Thanks, but when I trying to use admin user (default user created by IPA), I am able to login. The issue is happening only with new users we are trying to create.
=== TEST user Login Logs: (Thu Mar 26 19:30:51 2015) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0100): Requesting info for [[email protected]] (Thu Mar 26 19:30:51 2015) [sssd[be[sd.int]]] [be_get_account_info] (0x0100): Got request for [4097][1][name=test] (Thu Mar 26 19:30:51 2015) [sssd[be[sd.int]]] [sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not parse domain SID from [(null)] (Thu Mar 26 19:30:51 2015) [sssd[be[sd.int]]] [sdap_attrs_get_sid_str] (0x0080): No [objectSIDString] attribute while id-mapping. [0][Success] (Thu Mar 26 19:30:51 2015) [sssd[be[sd.int]]] [sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not parse domain SID from [(null)] (Thu Mar 26 19:30:51 2015) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0100): Requesting info for [[email protected]] (Thu Mar 26 19:30:51 2015) [sssd[nss]] [nss_cmd_getbynam] (0x0100): Requesting info for [test] from [<ALL>] (Thu Mar 26 19:30:51 2015) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0100): Requesting info for [[email protected]] (Thu Mar 26 19:30:51 2015) [sssd[nss]] [nss_cmd_getbynam] (0x0100): Requesting info for [test] from [<ALL>] (Thu Mar 26 19:30:51 2015) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0100): Requesting info for [[email protected]] (Thu Mar 26 19:30:51 2015) [sssd[pam]] [pam_cmd_authenticate] (0x0100): entering pam_cmd_authenticate (Thu Mar 26 19:30:51 2015) [sssd[pam]] [pam_print_data] (0x0100): command: PAM_AUTHENTICATE (Thu Mar 26 19:30:51 2015) [sssd[pam]] [pam_print_data] (0x0100): domain: not set (Thu Mar 26 19:30:51 2015) [sssd[pam]] [pam_print_data] (0x0100): user: test (Thu Mar 26 19:30:51 2015) [sssd[pam]] [pam_print_data] (0x0100): service: sshd (Thu Mar 26 19:30:51 2015) [sssd[pam]] [pam_print_data] (0x0100): tty: ssh (Thu Mar 26 19:30:51 2015) [sssd[pam]] [pam_print_data] (0x0100): ruser: not set (Thu Mar 26 19:30:51 2015) [sssd[pam]] [pam_print_data] (0x0100): rhost: 125.63.90.34 (Thu Mar 26 19:30:51 2015) [sssd[pam]] [pam_print_data] (0x0100): authtok type: 1 (Thu Mar 26 19:30:51 2015) [sssd[pam]] [pam_print_data] (0x0100): newauthtok type: 0 (Thu Mar 26 19:30:51 2015) [sssd[pam]] [pam_print_data] (0x0100): priv: 1 (Thu Mar 26 19:30:51 2015) [sssd[pam]] [pam_print_data] (0x0100): cli_pid: 13615 (Thu Mar 26 19:30:51 2015) [sssd[be[sd.int]]] [acctinfo_callback] (0x0100): Request processed. Returned 0,0,Success (Thu Mar 26 19:30:51 2015) [sssd[be[sd.int]]] [be_get_account_info] (0x0100): Got request for [3][1][name=test] (Thu Mar 26 19:30:51 2015) [sssd[be[sd.int]]] [sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not parse domain SID from [(null)] (Thu Mar 26 19:30:51 2015) [sssd[be[sd.int]]] [sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not