> I think I just realised that my expectation may be wrong: GSSAPI login with a > FreeIPA user logged in on an AD host to a FreeIPA host works. So is it correct > to also expect passwordless login with an AD user to a FreeIPA host?
If your FreeIPA domain trusts the AD domain, then yes, you can use an AD user to login to a FreeIPA-joined Linux host from a domain-joined Windows client where you are logged into the Windows client as the AD user (assuming you have your HBACs setup to allow - if you didn't password auth wouldn't work either). Unless you've configured "default_domain_suffix" in sssd.conf the user name is "[email protected]". If you have configured "default_domain_suffix" make sure that your user names in AD don't conflict with the user names in IPA. Regards, j > On 2 May 2017 at 17:40, Jason B. Nance < [ mailto:[email protected] | > [email protected] ] > wrote: >> Hi Tiemen, >>> To be clear, what I'm trying to do: log in from an AD account (adm.tiemen), >>> from >>> an AD host ( [ http://leon.clients.rdmedia.com/ | leon.clients.rdmedia.com >>> ] ) >>> to a FreeIPA host ( [ http://neodymium.test.ams.i.rdmedia.com/ | >>> neodymium.test.ams.i.rdmedia.com ] ) with the same AD account. I expect to >>> be >>> logged in through GSSAPI, instead I get a password prompt. >> I'm assuming that you are coming from a Windows client that is domain joined >> and >> logged into that Windows client with the same domain credentials that you are >> using to connect to the IPA-joined host. Do you also have your SSH client >> configured to attempt GSSAPI? It appears that you do from the logs you >> provided >> but I'm just double-checking. >> In my setup I've found that this feature does not work all of the time. I've >> not >> yet been able to track it down and I'm assuming it has something to do with >> connections to domain controllers timing out, but at this point that is >> speculation. >> So to answer your question, yes, that should work. Sorry I don't have more >> information for you, I guess I'm basically "me too"ing your post. >> Regards, >> j >>> Is this supposed to work? Did I miss something? >>> Below the SSH log from the FreeIPA host with LogLevel DEBUG3: >>> May 2 17:10:32 neodymium sshd[572]: debug3: fd 5 is not O_NONBLOCK >>> May 2 17:10:32 neodymium sshd[572]: debug1: Forked child 752. >>> May 2 17:10:32 neodymium sshd[572]: debug3: send_rexec_state: entering fd = >>> 8 >>> config len 922 >>> May 2 17:10:32 neodymium sshd[572]: debug3: ssh_msg_send: type 0 >>> May 2 17:10:32 neodymium sshd[572]: debug3: send_rexec_state: done >>> May 2 17:10:32 neodymium sshd[752]: debug3: oom_adjust_restore >>> May 2 17:10:32 neodymium sshd[752]: Set /proc/self/oom_score_adj to 0 >>> May 2 17:10:32 neodymium sshd[752]: debug1: rexec start in 5 out 5 newsock 5 >>> pipe 7 sock 8 >>> May 2 17:10:32 neodymium sshd[752]: debug1: inetd sockets after dupping: 3, >>> 3 >>> May 2 17:10:32 neodymium sshd[752]: Connection from 192.168.10.155 port >>> 53106 on >>> 192.168.50.63 port 22 >>> May 2 17:10:32 neodymium sshd[752]: debug1: Client protocol version 2.0; >>> client >>> software version PuTTY_KiTTY >>> May 2 17:10:32 neodymium sshd[752]: debug1: no match: PuTTY_KiTTY >>> May 2 17:10:32 neodymium sshd[752]: debug1: Enabling