What is content of the log when SSSD is doing auth? When i log in with IPA domain client, the output of the log is (anything non standard?):
Jan 5 12:08:37 ipaserver sshd[24434]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.227.1 user= [email protected] Jan 5 12:08:37 ipaserver sshd[24434]: pam_sss(sshd:auth): authentication success; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.227.1 user= [email protected] Jan 5 12:08:37 ipaserver sshd[24434]: Accepted password for [email protected] 192.168.227.1 port 57144 ssh2 Jan 5 12:08:37 ipaserver sshd[24434]: pam_unix(sshd:session): session opened for user [email protected] by (uid=0) Here is the /etc/pam.d/system-auth file : https://gist.github.com/anonymous/8273507 it does contains pam_sss.so module. When i created the the environment, first i installed the IPA server, then joined the IPA clients and finally created the trust. 2014/1/5 Dmitri Pal <[email protected]> > On 01/04/2014 06:13 PM, Genadi Postrilko wrote: > > Output from /var/log/secure: > > Jan 4 15:03:02 ipaserver sshd[5958]: Invalid user [email protected] > 192.168.227.1 > Jan 4 15:03:02 ipaserver sshd[5959]: input_userauth_request: invalid user > [email protected] > Jan 4 15:03:06 ipaserver sshd[5958]: pam_unix(sshd:auth): check pass; > user unknown > Jan 4 15:03:06 ipaserver sshd[5958]: pam_unix(sshd:auth): authentication > failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.227.1 > Jan 4 15:03:06 ipaserver sshd[5958]: pam_succeed_if(sshd:auth): error > retrieving information about user [email protected] > Jan 4 15:03:08 ipaserver sshd[5958]: Failed password for invalid user > [email protected] from 192.168.227.1 port 53125 ssh2 > > > I do not see SSSD doing auth. > Is pam_sss configured for PAM for SSH? > See more details here: > > https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html-single/Identity_Management_Guide/index.html#installing-host-keys > http://www.freeipa.org/images/1/10/Freeipa30_SSSD_OpenSSH_integration.pdf > > I do not see simple HowTo to configure SSH to use SSSD for cases when > ipa-client-install is not used. May be we should provide one. > The expectation is: > You install IPA, create trust, join client to IPA using ipa-client-install > and it configures everything you need. > The order of last two steps can be reversed but the result should be the > same. > > > > > 2014/1/3 Genadi Postrilko <[email protected]> > >> Here are the other logs as well (ldap_child.log, sssd_pac.log, >> sssd_ssh.log). >> >> https://gist.github.com/anonymous/8242061 >> >> I attempted to log in (as [email protected]) at 9:04. >> >> Thanks for the help. >> > > > _______________________________________________ > Freeipa-users mailing > [email protected]https://www.redhat.com/mailman/listinfo/freeipa-users > > > > -- > Thank you, > Dmitri Pal > > Sr. Engineering Manager for IdM portfolio > Red Hat Inc. > > > ------------------------------- > Looking to carve out IT costs?www.redhat.com/carveoutcosts/ > > > _______________________________________________ > Freeipa-users mailing list > [email protected] > https://www.redhat.com/mailman/listinfo/freeipa-users >
_______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