parse domain SID from [(null)] (Thu Mar 26 19:30:51 2015) [sssd[be[sd.int]]] [sdap_attrs_get_sid_str] (0x0080): No [objectSIDString] attribute while id-mapping. [0][Success] (Thu Mar 26 19:30:51 2015) [sssd[be[sd.int]]] [sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not parse domain SID from [(null)] (Thu Mar 26 19:30:51 2015) [sssd[be[sd.int]]] [sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not parse domain SID from [(null)] (Thu Mar 26 19:30:51 2015) [sssd[be[sd.int]]] [sdap_attrs_get_sid_str] (0x0080): No [objectSIDString] attribute while id-mapping. [0][Success] (Thu Mar 26 19:30:51 2015) [sssd[be[sd.int]]] [sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not parse domain SID from [(null)] (Thu Mar 26 19:30:51 2015) [sssd[pam]] [pam_check_user_search] (0x0100): Requesting info for [[email protected]] (Thu Mar 26 19:30:51 2015) [sssd[pam]] [pam_dp_send_req] (0x0100): Sending request with the following data: (Thu Mar 26 19:30:51 2015) [sssd[pam]] [pam_print_data] (0x0100): command: PAM_AUTHENTICATE (Thu Mar 26 19:30:51 2015) [sssd[pam]] [pam_print_data] (0x0100): domain: sd.int (Thu Mar 26 19:30:51 2015) [sssd[pam]] [pam_print_data] (0x0100): user: test (Thu Mar 26 19:30:51 2015) [sssd[pam]] [pam_print_data] (0x0100): service: sshd (Thu Mar 26 19:30:51 2015) [sssd[pam]] [pam_print_data] (0x0100): tty: ssh (Thu Mar 26 19:30:51 2015) [sssd[pam]] [pam_print_data] (0x0100): ruser: not set (Thu Mar 26 19:30:51 2015) [sssd[pam]] [pam_print_data] (0x0100): rhost: 125.63.90.34 (Thu Mar 26 19:30:51 2015) [sssd[pam]] [pam_print_data] (0x0100): authtok type: 1 (Thu Mar 26 19:30:51 2015) [sssd[pam]] [pam_print_data] (0x0100): newauthtok type: 0 (Thu Mar 26 19:30:51 2015) [sssd[pam]] [pam_print_data] (0x0100): priv: 1 (Thu Mar 26 19:30:51 2015) [sssd[pam]] [pam_print_data] (0x0100): cli_pid: 13615 (Thu Mar 26 19:30:51 2015) [sssd[pam]] [pam_dom_forwarder] (0x0100): pam_dp_send_req returned 0 (Thu Mar 26 19:30:51 2015) [sssd[be[sd.int]]] [acctinfo_callback] (0x0100): Request processed. Returned 0,0,Success (Thu Mar 26 19:30:51 2015) [sssd[be[sd.int]]] [be_pam_handler] (0x0100): Got request with the following data (Thu Mar 26 19:30:51 2015) [sssd[be[sd.int]]] [pam_print_data] (0x0100): command: PAM_AUTHENTICATE (Thu Mar 26 19:30:51 2015) [sssd[be[sd.int]]] [pam_print_data] (0x0100): domain: sd.int (Thu Mar 26 19:30:51 2015) [sssd[be[sd.int]]] [pam_print_data] (0x0100): user: test (Thu Mar 26 19:30:51 2015) [sssd[be[sd.int]]] [pam_print_data] (0x0100): service: sshd (Thu Mar 26 19:30:51 2015) [sssd[be[sd.int]]] [pam_print_data] (0x0100): tty: ssh (Thu Mar 26 19:30:51 2015) [sssd[be[sd.int]]] [pam_print_data] (0x0100): ruser: (Thu Mar 26 19:30:51 2015) [sssd[be[sd.int]]] [pam_print_data] (0x0100): rhost: 125.63.90.34 (Thu Mar 26 19:30:51 2015) [sssd[be[sd.int]]] [pam_print_data] (0x0100): authtok type: 