp_send_req] (0x0100):
Sending request with the following data:
(Thu Apr 6 10:41:00 2017) [sssd[pam]] [pam_print_data] (0x0100):
command: SSS_PAM_OPEN_SESSION
(Thu Apr 6 10:41:00 2017) [sssd[pam]] [pam_print_data] (0x0100):
domain: XYZ
(Thu Apr 6 10:41:00 2017) [sssd[pam]] [pam_print_data] (0x0100): user:
myuser at xyz.mydomain.at
(Thu Apr 6 10:41:00 2017) [sssd[pam]] [pam_print_data] (0x0100):
service: sshd
(Thu Apr 6 10:41:00 2017) [sssd[pam]] [pam_print_data] (0x0100): tty: ssh
(Thu Apr 6 10:41:00 2017) [sssd[pam]] [pam_print_data] (0x0100): ruser:
not set
(Thu Apr 6 10:41:00 2017) [sssd[pam]] [pam_print_data] (0x0100): rhost:
chupacabra.ipa.mydomain.at
(Thu Apr 6 10:41:00 2017) [sssd[pam]] [pam_print_data] (0x0100):
authtok type: 0
(Thu Apr 6 10:41:00 2017) [sssd[pam]] [pam_print_data] (0x0100):
newauthtok type: 0
(Thu Apr 6 10:41:00 2017) [sssd[pam]] [pam_print_data] (0x0100): priv: 1
(Thu Apr 6 10:41:00 2017) [sssd[pam]] [pam_print_data] (0x0100):
cli_pid: 31841
(Thu Apr 6 10:41:00 2017) [sssd[pam]] [pam_print_data] (0x0100): logon
name: myuser
(Thu Apr 6 10:41:00 2017) [sssd[pam]] [sbus_add_timeout] (0x2000):
0x7f4c122ec4a0
(Thu Apr 6 10:41:00 2017) [sssd[pam]] [pam_dom_forwarder] (0x0100):
pam_dp_send_req returned 0
(Thu Apr 6 10:41:00 2017) [sssd[pam]] [sbus_remove_timeout] (0x2000):
0x7f4c122ec4a0
(Thu Apr 6 10:41:00 2017) [sssd[pam]] [sbus_dispatch] (0x4000): dbus
conn: 0x7f4c122e59c0
(Thu Apr 6 10:41:00 2017) [sssd[pam]] [sbus_dispatch] (0x4000):
Dispatching.
(Thu Apr 6 10:41:00 2017) [sssd[pam]] [pam_dp_process_reply] (0x0200):
received: [0 (Success)][XYZ]
(Thu Apr 6 10:41:00 2017) [sssd[pam]] [pam_reply] (0x0200): pam_reply
called with result [0]: Success.
(Thu Apr 6 10:41:00 2017) [sssd[pam]] [pam_reply] (0x0200): blen: 20
(Thu Apr 6 10:41:00 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle
timer re-set for client [0x7f4c122f4640][21]
My question is why?
Regards,
Ronald
More information about the Freeipa-users
mailing list