compatibility mode for >>> protocol 2.0 >>> May 2 17:10:32 neodymium sshd[752]: debug1: Local version string >>> SSH-2.0-OpenSSH_6.6.1 >>> May 2 17:10:32 neodymium sshd[752]: debug2: fd 3 setting O_NONBLOCK >>> May 2 17:10:32 neodymium sshd[752]: debug3: ssh_sandbox_init: preparing >>> rlimit >>> sandbox >>> May 2 17:10:32 neodymium sshd[752]: debug2: Network child is on pid 753 >>> May 2 17:10:32 neodymium sshd[752]: debug3: preauth child monitor started >>> May 2 17:10:32 neodymium sshd[752]: debug1: SELinux support disabled >>> [preauth] >>> May 2 17:10:32 neodymium sshd[752]: debug3: privsep user:group 74:74 >>> [preauth] >>> May 2 17:10:32 neodymium sshd[752]: debug1: permanently_set_uid: 74/74 >>> [preauth] >>> May 2 17:10:32 neodymium sshd[752]: debug1: list_hostkey_types: >>> ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519 [preauth] >>> May 2 17:10:32 neodymium sshd[752]: debug3: mm_request_send entering: type >>> 42 >>> [preauth] >>> May 2 17:10:32 neodymium sshd[752]: debug3: mm_request_receive_expect >>> entering: >>> type 43 [preauth] >>> May 2 17:10:32 neodymium sshd[752]: debug3: mm_request_receive entering >>> [preauth] >>> May 2 17:10:32 neodymium sshd[752]: debug3: mm_request_receive entering >>> May 2 17:10:32 neodymium sshd[752]: debug3: monitor_read: checking request >>> 42 >>> May 2 17:10:32 neodymium sshd[752]: debug3: mm_request_send entering: type >>> 43 >>> May 2 17:10:32 neodymium sshd[752]: debug1: SSH2_MSG_KEXINIT sent [preauth] >>> May 2 17:10:32 neodymium sshd[752]: debug1: SSH2_MSG_KEXINIT received >>> [preauth] >>> May 2 17:10:32 neodymium sshd[752]: debug2: kex_parse_kexinit: >>> gss-gex-sha1-toWM5Slw5Ew8Mqkay+al2g==,gss-group1-sha1-toWM5Slw5Ew8Mqkay+al2g==,gss-group14-sha1-toWM5Slw5Ew8Mqkay+al2g==, >>> [ mailto:[email protected] | [email protected] ] >>> ,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 >>> [preauth] >>> May 2 17:10:32 neodymium sshd[752]: debug2: kex_parse_kexinit: >>> ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519 [preauth] >>> May 2 17:10:32 neodymium sshd[752]: debug2: kex_parse_kexinit: >>> aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128, [ >>> mailto:[email protected] | [email protected] ] , [ >>> mailto:[email protected] | [email protected] ] , [ >>> mailto:[email protected] | [email protected] ] >>> ,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour, >>> [ >>> mailto:[email protected] | [email protected] ] [preauth] >>> May 2 17:10:32 neodymium sshd[752]: debug2: kex_parse_kexinit: >>> aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128, [ >>> mailto:[email protected] | [email protected] ] , [ >>> mailto:[email protected] | [email protected] ] , [ >>> mailto:[email protected] | [email protected] ] >>> ,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour, >>> [ >>> mailto:[email protected] | [email protected] ] [preauth] >>> May 2 17:10:32 neodymium sshd[752]: debug2: kex_parse_kexinit: [ >>> mailto:[email protected] | [email protected] ] , [ >>> mailto:[email protected] | [email protected] ] , [ >>> mailto:[email protected] | [email protected] ] , [ >>> mailto:[email protected] | [email protected] ] , [ >>> mailto:[email protected] | [email protected] ] , [ >>> mailto:[email protected] | [email