1 (Thu Mar 26 19:30:51 2015) [sssd[be[sd.int]]] [pam_print_data] (0x0100): newauthtok type: 0 (Thu Mar 26 19:30:51 2015) [sssd[be[sd.int]]] [pam_print_data] (0x0100): priv: 1 (Thu Mar 26 19:30:51 2015) [sssd[be[sd.int]]] [pam_print_data] (0x0100): cli_pid: 13615 (Thu Mar 26 19:30:51 2015) [sssd[be[sd.int]]] [fo_resolve_service_send] (0x0100): Trying to resolve service 'IPA' (Thu Mar 26 19:30:51 2015) [[sssd[krb5_child[13625]]]] [unpack_buffer] (0x0100): cmd [241] uid [1312800003] gid [1312800003] validate [true] enterprise principal [false] offline [false] UPN [[email protected]] (Thu Mar 26 19:30:51 2015) [[sssd[krb5_child[13625]]]] [unpack_buffer] (0x0100): ccname: [FILE:/tmp/krb5cc_1312800003_XXXXXX] keytab: [/etc/krb5.keytab] (Thu Mar 26 19:30:51 2015) [[sssd[krb5_child[13625]]]] [set_lifetime_options] (0x0100): Cannot read [SSSD_KRB5_RENEWABLE_LIFETIME] from environment. (Thu Mar 26 19:30:51 2015) [[sssd[krb5_child[13625]]]] [set_lifetime_options] (0x0100): Cannot read [SSSD_KRB5_LIFETIME] from environment. (Thu Mar 26 19:30:51 2015) [[sssd[krb5_child[13625]]]] [set_canonicalize_option] (0x0100): SSSD_KRB5_CANONICALIZE is set to [true] (Thu Mar 26 19:30:51 2015) [[sssd[krb5_child[13625]]]] [k5c_setup_fast] (0x0100): SSSD_KRB5_FAST_PRINCIPAL is set to [host/ [email protected]] (Thu Mar 26 19:30:52 2015) [sssd] [service_send_ping] (0x0100): Pinging sd.int (Thu Mar 26 19:30:52 2015) [sssd] [service_send_ping] (0x0100): Pinging nss (Thu Mar 26 19:30:52 2015) [sssd] [service_send_ping] (0x0100): Pinging pam (Thu Mar 26 19:30:52 2015) [sssd] [service_send_ping] (0x0100): Pinging ssh (Thu Mar 26 19:30:52 2015) [sssd] [service_send_ping] (0x0100): Pinging pac (Thu Mar 26 19:30:52 2015) [sssd] [ping_check] (0x0100): Service pam replied to ping (Thu Mar 26 19:30:52 2015) [sssd] [ping_check] (0x0100): Service ssh replied to ping (Thu Mar 26 19:30:52 2015) [sssd] [ping_check] (0x0100): Service pac replied to ping (Thu Mar 26 19:30:52 2015) [sssd] [ping_check] (0x0100): Service nss replied to ping (Thu Mar 26 19:30:52 2015) [sssd] [ping_check] (0x0100): Service sd.int replied to ping (Thu Mar 26 19:30:52 2015) [[sssd[krb5_child[13625]]]] [get_and_save_tgt] (0x0020): 981: [-1765328361][Password has expired] (Thu Mar 26 19:30:55 2015) [[sssd[krb5_child[13625]]]] [map_krb5_error] (0x0020): 1043: [-1765328360][Preauthentication failed] (Thu Mar 26 19:30:55 2015) [sssd[be[sd.int]]] [child_sig_handler] (0x0100): child [13625] finished successfully. (Thu Mar 26 19:30:55 2015) [sssd[be[sd.int]]] [ipa_get_migration_flag_done] (0x0100): Password migration is not enabled. (Thu Mar 26 19:30:55 2015) [sssd[be[sd.int]]] [be_pam_handler_callback] (0x0100): Backend returned: (0, 17, <NULL>) [Success] (Thu Mar 26 19:30:55 2015) [sssd[be[sd.int]]] [be_pam_handler_callback] (0x0100): Sending result [17][sd.int] (Thu Mar 26 19:30:55 