[Freeipa-users] Cannot login after patching on LXC Container

Alexander Bokovoy abokovoy at redhat.com
Tue Feb 14 15:22:40 UTC 2017 

On ti, 14 helmi 2017, Nuno Higgs wrote:
>Hello Lucas,
>
>No, the account is neither locked nor expired. That's the weird part.
>On other Centos7 / RHEL7 I can login without any issues.
>
>
>[root at ipa2 ~]# ipa user-status nuno
>-----------------------
>Account disabled: False
>-----------------------
>  Server: ipa1
>  Failed logins: 0
>  Last successful authentication: 20170214150453Z
>  Last failed authentication: 20170213170252Z
>  Time now: 2017-02-14T15:06:21Z
>
>  Server: ipa2
>  Failed logins: 0
>  Last successful authentication: 20170214150047Z
>  Last failed authentication: 20170214124638Z
>  Time now: 2017-02-14T15:06:23Z
>----------------------------
>Number of entries returned 2
>----------------------------
>
>I've also enabled the sssd. There is no evidence of where the problem is:
>
>(Tue Feb 14 15:11:54 2017) [sssd[pam]] [pam_print_data] (0x0100): command: SSS_PAM_AUTHENTICATE
>(Tue Feb 14 15:11:54 2017) [sssd[pam]] [pam_print_data] (0x0100): domain: domain.com
>(Tue Feb 14 15:11:54 2017) [sssd[pam]] [pam_print_data] (0x0100): user: nuno at domain.com
>(Tue Feb 14 15:11:54 2017) [sssd[pam]] [pam_print_data] (0x0100): service: sshd
>(Tue Feb 14 15:11:54 2017) [sssd[pam]] [pam_print_data] (0x0100): tty: ssh
>(Tue Feb 14 15:11:54 2017) [sssd[pam]] [pam_print_data] (0x0100): ruser: not set
>(Tue Feb 14 15:11:54 2017) [sssd[pam]] [pam_print_data] (0x0100): rhost: 172.16.0.10
>(Tue Feb 14 15:11:54 2017) [sssd[pam]] [pam_print_data] (0x0100): authtok type: 1
>(Tue Feb 14 15:11:54 2017) [sssd[pam]] [pam_print_data] (0x0100): newauthtok type: 0
>(Tue Feb 14 15:11:54 2017) [sssd[pam]] [pam_print_data] (0x0100): priv: 1
>(Tue Feb 14 15:11:54 2017) [sssd[pam]] [pam_print_data] (0x0100): cli_pid: 9475
>(Tue Feb 14 15:11:54 2017) [sssd[pam]] [pam_print_data] (0x0100): logon name: nuno
>(Tue Feb 14 15:11:54 2017) [sssd[pam]] [pam_dom_forwarder] (0x0100): pam_dp_send_req returned 0
>(Tue Feb 14 15:11:55 2017) [sssd[pam]] [pam_dp_process_reply] (0x0200): received: [0 (Success)][domain.com]
>(Tue Feb 14 15:11:55 2017) [sssd[pam]] [pam_reply] (0x0200): pam_reply called with result [0]: Success.
>(Tue Feb 14 15:11:55 2017) [sssd[pam]] [pam_reply] (0x0200): pam_reply called with result [0]: Success.
>(Tue Feb 14 15:11:55 2017) [sssd[pam]] [pam_reply] (0x0200): blen: 68
>(Tue Feb 14 15:11:55 2017) [sssd[pam]] [pam_cmd_acct_mgmt] (0x0100): entering pam_cmd_acct_mgmt
>(Tue Feb 14 15:11:55 2017) [sssd[pam]] [sss_parse_name_for_domains] (0x0200): name 'nuno' matched without domain, user is nuno
>(Tue Feb 14 15:11:55 2017) [sssd[pam]] [pam_print_data] (0x0100): command: SSS_PAM_ACCT_MGMT
>(Tue Feb 14 15:11:55 2017) [sssd[pam]] [pam_print_data] (0x0100): domain: not set