protected] ] , [ >>> mailto:[email protected] | [email protected] ] , [ >>> mailto:[email protected] | [email protected] ] , [ >>> mailto:[email protected] | [email protected] ] >>> ,hmac-md5,hmac-sha1, [ mailto:[email protected] | [email protected] ] , >>> [ >>> mailto:[email protected] | [email protected] ] >>> ,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160, [ >>> mailto:[email protected] | [email protected] ] >>> ,hmac-sha1-96,hmac-md5-96 [preauth] >>> May 2 17:10:32 neodymium sshd[752]: debug2: kex_parse_kexinit: [ >>> mailto:[email protected] | [email protected] ] , [ >>> mailto:[email protected] | [email protected] ] , [ >>> mailto:[email protected] | [email protected] ] , [ >>> mailto:[email protected] | [email protected] ] , [ >>> mailto:[email protected] | [email protected] ] , [ >>> mailto:[email protected] | [email protected] ] , [ >>> mailto:[email protected] | [email protected] ] , [ >>> mailto:[email protected] | [email protected] ] , [ >>> mailto:[email protected] | [email protected] ] >>> ,hmac-md5,hmac-sha1, [ mailto:[email protected] | [email protected] ] , >>> [ >>> mailto:[email protected] | [email protected] ] >>> ,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160, [ >>> mailto:[email protected] | [email protected] ] >>> ,hmac-sha1-96,hmac-md5-96 [preauth] >>> May 2 17:10:32 neodymium sshd[752]: debug2: kex_parse_kexinit: none, [ >>> mailto:[email protected] | [email protected] ] [preauth] >>> May 2 17:10:32 neodymium sshd[752]: debug2: kex_parse_kexinit: none, [ >>> mailto:[email protected] | [email protected] ] [preauth] >>> May 2 17:10:32 neodymium sshd[752]: debug2: kex_parse_kexinit: [preauth] >>> May 2 17:10:32 neodymium sshd[752]: debug2: kex_parse_kexinit: [preauth] >>> May 2 17:10:32 neodymium sshd[752]: debug2: kex_parse_kexinit: >>> first_kex_follows >>> 0 [preauth] >>> May 2 17:10:32 neodymium sshd[752]: debug2: kex_parse_kexinit: reserved 0 >>> [preauth] >>> May 2 17:10:32 neodymium sshd[752]: debug2: kex_parse_kexinit: [ >>> mailto:[email protected] | [email protected] ] >>> ,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,rsa2048-sha256,rsa1024-sha1,diffie-hellman-group1-sha1 >>> [preauth] >>> May 2 17:10:32 neodymium sshd[752]: debug2: kex_parse_kexinit: >>> ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-rsa,ssh-dss >>> [preauth] >>> May 2 17:10:32 neodymium sshd[752]: debug2: kex_parse_kexinit: >>> aes256-ctr,aes256-cbc, [ mailto:[email protected] | >>> [email protected] ] ,aes192-ctr,aes192-cbc,aes128-ctr,aes128-cbc, >>> [ >>> mailto:[email protected] | [email protected] ] >>> ,blowfish-ctr,blowfish-cbc,3des-ctr,3des-cbc,arcfour256,arcfour128 [preauth] >>> May 2 17:10:32 neodymium sshd[752]: debug2: kex_parse_kexinit: >>> aes256-ctr,aes256-cbc, [ mailto:[email protected] | >>> [email protected] ] ,aes192-ctr,aes192-cbc,aes128-ctr,aes128-cbc, >>> [ >>> mailto:[email protected] | [email protected] ] >>> ,blowfish-ctr,blowfish-cbc,3des-ctr,3des-cbc,arcfour256,arcfour128 [preauth] >>> May 2 17:10:32 neodymium sshd[752]: debug2: kex_parse_kexinit: >>> hmac-sha2-256,hmac-sha1,hmac-sha1-96,hmac-md5, [ >>> mailto:[email protected] | [email protected] ] , [ >>> mailto:[email protected] | [email protected] ] , [ >>> mailto:[email protected] | [email