2015) [sssd[be[sd.int]]] [be_pam_handler_callback] (0x0100): Sent result [17][sd.int] (Thu Mar 26 19:30:55 2015) [sssd[pam]] [pam_dp_process_reply] (0x0100): received: [17][sd.int] (Thu Mar 26 19:31:02 2015) [sssd] [service_send_ping] (0x0100): Pinging sd.int (Thu Mar 26 19:31:02 2015) [sssd] [service_send_ping] (0x0100): Pinging nss (Thu Mar 26 19:31:02 2015) [sssd] [service_send_ping] (0x0100): Pinging pam (Thu Mar 26 19:31:02 2015) [sssd] [service_send_ping] (0x0100): Pinging ssh (Thu Mar 26 19:31:02 2015) [sssd] [service_send_ping] (0x0100): Pinging pac (Thu Mar 26 19:31:02 2015) [sssd] [ping_check] (0x0100): Service pam replied to ping (Thu Mar 26 19:31:02 2015) [sssd] [ping_check] (0x0100): Service ssh replied to ping (Thu Mar 26 19:31:02 2015) [sssd] [ping_check] (0x0100): Service pac replied to ping (Thu Mar 26 19:31:02 2015) [sssd] [ping_check] (0x0100): Service nss replied to ping (Thu Mar 26 19:31:02 2015) [sssd] [ping_check] (0x0100): Service sd.int replied to ping ADMIN User Logs: (Thu Mar 26 19:33:45 2015) [sssd[pam]] [pam_check_user_search] (0x0100): Requesting info for [[email protected]] (Thu Mar 26 19:33:45 2015) [sssd[pam]] [pam_dp_send_req] (0x0100): Sending request with the following data: (Thu Mar 26 19:33:45 2015) [sssd[pam]] [pam_print_data] (0x0100): command: PAM_OPEN_SESSION (Thu Mar 26 19:33:45 2015) [sssd[pam]] [pam_print_data] (0x0100): domain: sd.int (Thu Mar 26 19:33:45 2015) [sssd[pam]] [pam_print_data] (0x0100): user: admin (Thu Mar 26 19:33:45 2015) [sssd[pam]] [pam_print_data] (0x0100): service: sshd (Thu Mar 26 19:33:45 2015) [sssd[pam]] [pam_print_data] (0x0100): tty: ssh (Thu Mar 26 19:33:45 2015) [sssd[pam]] [pam_print_data] (0x0100): ruser: not set (Thu Mar 26 19:33:45 2015) [sssd[pam]] [pam_print_data] (0x0100): rhost: 125.63.90.34 (Thu Mar 26 19:33:45 2015) [sssd[pam]] [pam_print_data] (0x0100): authtok type: 0 (Thu Mar 26 19:33:45 2015) [sssd[pam]] [pam_print_data] (0x0100): newauthtok type: 0 (Thu Mar 26 19:33:45 2015) [sssd[pam]] [pam_print_data] (0x0100): priv: 1 (Thu Mar 26 19:33:45 2015) [sssd[pam]] [pam_print_data] (0x0100): cli_pid: 13644 (Thu Mar 26 19:33:45 2015) [sssd[pam]] [pam_dom_forwarder] (0x0100): pam_dp_send_req returned 0 (Thu Mar 26 19:33:45 2015) [sssd[be[sd.int]]] [be_pam_handler] (0x0100): Got request with the following data (Thu Mar 26 19:33:45 2015) [sssd[be[sd.int]]] [pam_print_data] (0x0100): command: PAM_OPEN_SESSION (Thu Mar 26 19:33:45 2015) [sssd[be[sd.int]]] [pam_print_data] (0x0100): domain: sd.int (Thu Mar 26 19:33:45 2015) [sssd[be[sd.int]]] [pam_print_data] (0x0100): user: admin (Thu Mar 26 19:33:45 2015) [sssd[be[sd.int]]] [pam_print_data] (0x0100): service: sshd (Thu Mar 26 19:33:45 2015) [sssd[be[sd.int]]] [pam_print_data] (0x0100): tty: ssh (Thu Mar 26 19:33:45 2015) [sssd[be[sd.int]]] [pam_print_data] (0x0100): ruser: (Thu Mar 26 19:33:45 2015) [sssd[be[sd.int]]] [pam_print_data] (0x0100): rhost: 