<html>
  <head>
    <meta content="text/html; charset=ISO-8859-1"
      http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    On 01/04/2014 06:13 PM, Genadi Postrilko wrote:
    <blockquote
cite="mid:CAPP+0vK4DmW9kZK7gvYMQqkrt2r82y2iNkW4U1QSyM+xGtWGUA@mail.gmail.com"
      type="cite">
      <div dir="rtl">
        <div dir="ltr">Output from /var/log/secure:<br>
          <br>
          Jan  4 15:03:02 ipaserver sshd[5958]: Invalid user <a
            moz-do-not-send="true" href="mailto:Administrator@ADDC.COM">Administrator@ADDC.COM</a>
          from 192.168.227.1<br>
          Jan  4 15:03:02 ipaserver sshd[5959]: input_userauth_request:
          invalid user <a moz-do-not-send="true"
            href="mailto:Administrator@ADDC.COM">Administrator@ADDC.COM</a><br>
          Jan  4 15:03:06 ipaserver sshd[5958]: pam_unix(sshd:auth):
          check pass; user unknown<br>
          Jan  4 15:03:06 ipaserver sshd[5958]: pam_unix(sshd:auth):
          authentication failure; logname= uid=0 euid=0 tty=ssh ruser=
          rhost=192.168.227.1<br>
          Jan  4 15:03:06 ipaserver sshd[5958]:
          pam_succeed_if(sshd:auth): error retrieving information about
          user <a moz-do-not-send="true"
            href="mailto:Administrator@ADDC.COM">Administrator@ADDC.COM</a><br>
          Jan  4 15:03:08 ipaserver sshd[5958]: Failed password for
          invalid user <a moz-do-not-send="true"
            href="mailto:Administrator@ADDC.COM">Administrator@ADDC.COM</a>
          from 192.168.227.1 port 53125 ssh2<br>
        </div>
      </div>
    </blockquote>
    <br>
    I do not see SSSD doing auth.<br>
    Is pam_sss configured for PAM for SSH?<br>
    See more details here:<br>
<a class="moz-txt-link-freetext" href="https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html-single/Identity_Management_Guide/index.html#installing-host-keys">https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html-single/Identity_Management_Guide/index.html#installing-host-keys</a><br>
<a class="moz-txt-link-freetext" href="http://www.freeipa.org/images/1/10/Freeipa30_SSSD_OpenSSH_integration.pdf">http://www.freeipa.org/images/1/10/Freeipa30_SSSD_OpenSSH_integration.pdf</a><br>
    <br>
    I do not see simple HowTo to configure SSH to use SSSD for cases
    when ipa-client-install is not used. May be we should provide one.<br>
    The expectation is:<br>
    You install IPA, create trust, join client to IPA using
    ipa-client-install and it configures everything you need.<br>
    The order of last two steps can be reversed but the result should be
    the same.<br>
    <br>
    <blockquote
cite="mid:CAPP+0vK4DmW9kZK7gvYMQqkrt2r82y2iNkW4U1QSyM+xGtWGUA@mail.gmail.com"
      type="cite">
      <div dir="rtl">
        <div dir="ltr">
          <br>
        </div>
      </div>
      <div class="gmail_extra">
        <div dir="ltr"><br>
          <br>
          <div class="gmail_quote">2014/1/3 Genadi Postrilko <span
              dir="ltr"><<a moz-do-not-send="true"
                href="mailto:genadipost@gmail.com" target="_blank">genadipost@gmail.com</a>></span><br>
            <blockquote class="gmail_quote" style="margin:0
              .8ex;border-left:1px #ccc solid;border-right:1px #ccc
              solid;padding-left:1ex;padding-right:1ex">
              <div dir="rtl">
                <div dir="ltr">Here are the other logs as well
                  (ldap_child.log, sssd_pac.log, sssd_ssh.log).<br>
                  <br>
                  <a moz-do-not-send="true"
                    href="https://gist.github.com/anonymous/8242061"
                    target="_blank">https://gist.github.com/anonymous/8242061</a><br>
                  <br>
                </div>
                <div dir="ltr">I attempted to log in (as <a
                    moz-do-not-send="true"
                    href="mailto:Administrator@ADDC.COM" target="_blank">Administrator@ADDC.COM</a>)
                  at 9:04.<br>
                  <br>
                </div>
                <div dir="ltr">Thanks for the help.<br>
                </div>
              </div>
            </blockquote>
          </div>
        </div>
      </div>
      <br>
      <fieldset class="mimeAttachmentHeader"></fieldset>
      <br>
      <pre wrap="">_______________________________________________
Freeipa-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Freeipa-users@redhat.com">Freeipa-users@redhat.com</a>
<a class="moz-txt-link-freetext" href="https://www.redhat.com/mailman/listinfo/freeipa-users">https://www.redhat.com/mailman/listinfo/freeipa-users</a></pre>
    </blockquote>
    <br>
    <br>
    <pre class="moz-signature" cols="72">-- 
Thank you,
Dmitri Pal

Sr. Engineering Manager for IdM portfolio
Red Hat Inc.


-------------------------------
Looking to carve out IT costs?
<a class="moz-txt-link-abbreviated" href="http://www.redhat.com/carveoutcosts/">www.redhat.com/carveoutcosts/</a>


</pre>
  </body>
</html>