I have tried with FQDN of host also as registered, but error remain same: (Thu Mar 26 19:43:01 2015) [[sssd[krb5_child[13730]]]] [unpack_buffer] (0x0100): cmd [241] uid [1312800004] gid [1312800004] validate [true] enterprise principal [false] offline [false] UPN [[email protected]] (Thu Mar 26 19:43:01 2015) [[sssd[krb5_child[13730]]]] [unpack_buffer] (0x0100): ccname: [FILE:/tmp/krb5cc_1312800004_XXXXXX] keytab: [/etc/krb5.keytab] (Thu Mar 26 19:43:01 2015) [[sssd[krb5_child[13730]]]] [set_lifetime_options] (0x0100): Cannot read [SSSD_KRB5_RENEWABLE_LIFETIME] from environment. (Thu Mar 26 19:43:01 2015) [[sssd[krb5_child[13730]]]] [set_lifetime_options] (0x0100): Cannot read [SSSD_KRB5_LIFETIME] from environment. (Thu Mar 26 19:43:01 2015) [[sssd[krb5_child[13730]]]] [set_canonicalize_option] (0x0100): SSSD_KRB5_CANONICALIZE is set to [true] (Thu Mar 26 19:43:01 2015) [[sssd[krb5_child[13730]]]] [k5c_setup_fast] (0x0100): SSSD_KRB5_FAST_PRINCIPAL is set to [host/ [email protected]] (Thu Mar 26 19:43:02 2015) [[sssd[krb5_child[13730]]]] [get_and_save_tgt] (0x0020): 981: [-1765328361][Password has expired] (Thu Mar 26 19:43:06 2015) [[sssd[krb5_child[13730]]]] [map_krb5_error] (0x0020): 1043: [-1765328360][Preauthentication failed] (Thu Mar 26 19:43:06 2015) [sssd[be[sd.int]]] [child_sig_handler] (0x0100): child [13730] finished successfully. (Thu Mar 26 19:43:06 2015) [sssd[be[sd.int]]] [ipa_get_migration_flag_done] (0x0100): Password migration is not enabled. (Thu Mar 26 19:43:06 2015) [sssd[be[sd.int]]] [be_pam_handler_callback] (0x0100): Backend returned: (0, 17, <NULL>) [Success]
Once I manually initialize the user Ticket on IPA Server using kinit username, I am able to login with and without FQDN. [root@ldap-inf-stg-sg1-01 lib]# kinit test1 Password for [email protected]: Password expired. You must change it now. Enter new password: Enter it again: Password change rejected: Password is too short Password not changed.. Please try again. Enter new password: Enter it again: root@yogesh-ubuntu-pc:/home/yogesh# ssh [email protected] [email protected]'s password: Last login: Thu Mar 26 19:45:36 2015 from 125.63.90.34 -sh-4.1$ logout Connection to dns-inf-stg-sg1-01.sd.int closed. root@yogesh-ubuntu-pc:/home/yogesh# ssh [email protected] [email protected]'s password: Last login: Thu Mar 26 19:45:55 2015 from 125.63.90.34 -sh-4.1$ *Best Regards,__________________________________________* *Yogesh Sharma* *Email: [email protected] <[email protected]> | Web: www.initd.in <http://www.initd.in>* RHCE, VCE-CIA, RackSpace Cloud U [image: My LinkedIn Profile] <http://in.linkedin.com/in/yks0000> On Thu, Mar 26, 2015 at 7:42 PM, Yogesh Sharma <[email protected]> wrote: > Thanks, but when I trying to use admin user (default user created by IPA), > I am able to login. The issue is happening only with new users we are > trying to create. > > > > === > TEST user Login Logs: > > (Thu Mar 26 19:30:51 