125.63.90.34 (Thu Mar 26 19:33:45 2015) [sssd[be[sd.int]]] [pam_print_data] (0x0100): authtok type: 0 (Thu Mar 26 19:33:45 2015) [sssd[be[sd.int]]] [pam_print_data] (0x0100): newauthtok type: 0 (Thu Mar 26 19:33:45 2015) [sssd[be[sd.int]]] [pam_print_data] (0x0100): priv: 1 (Thu Mar 26 19:33:45 2015) [sssd[be[sd.int]]] [pam_print_data] (0x0100): cli_pid: 13644 (Thu Mar 26 19:33:45 2015) [sssd[be[sd.int]]] [be_pam_handler] (0x0100): Sending result [0][sd.int] (Thu Mar 26 19:33:45 2015) [sssd[pam]] [pam_dp_process_reply] (0x0100): received: [0][sd.int] (Thu Mar 26 19:33:45 2015) [sssd[nss]] [nss_cmd_getbynam] (0x0100): Requesting info for [admin] from [<ALL>] (Thu Mar 26 19:33:45 2015) [sssd[nss]] [nss_cmd_initgroups_search] (0x0100): Requesting info for [[email protected]] (Thu Mar 26 19:33:45 2015) [sssd[pam]] [pam_cmd_setcred] (0x0100): entering pam_cmd_setcred (Thu Mar 26 19:33:45 2015) [sssd[pam]] [pam_print_data] (0x0100): command: PAM_SETCRED (Thu Mar 26 19:33:45 2015) [sssd[pam]] [pam_print_data] (0x0100): domain: not set (Thu Mar 26 19:33:45 2015) [sssd[pam]] [pam_print_data] (0x0100): user: admin (Thu Mar 26 19:33:45 2015) [sssd[pam]] [pam_print_data] (0x0100): service: sshd (Thu Mar 26 19:33:45 2015) [sssd[pam]] [pam_print_data] (0x0100): tty: ssh (Thu Mar 26 19:33:45 2015) [sssd[pam]] [pam_print_data] (0x0100): ruser: not set (Thu Mar 26 19:33:45 2015) [sssd[pam]] [pam_print_data] (0x0100): rhost: 125.63.90.34 (Thu Mar 26 19:33:45 2015) [sssd[pam]] [pam_print_data] (0x0100): authtok type: 0 (Thu Mar 26 19:33:45 2015) [sssd[pam]] [pam_print_data] (0x0100): newauthtok type: 0 (Thu Mar 26 19:33:45 2015) [sssd[pam]] [pam_print_data] (0x0100): priv: 0 (Thu Mar 26 19:33:45 2015) [sssd[pam]] [pam_print_data] (0x0100): cli_pid: 13648 (Thu Mar 26 19:33:45 2015) [sssd[pam]] [pam_check_user_search] (0x0100): Requesting info for [[email protected]] (Thu Mar 26 19:33:45 2015) [sssd[pam]] [pam_dp_send_req] (0x0100): Sending request with the following data: (Thu Mar 26 19:33:45 2015) [sssd[pam]] [pam_print_data] (0x0100): command: PAM_SETCRED (Thu Mar 26 19:33:45 2015) [sssd[pam]] [pam_print_data] (0x0100): domain: sd.int (Thu Mar 26 19:33:45 2015) [sssd[pam]] [pam_print_data] (0x0100): user: admin (Thu Mar 26 19:33:45 2015) [sssd[pam]] [pam_print_data] (0x0100): service: sshd (Thu Mar 26 19:33:45 2015) [sssd[pam]] [pam_print_data] (0x0100): tty: ssh (Thu Mar 26 19:33:45 2015) [sssd[pam]] [pam_print_data] (0x0100): ruser: not set (Thu Mar 26 19:33:45 2015) [sssd[pam]] [pam_print_data] (0x0100): rhost: 125.63.90.34 (Thu Mar 26 19:33:45 2015) [sssd[pam]] [pam_print_data] (0x0100): authtok type: 0 (Thu Mar 26 19:33:45 2015) [sssd[pam]] [pam_print_data] (0x0100): newauthtok type: 0 (Thu Mar 26 19:33:45 2015) [sssd[pam]] [pam_print_data] (0x0100): priv: 0 (Thu Mar 26 19:33:45 2015) [sssd[pam]] [pam_print_data] (0x0100): cli_pid: 