protected] ] , [ >>> mailto:[email protected] | [email protected] ] [preauth] >>> May 2 17:10:32 neodymium sshd[752]: debug2: kex_parse_kexinit: >>> hmac-sha2-256,hmac-sha1,hmac-sha1-96,hmac-md5, [ >>> mailto:[email protected] | [email protected] ] , [ >>> mailto:[email protected] | [email protected] ] , [ >>> mailto:[email protected] | [email protected] ] , [ >>> mailto:[email protected] | [email protected] ] [preauth] >>> May 2 17:10:32 neodymium sshd[752]: debug2: kex_parse_kexinit: none,zlib >>> [preauth] >>> May 2 17:10:32 neodymium sshd[752]: debug2: kex_parse_kexinit: none,zlib >>> [preauth] >>> May 2 17:10:32 neodymium sshd[752]: debug2: kex_parse_kexinit: [preauth] >>> May 2 17:10:32 neodymium sshd[752]: debug2: kex_parse_kexinit: [preauth] >>> May 2 17:10:32 neodymium sshd[752]: debug2: kex_parse_kexinit: >>> first_kex_follows >>> 0 [preauth] >>> May 2 17:10:32 neodymium sshd[752]: debug2: kex_parse_kexinit: reserved 0 >>> [preauth] >>> May 2 17:10:32 neodymium sshd[752]: debug2: mac_setup: setup hmac-sha2-256 >>> [preauth] >>> May 2 17:10:32 neodymium sshd[752]: debug1: kex: client->server aes256-ctr >>> hmac-sha2-256 none [preauth] >>> May 2 17:10:32 neodymium sshd[752]: debug2: mac_setup: setup hmac-sha2-256 >>> [preauth] >>> May 2 17:10:32 neodymium sshd[752]: debug1: kex: server->client aes256-ctr >>> hmac-sha2-256 none [preauth] >>> May 2 17:10:32 neodymium sshd[752]: debug1: kex: [ >>> mailto:[email protected] | [email protected] ] need=32 >>> dh_need=32 [preauth] >>> May 2 17:10:32 neodymium sshd[752]: debug3: mm_request_send entering: type >>> 120 >>> [preauth] >>> May 2 17:10:32 neodymium sshd[752]: debug3: mm_request_receive_expect >>> entering: >>> type 121 [preauth] >>> May 2 17:10:32 neodymium sshd[752]: debug3: mm_request_receive entering >>> [preauth] >>> May 2 17:10:32 neodymium sshd[752]: debug3: mm_request_receive entering >>> May 2 17:10:32 neodymium sshd[752]: debug3: monitor_read: checking request >>> 120 >>> May 2 17:10:32 neodymium sshd[752]: debug3: mm_request_send entering: type >>> 121 >>> May 2 17:10:32 neodymium sshd[752]: debug1: kex: [ >>> mailto:[email protected] | [email protected] ] need=32 >>> dh_need=32 [preauth] >>> May 2 17:10:32 neodymium sshd[752]: debug3: mm_request_send entering: type >>> 120 >>> [preauth] >>> May 2 17:10:32 neodymium sshd[752]: debug3: mm_request_receive_expect >>> entering: >>> type 121 [preauth] >>> May 2 17:10:32 neodymium sshd[752]: debug3: mm_request_receive entering >>> [preauth] >>> May 2 17:10:32 neodymium sshd[752]: debug3: mm_request_receive entering >>> May 2 17:10:32 neodymium sshd[752]: debug3: monitor_read: checking request >>> 120 >>> May 2 17:10:32 neodymium sshd[752]: debug3: mm_request_send entering: type >>> 121 >>> May 2 17:10:32 neodymium sshd[752]: debug1: expecting SSH2_MSG_KEX_ECDH_INIT >>> [preauth] >>> May 2 17:10:32 neodymium sshd[752]: debug3: mm_key_sign entering [preauth] >>> May 2 17:10:32 neodymium sshd[752]: debug3: mm_request_send entering: type 6 >>> [preauth] >>> May 2 17:10:32 neodymium sshd[752]: debug3: mm_key_sign: waiting for >>> MONITOR_ANS_SIGN [preauth] >>> May 2 17:10:32 neodymium sshd[752]: debug3: mm_request_receive_expect >>> entering: >>> type 7 [preauth] >>> May 2 17:10:32 neodymium sshd[752]: debug3: mm_request_receive entering >>> [preauth] >>> May 2 17:10:32 neodymium sshd[752]: debug3: mm_request_receive entering >>> May 2 17:10:32 neodymium sshd[752]: debug3: monitor_read: checking request 6 >>> May 2 17:10:32 neodymium sshd[752]: debug3: mm_answer_sign >>> May 2 17:10:32 neodymium sshd[752]: debug3: mm_answer_sign: signature >>> 0x7f7ea34ed250(83) >>> May 2 17:10:32 neodymium sshd[752]: debug3: mm_request_send entering: type 7 >>> May 2 17:10:32 neodymium sshd[752]: debug2: monitor_read: 6 used once, >>> disabling >>> now >>> May 2 17:10:32 neodymium sshd[752]: debug2: kex_derive_keys [preauth] >>> May 2 17:10:32 neodymium sshd[752]: debug2: set_newkeys: mode 1 [preauth] >>> May 2 17:10:32 neodymium sshd[752]: debug1: SSH2_MSG_NEWKEYS sent [preauth] >>> May 2 17:10:32 neodymium sshd[752]: debug1: expecting SSH2_MSG_NEWKEYS >>> [preauth] >>> May 2 17:10:33 neodymium sshd[752]: debug2: set_newkeys: mode 0 [preauth] >>> May 2 17:10:33 neodymium sshd[752]: debug1: SSH2_MSG_NEWKEYS received >>> [preauth] >>> May 2 17:10:33 neodymium sshd[752]: debug1: KEX done [preauth] >>> May 2 17:10:42 neodymium sshd[752]: debug1: userauth-request for user [ >>> mailto:[email protected] | [email protected] ] >>> service ssh-connection method none [preauth] >>> May 2 17:10:42 neodymium sshd[752]: debug1: attempt 0 failures 0 [preauth] >>> May 2 17:10:42 neodymium sshd[752]: debug3: mm_getpwnamallow entering >>> [preauth] >>> May 2 17:10:42 neodymium sshd[752]: debug3: mm_request_send entering: type 8 >>> [preauth] >>> May 2 17:10:42 neodymium sshd[752]: debug3: mm_getpwnamallow: waiting for >>> MONITOR_ANS_PWNAM [preauth] >>> May 2 17:10:42 neodymium sshd[752]: debug3: mm_request_receive_expect >>> entering: >>> type 9 [preauth] >>> May 2 17:10:42 neodymium sshd[752]: debug3: mm_request_receive entering >>> [preauth] >>> May 2 17:10:42 neodymium sshd[752]: debug3: mm_request_receive entering >>> May 2 17:10:42 neodymium sshd[752]: debug3: monitor_read: checking request 8 >>> May 2 17:10:42 neodymium sshd[752]: debug3: mm_answer_pwnamallow >>> May 2 17:10:42 neodymium sshd[752]: debug3: Trying to reverse map address >>> 192.168.10.155. >>> May 2 17:10:42 neodymium sshd[752]: debug2: parse_server_config: config >>> reprocess config len 922 >>> May 2 17:10:42 neodymium sshd[752]: debug3: mm_answer_pwnamallow: sending >>> MONITOR_ANS_PWNAM: 1 >>> May 2 17:10:42 neodymium sshd[752]: debug3: mm_request_send entering: type 9 >>> May 2 17:10:42 neodymium sshd[752]: debug2: monitor_read: 8 used once, >>> disabling >>> now >>> May 2 17:10:42 neodymium sshd[752]: debug2: input_userauth_request: setting >>> up >>> authctxt for [ mailto:[email protected] | >>> [email protected] ] [preauth] >>> May 2 17:10:42 neodymium sshd[752]: debug3: mm_start_pam entering [preauth] >>> May 2 17:10:42 neodymium sshd[752]: debug3: mm_request_send entering: type >>> 100 >>> [preauth] >>> May 2 17:10:42 neodymium sshd[752]: debug3: mm_inform_authserv entering >>> [preauth] >>> May 2 17:10:42 neodymium sshd[752]: debug3: mm_request_send entering: type 4 >>> [preauth] >>> May 2 17:10:42 neodymium sshd[752]: debug3: mm_inform_authrole entering >>> [preauth] >>> May 2 17:10:42 neodymium sshd[752]: debug3: mm_request_send entering: type >>> 