2015) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0100): > Requesting info for [[email protected]] > (Thu Mar 26 19:30:51 2015) [sssd[be[sd.int]]] [be_get_account_info] > (0x0100): Got request for [4097][1][name=test] > (Thu Mar 26 19:30:51 2015) [sssd[be[sd.int]]] > [sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not parse > domain SID from [(null)] > (Thu Mar 26 19:30:51 2015) [sssd[be[sd.int]]] [sdap_attrs_get_sid_str] > (0x0080): No [objectSIDString] attribute while id-mapping. [0][Success] > (Thu Mar 26 19:30:51 2015) [sssd[be[sd.int]]] > [sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not parse > domain SID from [(null)] > (Thu Mar 26 19:30:51 2015) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0100): > Requesting info for [[email protected]] > (Thu Mar 26 19:30:51 2015) [sssd[nss]] [nss_cmd_getbynam] (0x0100): > Requesting info for [test] from [<ALL>] > (Thu Mar 26 19:30:51 2015) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0100): > Requesting info for [[email protected]] > (Thu Mar 26 19:30:51 2015) [sssd[nss]] [nss_cmd_getbynam] (0x0100): > Requesting info for [test] from [<ALL>] > (Thu Mar 26 19:30:51 2015) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0100): > Requesting info for [[email protected]] > (Thu Mar 26 19:30:51 2015) [sssd[pam]] [pam_cmd_authenticate] (0x0100): > entering pam_cmd_authenticate > (Thu Mar 26 19:30:51 2015) [sssd[pam]] [pam_print_data] (0x0100): command: > PAM_AUTHENTICATE > (Thu Mar 26 19:30:51 2015) [sssd[pam]] [pam_print_data] (0x0100): domain: > not set > (Thu Mar 26 19:30:51 2015) [sssd[pam]] [pam_print_data] (0x0100): user: > test > (Thu Mar 26 19:30:51 2015) [sssd[pam]] [pam_print_data] (0x0100): service: > sshd > (Thu Mar 26 19:30:51 2015) [sssd[pam]] [pam_print_data] (0x0100): tty: ssh > (Thu Mar 26 19:30:51 2015) [sssd[pam]] [pam_print_data] (0x0100): ruser: > not set > (Thu Mar 26 19:30:51 2015) [sssd[pam]] [pam_print_data] (0x0100): rhost: > 125.63.90.34 > (Thu Mar 26 19:30:51 2015) [sssd[pam]] [pam_print_data] (0x0100): authtok > type: 1 > (Thu Mar 26 19:30:51 2015) [sssd[pam]] [pam_print_data] (0x0100): > newauthtok type: 0 > (Thu Mar 26 19:30:51 2015) [sssd[pam]] [pam_print_data] (0x0100): priv: 1 > (Thu Mar 26 19:30:51 2015) [sssd[pam]] [pam_print_data] (0x0100): cli_pid: > 13615 > (Thu Mar 26 19:30:51 2015) [sssd[be[sd.int]]] [acctinfo_callback] > (0x0100): Request processed. Returned 0,0,Success > (Thu Mar 26 19:30:51 2015) [sssd[be[sd.int]]] [be_get_account_info] > (0x0100): Got request for [3][1][name=test] > (Thu Mar 26 19:30:51 2015) [sssd[be[sd.int]]] > [sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not parse > domain SID from [(null)] > (Thu Mar 26 19:30:51 2015) [sssd[be[sd.int]]] > [sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not parse > domain SID from [(null)] > (Thu Mar 26 19:30:51 2015) [sssd[be[sd.int]]] [sdap_attrs_get_sid_str] > (0x0080): No [objectSIDString] attribute while id-mapping. [0][Success] > (Thu Mar 26 