Tickets on the FreeIPA host after connecting (with a password): [[email protected]@neodymium ~]$ klist Ticket cache: KEYRING:persistent:998801112:krb_ccache_ZzERoB1 Default principal: [email protected]
Valid starting Expires Service principal 05/03/2017 11:26:03 05/03/2017 21:26:03 krbtgt/ [email protected] renew until 05/04/2017 11:26:03 Tickets on the AD laptop after a connection attempt: C:\Users\adm.tiemen.CLIENTS>klist Current LogonId is 0:0x587aa Cached Tickets: (2) #0> Client: adm.tiemen @ CLIENTS.RDMEDIA.COM Server: krbtgt/CLIENTS.RDMEDIA.COM @ CLIENTS.RDMEDIA.COM KerbTicket Encryption Type: AES-256-CTS-HMAC-SHA1-96 Ticket Flags 0x40e10000 -> forwardable renewable initial pre_authent name_canonicalize Start Time: 5/3/2017 11:12:46 (local) End Time: 5/3/2017 21:12:46 (local) Renew Time: 5/10/2017 11:12:46 (local) Session Key Type: AES-256-CTS-HMAC-SHA1-96 Cache Flags: 0x1 -> PRIMARY Kdc Called: vm-win-01.clients.rdmedia.com #1> Client: adm.tiemen @ CLIENTS.RDMEDIA.COM Server: LDAP/vm-win-01.clients.rdmedia.com/clients.rdmedia.com @ CLIENTS.RDMEDIA.COM KerbTicket Encryption Type: AES-256-CTS-HMAC-SHA1-96 Ticket Flags 0x40a50000 -> forwardable renewable pre_authent ok_as_delegate name_canonicalize Start Time: 5/3/2017 11:12:46 (local) End Time: 5/3/2017 21:12:46 (local) Renew Time: 5/10/2017 11:12:46 (local) Session Key Type: AES-256-CTS-HMAC-SHA1-96 Cache Flags: 0 Kdc Called: vm-win-01.clients.rdmedia.com On 2 May 2017 at 19:45, Tiemen Ruiten <[email protected]> wrote: > It's a CentOS 7.3 host, the version of sssd is 1.14.0, so there's no need > for mapping. However on the AD host: > > Microsoft Windows [Version 6.3.9600] > > (c) 2013 Microsoft Corporation. All rights reserved. > > > adm.tiemen@VM-WIN-01 C:\Users\adm.tiemen>klist > > > Current LogonId is 0:0x603b58 > > > Cached Tickets: (0) > > > adm.tiemen@VM-WIN-01 C:\Users\adm.tiemen> > > Note that this is the domain controller and I'm logged in using the > experimental Win32-OpenSSH server. Not sure if that makes a difference. I > am not currently in the office, so unfortunately can't turn on the only > joined laptop in this domain. > > How can I ensure a proper ticket is generated? > > On 2 May 2017 at 18:25, Sumit Bose <[email protected]> wrote: > >> On Tue, May 02, 2017 at 05:46:34PM +0200, Tiemen Ruiten wrote: >> > I think I just realised that my expectation may be wrong: GSSAPI login >> with >> > a FreeIPA user logged in on an AD host to a FreeIPA host works. So is it >> > correct to also expect passwordless login with an AD user to a FreeIPA >> host? >> >> The AD user case should work as well. >> >> First please send the SSSD version you use on the IPA client, >> alternatively you can check if >> /var/lib/sss/pubconf/krb5.include.d/localauth_plugin exists or not. This >> would tell if SSSD can map the user name to the Kerberos principal of if >> additional configuration is needed. >> >> On the AD host please check after trying to connect with ssh if there is >> a proper service ticket for the IPA client by calling 'klist' in cmd.exe >> or PowerShell. >> >> bye, >> Sumit >> >> > >> > On 2 May 2017 at 17:40, Jason B. Nance <[email protected]> wrote: >> > >> > > Hi Tiemen, >> > > >> > > To be clear, what I'm trying to do: log in from an AD account >> > > (adm.tiemen), from an AD host (leon.clients.rdmedia.com) to a FreeIPA >> > > host (neodymium.test.ams.i.rdmedia.com) with the same AD account. I >> > > expect to be logged in through GSSAPI, instead