13648 (Thu Mar 26 19:33:45 2015) [sssd[pam]] [pam_dom_forwarder] (0x0100): pam_dp_send_req returned 0 (Thu Mar 26 19:33:45 2015) [sssd[be[sd.int]]] [be_pam_handler] (0x0100): Got request with the following data (Thu Mar 26 19:33:45 2015) [sssd[be[sd.int]]] [pam_print_data] (0x0100): command: PAM_SETCRED (Thu Mar 26 19:33:45 2015) [sssd[be[sd.int]]] [pam_print_data] (0x0100): domain: sd.int (Thu Mar 26 19:33:45 2015) [sssd[be[sd.int]]] [pam_print_data] (0x0100): user: admin (Thu Mar 26 19:33:45 2015) [sssd[be[sd.int]]] [pam_print_data] (0x0100): service: sshd (Thu Mar 26 19:33:45 2015) [sssd[be[sd.int]]] [pam_print_data] (0x0100): tty: ssh (Thu Mar 26 19:33:45 2015) [sssd[be[sd.int]]] [pam_print_data] (0x0100): ruser: (Thu Mar 26 19:33:45 2015) [sssd[be[sd.int]]] [pam_print_data] (0x0100): rhost: 125.63.90.34 (Thu Mar 26 19:33:45 2015) [sssd[be[sd.int]]] [pam_print_data] (0x0100): authtok type: 0 (Thu Mar 26 19:33:45 2015) [sssd[be[sd.int]]] [pam_print_data] (0x0100): newauthtok type: 0 (Thu Mar 26 19:33:45 2015) [sssd[be[sd.int]]] [pam_print_data] (0x0100): priv: 0 (Thu Mar 26 19:33:45 2015) [sssd[be[sd.int]]] [pam_print_data] (0x0100): cli_pid: 13648 (Thu Mar 26 19:33:45 2015) [sssd[be[sd.int]]] [be_pam_handler] (0x0100): Sending result [0][sd.int] (Thu Mar 26 19:33:45 2015) [sssd[pam]] [pam_dp_process_reply] (0x0100): received: [0][sd.int] (Thu Mar 26 19:33:46 2015) [sssd[nss]] [nss_cmd_getbynam] (0x0100): Requesting info for [admin] from [<ALL>] (Thu Mar 26 19:33:46 2015) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0100): Requesting info for [[email protected]] (Thu Mar 26 19:33:46 2015) [sssd[nss]] [nss_cmd_getgrgid_search] (0x0100): Requesting info for [[email protected]] (Thu Mar 26 19:33:46 2015) [sssd[nss]] [nss_cmd_getgrgid_search] (0x0080): No matching domain found for [1312800000] ==== *Best Regards,__________________________________________* *Yogesh Sharma* *Email: [email protected] <[email protected]> | Web: www.initd.in <http://www.initd.in>* RHCE, VCE-CIA, RackSpace Cloud U [image: My LinkedIn Profile] <http://in.linkedin.com/in/yks0000> On Thu, Mar 26, 2015 at 7:10 PM, Simo Sorce <[email protected]> wrote: > On Thu, 2015-03-26 at 15:42 +0530, Yogesh Sharma wrote: > > Hi, > > > > We are getting error while trying to ssh using users created in IPA > > server. > > > > root@yogesh-ubuntu-pc:~# ssh -vvv [email protected] > > You should use the machine's fully qualified name if you want to login > using GSSAPI/Krb5, an IP address cannot be resolved to a proper key as > keys are registerd into the KDC as > host/machine.fully.qualified.name@REALM. > > It's the same thing as with HTTPS, the client need to know the "name" of > the server in order to be able to properly communicate with it. > > Simo. > > -- > Simo Sorce * Red Hat, Inc * New York > >
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