19:30:51 2015) [sssd[be[sd.int]]] > [sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not parse > domain SID from [(null)] > (Thu Mar 26 19:30:51 2015) [sssd[be[sd.int]]] > [sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not parse > domain SID from [(null)] > (Thu Mar 26 19:30:51 2015) [sssd[be[sd.int]]] [sdap_attrs_get_sid_str] > (0x0080): No [objectSIDString] attribute while id-mapping. [0][Success] > (Thu Mar 26 19:30:51 2015) [sssd[be[sd.int]]] > [sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not parse > domain SID from [(null)] > (Thu Mar 26 19:30:51 2015) [sssd[pam]] [pam_check_user_search] (0x0100): > Requesting info for [[email protected]] > (Thu Mar 26 19:30:51 2015) [sssd[pam]] [pam_dp_send_req] (0x0100): Sending > request with the following data: > (Thu Mar 26 19:30:51 2015) [sssd[pam]] [pam_print_data] (0x0100): command: > PAM_AUTHENTICATE > (Thu Mar 26 19:30:51 2015) [sssd[pam]] [pam_print_data] (0x0100): domain: > sd.int > (Thu Mar 26 19:30:51 2015) [sssd[pam]] [pam_print_data] (0x0100): user: > test > (Thu Mar 26 19:30:51 2015) [sssd[pam]] [pam_print_data] (0x0100): service: > sshd > (Thu Mar 26 19:30:51 2015) [sssd[pam]] [pam_print_data] (0x0100): tty: ssh > (Thu Mar 26 19:30:51 2015) [sssd[pam]] [pam_print_data] (0x0100): ruser: > not set > (Thu Mar 26 19:30:51 2015) [sssd[pam]] [pam_print_data] (0x0100): rhost: > 125.63.90.34 > (Thu Mar 26 19:30:51 2015) [sssd[pam]] [pam_print_data] (0x0100): authtok > type: 1 > (Thu Mar 26 19:30:51 2015) [sssd[pam]] [pam_print_data] (0x0100): > newauthtok type: 0 > (Thu Mar 26 19:30:51 2015) [sssd[pam]] [pam_print_data] (0x0100): priv: 1 > (Thu Mar 26 19:30:51 2015) [sssd[pam]] [pam_print_data] (0x0100): cli_pid: > 13615 > (Thu Mar 26 19:30:51 2015) [sssd[pam]] [pam_dom_forwarder] (0x0100): > pam_dp_send_req returned 0 > (Thu Mar 26 19:30:51 2015) [sssd[be[sd.int]]] [acctinfo_callback] > (0x0100): Request processed. Returned 0,0,Success > (Thu Mar 26 19:30:51 2015) [sssd[be[sd.int]]] [be_pam_handler] (0x0100): > Got request with the following data > (Thu Mar 26 19:30:51 2015) [sssd[be[sd.int]]] [pam_print_data] (0x0100): > command: PAM_AUTHENTICATE > (Thu Mar 26 19:30:51 2015) [sssd[be[sd.int]]] [pam_print_data] (0x0100): > domain: sd.int > (Thu Mar 26 19:30:51 2015) [sssd[be[sd.int]]] [pam_print_data] (0x0100): > user: test > (Thu Mar 26 19:30:51 2015) [sssd[be[sd.int]]] [pam_print_data] (0x0100): > service: sshd > (Thu Mar 26 19:30:51 2015) [sssd[be[sd.int]]] [pam_print_data] (0x0100): > tty: ssh > (Thu Mar 26 19:30:51 2015) [sssd[be[sd.int]]] [pam_print_data] (0x0100): > ruser: > (Thu Mar 26 19:30:51 2015) [sssd[be[sd.int]]] [pam_print_data] (0x0100): > rhost: 125.63.90.34 > (Thu Mar 26 19:30:51 2015) [sssd[be[sd.int]]] [pam_print_data] (0x0100): > authtok type: 1 > (Thu Mar 26 19:30:51 2015) [sssd[be[sd.int]]] [pam_print_data] (0x0100): > newauthtok type: 0 > (Thu Mar 26 19:30:51 2015) [sssd[be[sd.int]]] [pam_print_data] (0x0100): > priv: 