80 >>> [preauth] >>> May 2 17:10:42 neodymium sshd[752]: debug2: input_userauth_request: try >>> method >>> none [preauth] >>> May 2 17:10:42 neodymium sshd[752]: debug3: userauth_finish: failure >>> partial=0 >>> next >>> methods="publickey,gssapi-keyex,gssapi-with-mic,password,keyboard-interactive" >>> [preauth] >>> May 2 17:10:42 neodymium sshd[752]: debug3: mm_request_receive entering >>> May 2 17:10:42 neodymium sshd[752]: debug3: monitor_read: checking request >>> 100 >>> May 2 17:10:42 neodymium sshd[752]: debug1: PAM: initializing for " [ >>> mailto:[email protected] | [email protected] ] " >>> May 2 17:10:42 neodymium sshd[752]: debug1: PAM: setting PAM_RHOST to >>> "192.168.10.155" >>> May 2 17:10:42 neodymium sshd[752]: debug1: PAM: setting PAM_TTY to "ssh" >>> May 2 17:10:42 neodymium sshd[752]: debug2: monitor_read: 100 used once, >>> disabling now >>> May 2 17:10:42 neodymium sshd[752]: debug1: userauth-request for user [ >>> mailto:[email protected] | [email protected] ] >>> service ssh-connection method gssapi-with-mic [preauth] >>> May 2 17:10:42 neodymium sshd[752]: debug1: attempt 1 failures 0 [preauth] >>> May 2 17:10:42 neodymium sshd[752]: debug2: input_userauth_request: try >>> method >>> gssapi-with-mic [preauth] >>> May 2 17:10:42 neodymium sshd[752]: debug3: mm_request_send entering: type >>> 42 >>> [preauth] >>> May 2 17:10:42 neodymium sshd[752]: debug3: mm_request_receive_expect >>> entering: >>> type 43 [preauth] >>> May 2 17:10:42 neodymium sshd[752]: debug3: mm_request_receive entering >>> [preauth] >>> May 2 17:10:42 neodymium sshd[752]: debug3: mm_request_receive entering >>> May 2 17:10:42 neodymium sshd[752]: debug3: monitor_read: checking request 4 >>> May 2 17:10:42 neodymium sshd[752]: debug3: mm_answer_authserv: >>> service=ssh-connection, style= >>> May 2 17:10:42 neodymium sshd[752]: debug2: monitor_read: 4 used once, >>> disabling >>> now >>> May 2 17:10:42 neodymium sshd[752]: debug3: mm_request_receive entering >>> May 2 17:10:42 neodymium sshd[752]: debug3: monitor_read: checking request >>> 80 >>> May 2 17:10:42 neodymium sshd[752]: debug3: mm_answer_authrole: role= >>> May 2 17:10:42 neodymium sshd[752]: debug2: monitor_read: 80 used once, >>> disabling now >>> May 2 17:10:42 neodymium sshd[752]: debug3: mm_request_receive entering >>> May 2 17:10:42 neodymium sshd[752]: debug3: monitor_read: checking request >>> 42 >>> May 2 17:10:42 neodymium sshd[752]: debug3: mm_request_send entering: type >>> 43 >>> May 2 17:10:42 neodymium sshd[752]: Postponed gssapi-with-mic for [ >>> mailto:[email protected] | [email protected] ] >>> from >>> 192.168.10.155 port 53106 ssh2 [preauth] >>> May 2 17:10:42 neodymium sshd[752]: debug1: userauth-request for user [ >>> mailto:[email protected] | [email protected] ] >>> service ssh-connection method keyboard-interactive [preauth] >>> May 2 17:10:42 neodymium sshd[752]: debug1: attempt 2 failures 0 [preauth] >>> May 2 17:10:42 neodymium sshd[752]: debug2: input_userauth_request: try >>> method >>> keyboard-interactive [preauth] >>> May 2 17:10:42 neodymium sshd[752]: debug1: keyboard-interactive devs >>> [preauth] >>> May 2 17:10:42 neodymium sshd[752]: debug1: auth2_challenge: user= [ >>> mailto:[email protected] | [email