I enrolled my client using below command previously it was working for other old freeipa server with 3.0 version, Now I enrolled this client 3.0 version with new IPA server with version 4.6.
ipa-client-install --mkhomedir --server=ipa1.example.com --domain= example.com Below are config currently on my client machine *england-web-dev:/home/ansible # *cat /etc/pam.d/sshd #%PAM-1.0 auth required pam_sepermit.so auth include password-auth account required pam_nologin.so account include password-auth password include password-auth # pam_selinux.so close should be the first session rule session required pam_selinux.so close session required pam_loginuid.so # pam_selinux.so open should only be followed by sessions to be executed in the user context session required pam_selinux.so open env_params session optional pam_keyinit.so force revoke session include password-auth *england-web-dev:/home/ansible # *cat /etc/pam.d/password-auth #%PAM-1.0 # This file is auto-generated. # User changes will be destroyed the next time authconfig is run. auth required pam_env.so auth sufficient pam_unix.so nullok try_first_pass auth requisite pam_succeed_if.so uid >= 500 quiet auth required pam_deny.so account required pam_unix.so account sufficient pam_localuser.so account sufficient pam_succeed_if.so uid < 500 quiet account required pam_permit.so password requisite pam_cracklib.so try_first_pass retry=3 type= password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok password required pam_deny.so session optional pam_keyinit.so revoke session required pam_limits.so session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid session required pam_unix.so On Mon, Mar 23, 2020 at 1:14 AM Alexander Bokovoy <[email protected]> wrote: > On ma, 23 maalis 2020, Faraz Younus via FreeIPA-users wrote: > >I'm not getting logs on sssd while accessing ssh however I'm getting logs > >in secure logs, it is looking for linux user > > How did you enroll this machine? What distribution does it run? > > Then you need to check your pam configuration for ssh server to see what > is there. On RHEL/Fedora it is /etc/pam.d/sshd. If it has > > auth substack password-auth > auth include postlogin > > then /etc/pam.d/password-auth defines what authentication is used. > > There should be pam_sss mentioned. > > For details see manual page for pam.d(5). > -- > / Alexander Bokovoy > Sr. Principal Software Engineer > Security / Identity Management Engineering > Red Hat Limited, Finland > >
_______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