1 > (Thu Mar 26 19:30:51 2015) [sssd[be[sd.int]]] [pam_print_data] (0x0100): > cli_pid: 13615 > (Thu Mar 26 19:30:51 2015) [sssd[be[sd.int]]] [fo_resolve_service_send] > (0x0100): Trying to resolve service 'IPA' > (Thu Mar 26 19:30:51 2015) [[sssd[krb5_child[13625]]]] [unpack_buffer] > (0x0100): cmd [241] uid [1312800003] gid [1312800003] validate [true] > enterprise principal [false] offline [false] UPN [[email protected]] > (Thu Mar 26 19:30:51 2015) [[sssd[krb5_child[13625]]]] [unpack_buffer] > (0x0100): ccname: [FILE:/tmp/krb5cc_1312800003_XXXXXX] keytab: > [/etc/krb5.keytab] > (Thu Mar 26 19:30:51 2015) [[sssd[krb5_child[13625]]]] > [set_lifetime_options] (0x0100): Cannot read [SSSD_KRB5_RENEWABLE_LIFETIME] > from environment. > (Thu Mar 26 19:30:51 2015) [[sssd[krb5_child[13625]]]] > [set_lifetime_options] (0x0100): Cannot read [SSSD_KRB5_LIFETIME] from > environment. > (Thu Mar 26 19:30:51 2015) [[sssd[krb5_child[13625]]]] > [set_canonicalize_option] (0x0100): SSSD_KRB5_CANONICALIZE is set to [true] > (Thu Mar 26 19:30:51 2015) [[sssd[krb5_child[13625]]]] [k5c_setup_fast] > (0x0100): SSSD_KRB5_FAST_PRINCIPAL is set to [host/ > [email protected]] > (Thu Mar 26 19:30:52 2015) [sssd] [service_send_ping] (0x0100): Pinging > sd.int > (Thu Mar 26 19:30:52 2015) [sssd] [service_send_ping] (0x0100): Pinging nss > (Thu Mar 26 19:30:52 2015) [sssd] [service_send_ping] (0x0100): Pinging pam > (Thu Mar 26 19:30:52 2015) [sssd] [service_send_ping] (0x0100): Pinging ssh > (Thu Mar 26 19:30:52 2015) [sssd] [service_send_ping] (0x0100): Pinging pac > (Thu Mar 26 19:30:52 2015) [sssd] [ping_check] (0x0100): Service pam > replied to ping > (Thu Mar 26 19:30:52 2015) [sssd] [ping_check] (0x0100): Service ssh > replied to ping > (Thu Mar 26 19:30:52 2015) [sssd] [ping_check] (0x0100): Service pac > replied to ping > (Thu Mar 26 19:30:52 2015) [sssd] [ping_check] (0x0100): Service nss > replied to ping > (Thu Mar 26 19:30:52 2015) [sssd] [ping_check] (0x0100): Service sd.int > replied to ping > (Thu Mar 26 19:30:52 2015) [[sssd[krb5_child[13625]]]] [get_and_save_tgt] > (0x0020): 981: [-1765328361][Password has expired] > (Thu Mar 26 19:30:55 2015) [[sssd[krb5_child[13625]]]] [map_krb5_error] > (0x0020): 1043: [-1765328360][Preauthentication failed] > (Thu Mar 26 19:30:55 2015) [sssd[be[sd.int]]] [child_sig_handler] > (0x0100): child [13625] finished successfully. > (Thu Mar 26 19:30:55 2015) [sssd[be[sd.int]]] > [ipa_get_migration_flag_done] (0x0100): Password migration is not enabled. > (Thu Mar 26 19:30:55 2015) [sssd[be[sd.int]]] [be_pam_handler_callback] > (0x0100): Backend returned: (0, 17, <NULL>) [Success] > (Thu Mar 26 19:30:55 2015) [sssd[be[sd.int]]] [be_pam_handler_callback] > (0x0100): Sending result [17][sd.int] > (Thu Mar 26 19:30:55 2015) [sssd[be[sd.int]]] [be_pam_handler_callback] > (0x0100): Sent result [17][sd.int] > (Thu Mar 26 19:30:55 2015) [sssd[pam]] [pam_dp_process_reply] (0x0100): > received: [17][sd.int] > (Thu Mar 26 19:31:02 2015) [sssd] [service_send_ping] (0x0100): Pinging > sd.int > (Thu Mar 26 19:31:02 2015) [sssd] [service_send_ping] (0x0100): Pinging nss > (Thu Mar 26 19:31:02 2015) [sssd] [service_send_ping] (0x0100): Pinging pam > (Thu Mar 26 19:31:02 2015) [sssd] [service_send_ping] (0x0100): Pinging ssh > (Thu Mar 26 19:31:02 2015) [sssd] [service_send_ping] (0x0100): Pinging pac > (Thu Mar 26 19:31:02 2015) [sssd] [ping_check] (0x0100): Service pam > replied to ping > (Thu Mar 26 19:31:02 2015) [sssd] [ping_check] (0x0100): Service ssh > replied to ping > (Thu Mar 26 19:31:02 2015) [sssd] [ping_check] (0x0100): Service pac > replied to ping > (Thu Mar 26 19:31:02 2015) [sssd] [ping_check] (0x0100): Service nss > replied to ping > (Thu Mar 26 19:31:02 2015) [sssd] [ping_check] (0x0100): Service sd.int > replied to ping > > > > > > > > > ADMIN User Logs: > > > (Thu Mar 26 19:33:45 2015) [sssd[pam]] [pam_check_user_search] (0x0100): > Requesting info for [[email protected]] > (Thu Mar 26 19:33:45 2015) [sssd[pam]] [pam_dp_send_req] (0x0100): Sending > request with the following data: > (Thu Mar 26 19:33:45 2015) [sssd[pam]] [pam_print_data] (0x0100): command: > PAM_OPEN_SESSION > (Thu Mar 26 19:33:45 2015) [sssd[pam]] [pam_print_data] (0x0100): domain: > sd.int > (Thu Mar 26 19:33:45 2015) [sssd[pam]] [pam_print_data] (0x0100): user: > admin > (Thu Mar 26 19:33:45 2015) [sssd[pam]] [pam_print_data] (0x0100): service: > sshd > (Thu Mar 26 19:33:45 2015) [sssd[pam]] [pam_print_data] (0x0100): tty: ssh > (Thu Mar 26 19:33:45 2015) [sssd[pam]] [pam_print_data] (0x0100): ruser: > not set > (Thu Mar 26 19:33:45 2015) [sssd[pam]] [pam_print_data] (0x0100): rhost: > 125.63.90.34 > (Thu Mar 26 19:33:45 2015) [sssd[pam]] [pam_print_data] (0x0100): authtok > type: 0 > (Thu Mar 26 19:33:45 2015) [sssd[pam]] [pam_print_data] (0x0100): > newauthtok type: 0 > (Thu Mar 26 19:33:45 2015) [sssd[pam]] [pam_print_data] (0x0100): priv: 1 > (Thu Mar 26 19:33:45 2015) [sssd[pam]] [pam_print_data] (0x0100): cli_pid: > 13644 > (Thu Mar 26 19:33:45 2015) [sssd[pam]] [pam_dom_forwarder] (0x0100): > pam_dp_send_req returned 0 > (Thu Mar 26 19:33:45 2015) [sssd[be[sd.int]]] [be_pam_handler] (0x0100): > Got request with the following data > (Thu Mar 26 19:33:45 2015) [sssd[be[sd.int]]] [pam_print_data] (0x0100): > command: PAM_OPEN_SESSION > (Thu Mar 26 19:33:45 2015) [sssd[be[sd.int]]] [pam_print_data] (0x0100): > domain: sd.int > (Thu Mar 26 19:33:45 2015) [sssd[be[sd.int]]] [pam_print_data] (0x0100): > user: admin > (Thu Mar 26 19:33:45 2015) [sssd[be[sd.int]]] [pam_print_data] (0x0100): > service: sshd > (Thu Mar 26 19:33:45 2015) [sssd[be[sd.int]]] [pam_print_data] (0x0100): > tty: ssh > (Thu Mar 26 19:33:45 2015) [sssd[be[sd.int]]] [pam_print_data] (0x0100): > ruser: > (Thu Mar 26 19:33:45 2015) [sssd[be[sd.int]]] [pam_print_data] (0x0100): > rhost: 125.63.90.34 > (Thu Mar 26 19:33:45 2015) [sssd[be[sd.int]]] [pam_print_data] (0x0100): > authtok