[Freeipa-users] sshd[22490]: Failed password for invalid user

Mon Jan 9 14:40:45 UTC 2017

On Mon, Jan 09, 2017 at 11:21:00AM +0100, rajat gupta wrote:
> Hi,
> 
> Error message is changed today. but same some are able to login but most of
> the user are not. Please find the below logs form ipa2 server.
> 
> /var/log/secure
> 
> Jan  9 11:02:59 ilt-gif-ipa02 sshd[18942]: pam_sss(sshd:auth):
> authentication failure; logname= uid=0 euid=0 tty=ssh ruser=
> rhost=x.x.x.x.x user=et33015
> Jan  9 11:02:59 ilt-gif-ipa02 sshd[18942]: pam_sss(sshd:auth): received for
> user et33015: 6 (Permission denied)
> Jan  9 11:02:59 ilt-gif-ipa02 sshd[18940]: error: PAM: Authentication
> failure for et33015 from x.x.x.x.x
> 
> =================================
> 
...
> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [dp_req_done]
> (0x0400): DP Request [PAM Preauth #1074]: Request handler finished [0]:
> Success
> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [_dp_req_recv]
> (0x0400): DP Request [PAM Preauth #1074]: Receiving request data.
> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]]
> [dp_req_destructor] (0x0400): DP Request [PAM Preauth #1074]: Request
> removed.
> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]]
> [dp_req_destructor] (0x0400): Number of active DP request: 0
> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [dp_pam_reply]
> (0x1000): DP Request [PAM Preauth #1074]: Sending result [4][
> corp.corpcommon.com]
> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]]
> [child_sig_handler] (0x1000): Waiting for child [18952].
> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]]
> [child_sig_handler] (0x0100): child [18952] finished successfully.

Can you add the messages that follows here as well and the related
messages from krb5_child.log?

bye,
Sumit

> 
> 
> 
> On Mon, Jan 9, 2017 at 9:48 AM, rajat gupta <rajat.linux at gmail.com> wrote:
> 
> > few user are able to login. ipa ad-trust setup.
> >
> > ==========================
> > Jan  6 10:48:36 ilt-gif-ipa02 sshd[22490]: reverse mapping checking
> > getaddrinfo for ilp-noatun.man.cosng.net [146.213.128.135] failed -
> > POSSIBLE BREAK-IN ATTEMPT!
> > Jan  6 10:48:48 ilt-gif-ipa02 sshd[22490]: Invalid user et33015 from
> > x.x.x.x
> > Jan  6 10:48:48 ilt-gif-ipa02 sshd[22490]: input_userauth_request: invalid
> > user et33015 [preauth]
> > Jan  6 10:48:48 ilt-gif-ipa02 sshd[22490]: error: PAM: User not known to
> > the underlying authentication module for illegal user et33015 from x.x.x.x
> > Jan  6 10:48:48 ilt-gif-ipa02 sshd[22490]: Failed keyboard-interactive/pam
> > for invalid user et33015 from x.x.x.x port 51270 ssh2
> > Jan  6 10:48:56 ilt-gif-ipa02 sshd[22490]: Failed password for invalid
> > user et33015 from 146.213.128.135 port 51270 ssh2
> > Jan  6 10:49:00 ilt-gif-ipa02 sshd[22490]: Failed password for invalid
> > user et33015 from 146.213.128.135 port 51270 ssh2
> > Jan  6 10:49:02 ilt-gif-ipa02 sshd[22490]: Failed password for invalid
> > user et33015 from 146.213.128.135 port 51270 ssh2
> > Jan  6 10:49:32 ilt-gif-ipa02 sshd[22490]: Connection closed by x.x.x.x
> > [preauth]
> > ============================
> >
> > ====================
> > (Fri Jan  6 10:48:48 2017) [sssd[be[ipa.preprod.local]]]
> > [get_server_status] (0x1000): Status of server
> > 'ilt-gif-ipa01.ipa.preprod.local' is 'working'
> > (Fri Jan  6 10:48:48 2017) [sssd[be[ipa.preprod.local]]] [get_port_status]
> > (0x1000): Port status of port 0 for server 'ilt-gif-ipa01.ipa.preprod.local'
> > is 'not working'
> > (Fri Jan  6 10:48:48 2017) [sssd[be[ipa.preprod.local]]]
> > [fo_resolve_service_send] (0x0020): No available servers for service 'IPA'
> > (Fri Jan  6 10:48:48 2017) [sssd[be[ipa.preprod.local]]]
> > [be_resolve_server_done] (0x1000): Server resolution failed: [5]:
> > Input/output error
> > (Fri Jan  6 10:48:48 2017) [sssd[be[ipa.preprod.local]]]
> > [sdap_id_op_connect_done] (0x0020): Failed to connect, going offline (5
> > [Input/output error])
> > (Fri Jan  6 10:48:48 2017) [sssd[be[ipa.preprod.local]]] [be_mark_offline]
> > (0x2000): Going offline!
> > (Fri Jan  6 10:48:48 2017) [sssd[be[ipa.preprod.local]]] [be_mark_offline]
> > (0x2000): Initialize check_if_online_ptask.
> > (Fri Jan  6 10:48:48 2017) [sssd[be[ipa.preprod.local]]] [be_ptask_create]
> > (0x0400): Periodic task [Check if online (periodic)] was created
> > (Fri Jan  6 10:48:48 2017) [sssd[be[ipa.preprod.local]]]
> > [be_ptask_schedule] (0x0400): Task [Check if online (periodic)]: scheduling
> > task 72 seconds from now [1483696200]
> > (Fri Jan  6 10:48:48 2017) [sssd[be[ipa.preprod.local]]]
> > [be_run_offline_cb] (0x0080): Going offline. Running callbacks
> >
> > =================
> >
> > cat /etc/sssd/sssd.conf
> > [domain/ipa.preprod.local]
> >
> > cache_credentials = True
> > krb5_store_password_if_offline = True
> > ipa_domain = ipa.preprod.local
> > id_provider = ipa
> > auth_provider = ipa
> > access_provider = ipa
> > ipa_hostname = ilt-gif-ipa02.ipa.preprod.local
> > chpass_provider = ipa
> > ipa_server = _srv_, ilt-gif-ipa01.ipa.preprod.local
> > ldap_tls_cacert = /etc/ipa/ca.crt
> > debug_level = 9
> >
> >
> > [sssd]
> > default_domain_suffix = corp.corpcommon.com
> > services = nss, sudo, pam, ssh
> > debug_level = 9
> >
> >
> > domains = ipa.preprod.local
> > [nss]
> > override_homedir = /home/%u
> > debug_level = 9
> >
> >
> >
> > [pam]
> > debug_level = 9
> >
> >
> > [sudo]
> >
> > [autofs]
> >
> > [ssh]
> > debug_level = 9
> >
> >
> > [pac]
> >
> > [ifp]
> > ===============
> >
> > i am able to getent and  kinit for all of the AD user. but most of the
> > user are not able to login via ssh /ad-password
> >
> > getent passwd  et33015
> > et33015 at corp.corpcommon.com:*:1007629326:1007629326:Th Sub:/home/et33015:
> >
> > and
> >
> > kinit et33015 at CORP.CORPCOMMON.COM <http://corp.corpcommon.com/>
> >
> >
> >
> 
> 
> -- 
> 
> *Rajat Gupta *

> -- 
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project