After running fedora update, I am unable to log-in into the cocpit-ws and I am not sure what went wrong. I am using FreeIPA, (installed on the same machine). I am able to ssh to the box using ipa credentials or freeIPA dashboard without issue. But cocpit gives me "wrong username or password" Errors I'm getting in journal 'couldn't read from connection: Peer sent fatal TLS alert: Unknown certificate'
Maybe someone had similar issue or some ideas where to start debugging it ? Log snippet when I am trying to log in: myserver.domain.com audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=cockpit comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' myserver.domain.com cockpit-ws[13295]: Using certificate: /etc/cockpit/ws-certs.d/0-self-signed.cert myserver.domain.com cockpit-ws[13295]: couldn't read from connection: Peer sent fatal TLS alert: Unknown certificate myserver.domain.com cockpit-session[13298]: pam_sss(cockpit:auth): authentication success; logname= uid=0 euid=0 tty= ruser= rhost=10.0.5.44 user=myuser myserver.domain.com audit[13298]: USER_AUTH pid=13298 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:authentication grantors=pam_succeed_if,pam_succeed_if,pam_sss acct="myuser" exe="/usr/libexec/cockpit-session" hostname=10.0.5.44 addr=10.0.5.44 terminal=? res=success' myserver.domain.com audit[13298]: USER_ACCT pid=13298 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:accounting grantors=pam_unix,pam_sss,pam_permit acct="myuser" exe="/usr/libexec/cockpit-session" hostname=10.0.5.44 addr=10.0.5.44 terminal=? res=success' myserver.domain.com audit[13298]: CRED_ACQ pid=13298 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:setcred grantors=pam_localuser,pam_sss acct="myuser" exe="/usr/libexec/cockpit-session" hostname=10.0.5.44 addr=10.0.5.44 terminal=? res=success' myserver.domain.com cockpit-session[13298]: pam_ssh_add: Identity added: /home/myuser/.ssh/id_rsa (myuser(a)myserver.domain.com) myserver.domain.com systemd-logind[1067]: New session 39 of user myuser. -- Subject: A new session 39 has been created for user myuser -- Defined-By: systemd -- Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel -- Documentation: https://www.freedesktop.org/wiki/Software/systemd/multiseat -- -- A new session with the ID 39 has been created for the user myuser. -- -- The leading process of the session is 13298. myserver.domain.com systemd[1]: Started Session 39 of user myuser. -- Subject: Unit session-39.scope has finished start-up -- Defined-By: systemd -- Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit session-39.scope has finished starting up. -- -- The start-up result is done. myserver.domain.com cockpit-session[13298]: pam_unix(cockpit:session): session opened for user myuser by (uid=0) myserver.domain.com audit[13298]: USER_START pid=13298 uid=0 auid=1907400001 ses=39 msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_selinux,pam_keyinit,pam_ssh_add,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_sss,pam_umask,pam_lastlog acct="myuser" exe="/usr/libexec/cockpit-sessi> myserver.domain.com audit[13298]: CRED_REFR pid=13298 uid=0 auid=1907400001 ses=39 msg='op=PAM:setcred grantors=pam_localuser,pam_sss acct="myuser" exe="/usr/libexec/cockpit-session" hostname=10.0.5.44 addr=10.0.5.44 terminal=? res=success' myserver.domain.com cockpit-ws[13295]: 3: Permission denied. myserver.domain.com audit[13298]: CRED_DISP pid=13298 uid=0 auid=1907400001 ses=39 msg='op=PAM:setcred grantors=pam_localuser,pam_sss acct="myuser" exe="/usr/libexec/cockpit-session" hostname=10.0.5.44 addr=10.0.5.44 terminal=? res=success' myserver.domain.com cockpit-session[13298]: pam_unix(cockpit:session): session closed for user myuser myserver.domain.com audit[13298]: USER_END pid=13298 uid=0 auid=1907400001 ses=39 msg='op=PAM:session_close grantors=pam_selinux,pam_loginuid,pam_selinux,pam_keyinit,pam_ssh_add,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_sss,pam_umask,pam_lastlog acct="myuser" exe="/usr/libexec/cockpit-sessio> myserver.domain.com systemd-logind[1067]: Session 39 logged out. Waiting for processes to exit. myserver.domain.com systemd-logind[1067]: Removed session 39. -- Subject: Session 39 has been terminated -- Defined-By: systemd -- Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel -- Documentation: https://www.freedesktop.org/wiki/Software/systemd/multiseat -- -- A session with the ID 39 has been terminated. _______________________________________________ cockpit-devel mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