type: 0 > (Thu Mar 26 19:33:45 2015) [sssd[be[sd.int]]] [pam_print_data] (0x0100): > newauthtok type: 0 > (Thu Mar 26 19:33:45 2015) [sssd[be[sd.int]]] [pam_print_data] (0x0100): > priv: 1 > (Thu Mar 26 19:33:45 2015) [sssd[be[sd.int]]] [pam_print_data] (0x0100): > cli_pid: 13644 > (Thu Mar 26 19:33:45 2015) [sssd[be[sd.int]]] [be_pam_handler] (0x0100): > Sending result [0][sd.int] > (Thu Mar 26 19:33:45 2015) [sssd[pam]] [pam_dp_process_reply] (0x0100): > received: [0][sd.int] > (Thu Mar 26 19:33:45 2015) [sssd[nss]] [nss_cmd_getbynam] (0x0100): > Requesting info for [admin] from [<ALL>] > (Thu Mar 26 19:33:45 2015) [sssd[nss]] [nss_cmd_initgroups_search] > (0x0100): Requesting info for [[email protected]] > (Thu Mar 26 19:33:45 2015) [sssd[pam]] [pam_cmd_setcred] (0x0100): > entering pam_cmd_setcred > (Thu Mar 26 19:33:45 2015) [sssd[pam]] [pam_print_data] (0x0100): command: > PAM_SETCRED > (Thu Mar 26 19:33:45 2015) [sssd[pam]] [pam_print_data] (0x0100): domain: > not set > (Thu Mar 26 19:33:45 2015) [sssd[pam]] [pam_print_data] (0x0100): user: > admin > (Thu Mar 26 19:33:45 2015) [sssd[pam]] [pam_print_data] (0x0100): service: > sshd > (Thu Mar 26 19:33:45 2015) [sssd[pam]] [pam_print_data] (0x0100): tty: ssh > (Thu Mar 26 19:33:45 2015) [sssd[pam]] [pam_print_data] (0x0100): ruser: > not set > (Thu Mar 26 19:33:45 2015) [sssd[pam]] [pam_print_data] (0x0100): rhost: > 125.63.90.34 > (Thu Mar 26 19:33:45 2015) [sssd[pam]] [pam_print_data] (0x0100): authtok > type: 0 > (Thu Mar 26 19:33:45 2015) [sssd[pam]] [pam_print_data] (0x0100): > newauthtok type: 0 > (Thu Mar 26 19:33:45 2015) [sssd[pam]] [pam_print_data] (0x0100): priv: 0 > (Thu Mar 26 19:33:45 2015) [sssd[pam]] [pam_print_data] (0x0100): cli_pid: > 13648 > (Thu Mar 26 19:33:45 2015) [sssd[pam]] [pam_check_user_search] (0x0100): > Requesting info for [[email protected]] > (Thu Mar 26 19:33:45 2015) [sssd[pam]] [pam_dp_send_req] (0x0100): Sending > request with the following data: > (Thu Mar 26 19:33:45 2015) [sssd[pam]] [pam_print_data] (0x0100): command: > PAM_SETCRED > (Thu Mar 26 19:33:45 2015) [sssd[pam]] [pam_print_data] (0x0100): domain: > sd.int > (Thu Mar 26 19:33:45 2015) [sssd[pam]] [pam_print_data] (0x0100): user: > admin > (Thu Mar 26 19:33:45 2015) [sssd[pam]] [pam_print_data] (0x0100): service: > sshd > (Thu Mar 26 19:33:45 2015) [sssd[pam]] [pam_print_data] (0x0100): tty: ssh > (Thu Mar 26 19:33:45 2015) [sssd[pam]] [pam_print_data] (0x0100): ruser: > not set > (Thu Mar 26 19:33:45 2015) [sssd[pam]] [pam_print_data] (0x0100): rhost: > 125.63.90.34 > (Thu Mar 26 19:33:45 2015) [sssd[pam]] [pam_print_data] (0x0100): authtok > type: 0 > (Thu Mar 26 19:33:45 2015) [sssd[pam]] [pam_print_data] (0x0100): > newauthtok type: 0 > (Thu Mar 26 19:33:45 2015) [sssd[pam]] [pam_print_data] (0x0100): priv: 0 > (Thu Mar 26 19:33:45 2015) [sssd[pam]] [pam_print_data] (0x0100): cli_pid: > 13648 > (Thu Mar 26 19:33:45 