>(Tue Feb 14 15:11:55 2017) [sssd[pam]] [pam_print_data] (0x0100): user: nuno
>(Tue Feb 14 15:11:55 2017) [sssd[pam]] [pam_print_data] (0x0100): service: sshd
>(Tue Feb 14 15:11:55 2017) [sssd[pam]] [pam_print_data] (0x0100): tty: ssh
>(Tue Feb 14 15:11:55 2017) [sssd[pam]] [pam_print_data] (0x0100): ruser: not set
>(Tue Feb 14 15:11:55 2017) [sssd[pam]] [pam_print_data] (0x0100): rhost: 172.16.0.10
>(Tue Feb 14 15:11:55 2017) [sssd[pam]] [pam_print_data] (0x0100): authtok type: 0
>(Tue Feb 14 15:11:55 2017) [sssd[pam]] [pam_print_data] (0x0100): newauthtok type: 0
>(Tue Feb 14 15:11:55 2017) [sssd[pam]] [pam_print_data] (0x0100): priv: 1
>(Tue Feb 14 15:11:55 2017) [sssd[pam]] [pam_print_data] (0x0100): cli_pid: 9475
>(Tue Feb 14 15:11:55 2017) [sssd[pam]] [pam_print_data] (0x0100): logon name: nuno
>(Tue Feb 14 15:11:55 2017) [sssd[pam]] [pam_check_user_search] (0x0100): Requesting info for [nuno at domain.com]
>(Tue Feb 14 15:11:55 2017) [sssd[pam]] [pam_check_user_search] (0x0400): Returning info for user [nuno at domain.com@domain.com]
>(Tue Feb 14 15:11:55 2017) [sssd[pam]] [pd_set_primary_name] (0x0400): User's primary name is nuno at domain.com
>(Tue Feb 14 15:11:55 2017) [sssd[pam]] [pam_dp_send_req] (0x0100): Sending request with the following data:
>(Tue Feb 14 15:11:55 2017) [sssd[pam]] [pam_print_data] (0x0100): command: SSS_PAM_ACCT_MGMT
>(Tue Feb 14 15:11:55 2017) [sssd[pam]] [pam_print_data] (0x0100): domain: domain.com
>(Tue Feb 14 15:11:55 2017) [sssd[pam]] [pam_print_data] (0x0100): user: nuno at domain.com
>(Tue Feb 14 15:11:55 2017) [sssd[pam]] [pam_print_data] (0x0100): service: sshd
>(Tue Feb 14 15:11:55 2017) [sssd[pam]] [pam_print_data] (0x0100): tty: ssh
>(Tue Feb 14 15:11:55 2017) [sssd[pam]] [pam_print_data] (0x0100): ruser: not set
>(Tue Feb 14 15:11:55 2017) [sssd[pam]] [pam_print_data] (0x0100): rhost: 172.16.0.10
>(Tue Feb 14 15:11:55 2017) [sssd[pam]] [pam_print_data] (0x0100): authtok type: 0
>(Tue Feb 14 15:11:55 2017) [sssd[pam]] [pam_print_data] (0x0100): newauthtok type: 0
>(Tue Feb 14 15:11:55 2017) [sssd[pam]] [pam_print_data] (0x0100): priv: 1
>(Tue Feb 14 15:11:55 2017) [sssd[pam]] [pam_print_data] (0x0100): cli_pid: 9475
>(Tue Feb 14 15:11:55 2017) [sssd[pam]] [pam_print_data] (0x0100): logon name: nuno
>(Tue Feb 14 15:11:55 2017) [sssd[pam]] [pam_dom_forwarder] (0x0100): pam_dp_send_req returned 0
>(Tue Feb 14 15:11:56 2017) [sssd[pam]] [pam_dp_process_reply] (0x0200): received: [4 (System error)][domain.com]
>(Tue Feb 14 15:11:56 2017) [sssd[pam]] [pam_reply] (0x0200): pam_reply called with result [4]: System error.
Domain log will have details on what has happened at account PAM stage.
Please provide that log, correlated by time with pam log
(15:11:55-15:11:56).

-- 
/ Alexander Bokovoy

More information about the Freeipa-users mailing list