protected] ] >>> devs= >>> [preauth] >>> May 2 17:10:42 neodymium sshd[752]: debug1: kbdint_alloc: devices 'pam' >>> [preauth] >>> May 2 17:10:42 neodymium sshd[752]: debug2: auth2_challenge_start: devices >>> pam >>> [preauth] >>> May 2 17:10:42 neodymium sshd[752]: debug2: kbdint_next_device: devices >>> <empty> >>> [preauth] >>> May 2 17:10:42 neodymium sshd[752]: debug1: auth2_challenge_start: trying >>> authentication method 'pam' [preauth] >>> May 2 17:10:42 neodymium sshd[752]: debug3: mm_sshpam_init_ctx [preauth] >>> May 2 17:10:42 neodymium sshd[752]: debug3: mm_request_send entering: type >>> 104 >>> [preauth] >>> May 2 17:10:42 neodymium sshd[752]: debug3: mm_sshpam_init_ctx: waiting for >>> MONITOR_ANS_PAM_INIT_CTX [preauth] >>> May 2 17:10:42 neodymium sshd[752]: debug3: mm_request_receive_expect >>> entering: >>> type 105 [preauth] >>> May 2 17:10:42 neodymium sshd[752]: debug3: mm_request_receive entering >>> [preauth] >>> May 2 17:10:42 neodymium sshd[752]: debug3: mm_request_receive entering >>> May 2 17:10:42 neodymium sshd[752]: debug3: monitor_read: checking request >>> 104 >>> May 2 17:10:42 neodymium sshd[752]: debug3: mm_answer_pam_init_ctx >>> May 2 17:10:42 neodymium sshd[752]: debug3: PAM: sshpam_init_ctx entering >>> May 2 17:10:42 neodymium sshd[752]: debug3: mm_request_send entering: type >>> 105 >>> May 2 17:10:42 neodymium sshd[752]: debug3: mm_sshpam_query [preauth] >>> May 2 17:10:42 neodymium sshd[752]: debug3: mm_request_send entering: type >>> 106 >>> [preauth] >>> May 2 17:10:42 neodymium sshd[752]: debug3: mm_sshpam_query: waiting for >>> MONITOR_ANS_PAM_QUERY [preauth] >>> May 2 17:10:42 neodymium sshd[752]: debug3: mm_request_receive_expect >>> entering: >>> type 107 [preauth] >>> May 2 17:10:42 neodymium sshd[752]: debug3: mm_request_receive entering >>> [preauth] >>> May 2 17:10:42 neodymium sshd[752]: debug3: mm_request_receive entering >>> May 2 17:10:42 neodymium sshd[752]: debug3: monitor_read: checking request >>> 106 >>> May 2 17:10:42 neodymium sshd[752]: debug3: mm_answer_pam_query >>> May 2 17:10:42 neodymium sshd[752]: debug3: PAM: sshpam_query entering >>> May 2 17:10:42 neodymium sshd[752]: debug3: ssh_msg_recv entering >>> May 2 17:10:42 neodymium sshd[766]: debug3: PAM: sshpam_thread_conv >>> entering, 1 >>> messages >>> May 2 17:10:42 neodymium sshd[766]: debug3: ssh_msg_send: type 1 >>> May 2 17:10:42 neodymium sshd[766]: debug3: ssh_msg_recv entering >>> May 2 17:10:42 neodymium sshd[752]: debug3: mm_request_send entering: type >>> 107 >>> May 2 17:10:42 neodymium sshd[752]: debug3: mm_sshpam_query: pam_query >>> returned >>> 0 [preauth] >>> May 2 17:10:42 neodymium sshd[752]: Postponed keyboard-interactive for [ >>> mailto:[email protected] | [email protected] ] >>> from >>> 192.168.10.155 port 53106 ssh2 [preauth] >>> -- >>> Tiemen Ruiten >>> Systems Engineer >>> R&D Media >>> -- >>> Manage your subscription for the Freeipa-users mailing list: >>> [ https://www.redhat.com/mailman/listinfo/freeipa-users | >>> https://www.redhat.com/mailman/listinfo/freeipa-users ] >>> Go to [ http://freeipa.org/ | http://freeipa.org ] for more info on the >>> project > -- > Tiemen Ruiten > Systems Engineer > R&D Media
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