2015) [sssd[pam]] [pam_dom_forwarder] (0x0100): > pam_dp_send_req returned 0 > (Thu Mar 26 19:33:45 2015) [sssd[be[sd.int]]] [be_pam_handler] (0x0100): > Got request with the following data > (Thu Mar 26 19:33:45 2015) [sssd[be[sd.int]]] [pam_print_data] (0x0100): > command: PAM_SETCRED > (Thu Mar 26 19:33:45 2015) [sssd[be[sd.int]]] [pam_print_data] (0x0100): > domain: sd.int > (Thu Mar 26 19:33:45 2015) [sssd[be[sd.int]]] [pam_print_data] (0x0100): > user: admin > (Thu Mar 26 19:33:45 2015) [sssd[be[sd.int]]] [pam_print_data] (0x0100): > service: sshd > (Thu Mar 26 19:33:45 2015) [sssd[be[sd.int]]] [pam_print_data] (0x0100): > tty: ssh > (Thu Mar 26 19:33:45 2015) [sssd[be[sd.int]]] [pam_print_data] (0x0100): > ruser: > (Thu Mar 26 19:33:45 2015) [sssd[be[sd.int]]] [pam_print_data] (0x0100): > rhost: 125.63.90.34 > (Thu Mar 26 19:33:45 2015) [sssd[be[sd.int]]] [pam_print_data] (0x0100): > authtok type: 0 > (Thu Mar 26 19:33:45 2015) [sssd[be[sd.int]]] [pam_print_data] (0x0100): > newauthtok type: 0 > (Thu Mar 26 19:33:45 2015) [sssd[be[sd.int]]] [pam_print_data] (0x0100): > priv: 0 > (Thu Mar 26 19:33:45 2015) [sssd[be[sd.int]]] [pam_print_data] (0x0100): > cli_pid: 13648 > (Thu Mar 26 19:33:45 2015) [sssd[be[sd.int]]] [be_pam_handler] (0x0100): > Sending result [0][sd.int] > (Thu Mar 26 19:33:45 2015) [sssd[pam]] [pam_dp_process_reply] (0x0100): > received: [0][sd.int] > (Thu Mar 26 19:33:46 2015) [sssd[nss]] [nss_cmd_getbynam] (0x0100): > Requesting info for [admin] from [<ALL>] > (Thu Mar 26 19:33:46 2015) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0100): > Requesting info for [[email protected]] > (Thu Mar 26 19:33:46 2015) [sssd[nss]] [nss_cmd_getgrgid_search] (0x0100): > Requesting info for [[email protected]] > (Thu Mar 26 19:33:46 2015) [sssd[nss]] [nss_cmd_getgrgid_search] (0x0080): > No matching domain found for [1312800000] > > ==== > > > > > > > *Best Regards,__________________________________________* > > *Yogesh Sharma* > *Email: [email protected] <[email protected]> | Web: www.initd.in > <http://www.initd.in>* > > RHCE, VCE-CIA, RackSpace Cloud U > [image: My LinkedIn Profile] <http://in.linkedin.com/in/yks0000> > > > On Thu, Mar 26, 2015 at 7:10 PM, Simo Sorce <[email protected]> wrote: > >> On Thu, 2015-03-26 at 15:42 +0530, Yogesh Sharma wrote: >> > Hi, >> > >> > We are getting error while trying to ssh using users created in IPA >> > server. >> > >> > root@yogesh-ubuntu-pc:~# ssh -vvv [email protected] >> >> You should use the machine's fully qualified name if you want to login >> using GSSAPI/Krb5, an IP address cannot be resolved to a proper key as >> keys are registerd into the KDC as >> host/machine.fully.qualified.name@REALM. >> >> It's the same thing as with HTTPS, the client need to know the "name" of >> the server in order to be able to properly communicate with it. >> >> Simo. >> >> -- >> Simo Sorce * Red Hat, Inc * New York >> >> >
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