I get a password >> prompt. >> > > >> > > I'm assuming that you are coming from a Windows client that is domain >> > > joined and logged into that Windows client with the same domain >> credentials >> > > that you are using to connect to the IPA-joined host. Do you also >> have >> > > your SSH client configured to attempt GSSAPI? It appears that you do >> from >> > > the logs you provided but I'm just double-checking. >> > > >> > > In my setup I've found that this feature does not work all of the >> time. >> > > I've not yet been able to track it down and I'm assuming it has >> something >> > > to do with connections to domain controllers timing out, but at this >> point >> > > that is speculation. >> > > >> > > So to answer your question, yes, that should work. Sorry I don't have >> > > more information for you, I guess I'm basically "me too"ing your post. >> > > >> > > Regards, >> > > >> > > j >> > > >> > > Is this supposed to work? Did I miss something? >> > > >> > > Below the SSH log from the FreeIPA host with LogLevel DEBUG3: >> > > >> > > May 2 17:10:32 neodymium sshd[572]: debug3: fd 5 is not O_NONBLOCK >> > > May 2 17:10:32 neodymium sshd[572]: debug1: Forked child 752. >> > > May 2 17:10:32 neodymium sshd[572]: debug3: send_rexec_state: >> entering fd >> > > = 8 config len 922 >> > > May 2 17:10:32 neodymium sshd[572]: debug3: ssh_msg_send: type 0 >> > > May 2 17:10:32 neodymium sshd[572]: debug3: send_rexec_state: done >> > > May 2 17:10:32 neodymium sshd[752]: debug3: oom_adjust_restore >> > > May 2 17:10:32 neodymium sshd[752]: Set /proc/self/oom_score_adj to 0 >> > > May 2 17:10:32 neodymium sshd[752]: debug1: rexec start in 5 out 5 >> > > newsock 5 pipe 7 sock 8 >> > > May 2 17:10:32 neodymium sshd[752]: debug1: inetd sockets after >> dupping: >> > > 3, 3 >> > > May 2 17:10:32 neodymium sshd[752]: Connection from 192.168.10.155 >> port >> > > 53106 on 192.168.50.63 port 22 >> > > May 2 17:10:32 neodymium sshd[752]: debug1: Client protocol version >> 2.0; >> > > client software version PuTTY_KiTTY >> > > May 2 17:10:32 neodymium sshd[752]: debug1: no match: PuTTY_KiTTY >> > > May 2 17:10:32 neodymium sshd[752]: debug1: Enabling compatibility >> mode >> > > for protocol 2.0 >> > > May 2 17:10:32 neodymium sshd[752]: debug1: Local version string >> > > SSH-2.0-OpenSSH_6.6.1 >> > > May 2 17:10:32 neodymium sshd[752]: debug2: fd 3 setting O_NONBLOCK >> > > May 2 17:10:32 neodymium sshd[752]: debug3: ssh_sandbox_init: >> preparing >> > > rlimit sandbox >> > > May 2 17:10:32 neodymium sshd[752]: debug2: Network child is on pid >> 753 >> > > May 2 17:10:32 neodymium sshd[752]: debug3: preauth child monitor >> started >> > > May 2 17:10:32 neodymium sshd[752]: debug1: SELinux support disabled >> > > [preauth] >> > > May 2 17:10:32 neodymium sshd[752]: debug3: privsep user:group 74:74 >> > > [preauth] >> > > May 2 17:10:32 neodymium sshd[752]: debug1: permanently_set_uid: >> 74/74 >> > > [preauth] >> > > May 2 17:10:32 neodymium sshd[752]: debug1: list_hostkey_types: >> > > ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519 [preauth] >> > > May 2 17:10:32 neodymium sshd[752]: debug3: mm_request_send entering: >> > > type 42 [preauth] >> > > May 2 17:10:32 neodymium sshd[752]: debug3: mm_request_receive_expect >> > > entering: type 43 [preauth] >> > > May 2 17:10:32 neodymium sshd[752]: debug3: mm_request_receive >> entering >> > > [preauth] >> > > May 2 17:10:32 neodymium sshd[752]: debug3: mm_request_receive >> entering >> > > May 2 17:10:32 neodymium sshd[752]: debug3: monitor_read: checking >> > > request 42 >> > > May 2 17:10:32 neodymium sshd[752]: debug3: mm_request_send entering: >> > > type 43 >> > > May 2 17:10:32 neodymium sshd[752]: debug1: SSH2_MSG_KEXINIT sent >> > > [preauth] >> > > May 2 17:10:32 neodymium sshd[752]: debug1: SSH2_MSG_KEXINIT received >> > > [preauth] >> > > May 2 17:10:32 neodymium sshd[752]: debug2: kex_parse_kexinit: >> > > gss-gex-sha1-toWM5Slw5Ew8Mqkay+al2g==,gss-group1-sha1-toWM5S >> lw5Ew8Mqkay+ >> > > al2g==,gss-group14-sha1-toWM5Slw5Ew8Mqkay+al2g==,curve >> > > [email protected],ecdh-sha2-nistp256,ecdh-sha2- >> > > nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange- >> > > sha256,diffie-hellman-group-exchange-sha1,diffie-hellman- >> > > group14-sha1,diffie-hellman-group1-sha1 [preauth] >> > > May 2 17:10:32 neodymium sshd[752]: debug2: kex_parse_kexinit: >> > > ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519 [preauth] >> > > May 2 17:10:32 neodymium sshd[752]: debug2: kex_parse_kexinit: >> > > aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes1 >> > > [email protected],[email protected],chacha20-poly1305@ >> openssh.com >> > > ,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc, >> > > aes192-cbc,aes256-cbc,arcfour,[email protected] [preauth] >> > > May 2 17:10:32 neodymium sshd[752]: debug2: kex_parse_kexinit: >> > > aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes1 >> > > [email protected],[email protected],chacha20-poly1305@ >> openssh.com >> > > ,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc, >> > > aes192-cbc,aes256-cbc,arcfour,[email protected] [preauth] >> > > May 2 17:10:32 neodymium sshd[752]: debug2: kex_parse_kexinit: >> > > [email protected],[email protected],umac-64-e >> [email protected] >> > > ,[email protected],[email protected],hmac >> -sha2-512-etm@ >> > > openssh.com,[email protected],hmac-sha1-96-etm@ >> openssh.com, >> > > [email protected],hmac-md5,hmac-sha1,[email protected] >> ,umac- >> > > [email protected],hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,h >> > > [email protected],hmac-sha1-96,hmac-md5-96 [preauth] >> > > May 2 17:10:32 neodymium sshd[752]: debug2: kex_parse_kexinit: >> > > [email protected],[email protected],umac-64-e >> [email protected] >> > > ,[email protected],[email protected],hmac >> -sha2-512-etm@ >> > > openssh.com,[email protected],hmac-sha1-96-etm@ >> openssh.com, >> > > [email protected],hmac-md5,hmac-sha1,[email protected] >> ,umac- >> > > [email protected],hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,h >> > > [email protected],hmac-sha1-96,hmac-md5-96 [preauth] >> > > May 2 17:10:32 neodymium sshd[752]: debug2: kex_parse_kexinit: none, >> > > [email protected] [preauth] >> > > May 2 17:10:32 neodymium sshd[752]: debug2: kex_parse_kexinit: none, >> > > [email protected] [preauth] >> > > May 2 17:10:32 neodymium sshd[752]: debug2: kex_parse_kexinit: >> [preauth] >> > > May 2 17:10:32 neodymium sshd[752]: debug2: kex_parse_kexinit: >> [preauth] >> > > May 2 17:10:32 neodymium sshd[752]: debug2: kex_parse_kexinit: >> > > first_kex_follows 0 [preauth] >> > > May 2 17:10:32 neodymium sshd[752]: debug2: kex_parse_kexinit: >> reserved 0 >> > > [preauth] >> > > May 2 17:10:32 neodymium sshd[752]: debug2: kex_parse_kexinit: >> > > [email protected],ecdh-sha2-nistp256,ecdh-sha2- >> > > nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange- >> > > sha256,diffie-hellman-group-exchange-sha1,diffie-hellman- >> > > group14-sha1,rsa2048-sha256,rsa1024-sha1,diffie-hellman-group1-sha1 >> > > [preauth] >> > > May 2 17:10:32 neodymium sshd[752]: debug2: kex_parse_kexinit: >> > > ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384, >> > > ecdsa-sha2-nistp521,ssh-rsa,ssh-dss [preauth] >> > > May 2 17:10:32 neodymium sshd[752]: debug2: kex_parse_kexinit: >> > > aes256-ctr,aes256-cbc,[email protected],aes192- >> > > ctr,aes192-cbc,aes128-ctr,aes128-cbc,[email protected] >> > > ,blowfish-ctr,blowfish-cbc,3des-ctr,3des-cbc,arcfour256,arcfour128 >> > > [preauth] >> > > May 2 17:10:32 neodymium sshd[752]: debug2: kex_parse_kexinit: >> > > aes256-ctr,aes256-cbc,[email protected],aes192- >> > > ctr,aes192-cbc,aes128-ctr,aes128-cbc,[email protected] >> > > ,blowfish-ctr,blowfish-cbc,3des-ctr,3des-cbc,arcfour256,arcfour128 >> > > [preauth] >> > > May 2 17:10:32 neodymium sshd[752]: debug2: kex_parse_kexinit: >> > > hmac-sha2-256,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-sha2- >> > > [email protected],[email protected],hmac-sha1-96-e >> [email protected] >> > > ,[email protected] [preauth] >> > > May 2 17:10:32 neodymium sshd[752]: debug2: kex_parse_kexinit: >> > > hmac-sha2-256,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-sha2- >> > > [email protected],[email protected],hmac-sha1-96-e >> [email protected] >> > > ,[email protected] [preauth] >> > > May 2 17:10:32 neodymium sshd[752]: debug2: kex_parse_kexinit: >> none,zlib >> > > [preauth] >> > > May 2 17:10:32 neodymium sshd[752]: debug2: kex_parse_kexinit: >> none,zlib >> > > [preauth] >> > > May 2 17:10:32 neodymium sshd[752]: debug2: kex_parse_kexinit: >> [preauth] >> > > May 2 17:10:32 neodymium sshd[752]: debug2: kex_parse_kexinit: >> [preauth] >> > > May 2 17:10:32 neodymium sshd[752]: debug2: kex_parse_kexinit: >> > > first_kex_follows 0 [preauth] >> > > May 2 17:10:32 neodymium sshd[752]: debug2: kex_parse_kexinit: >> reserved 0 >> > > [preauth] >> > > May 2 17:10:32 neodymium sshd[752]: debug2: mac_setup: setup >> > > hmac-sha2-256 [preauth] >> > > May 2 17:10:32 neodymium sshd[752]: debug1: kex: client->server >> > > aes256-ctr hmac-sha2-256 none [preauth] >> > > May 2 17:10:32 neodymium sshd[752]: debug2: mac_setup: setup >> > > hmac-sha2-256 [preauth] >> > > May 2 17:10:32 neodymium sshd[752]: debug1: kex: server->client >> > > aes256-ctr hmac-sha2-256 none [preauth] >> > > May 2 17:10:32 neodymium sshd[752]: debug1: kex: >> > > [email protected] need=32 dh_need=32 [preauth] >> > > May 2 17:10:32 neodymium sshd[752]: debug3: mm_request_send entering: >> > > type 120 [preauth] >> > > May 2 17:10:32 neodymium sshd[752]: debug3: mm_request_receive_expect >> > > entering: type 121 [preauth] >> > > May 2 17:10:32 neodymium sshd[752]: debug3: mm_request_receive >> entering >> > > [preauth] >> > > May 2 17:10:32 neodymium sshd[752]: debug3: mm_request_receive >> entering >> > > May 2 17:10:32 neodymium sshd[752]: debug3: monitor_read: checking >> > > request 120 >> > > May 2 17:10:32 neodymium sshd[752]: debug3: mm_request_send entering: >> > > type 121 >> > > May 2 17:10:32 neodymium sshd[752]: debug1: kex: >> > > [email protected] need=32 dh_need=32 [preauth] >> > > May 2 17:10:32 neodymium sshd[752]: debug3: mm_request_send entering: >> > > type 120 [preauth] >> > > May 2 17:10:32 neodymium sshd[752]: debug3: mm_request_receive_expect >> > > entering: type 121 [preauth] >> > > May 2 17:10:32 neodymium sshd[752]: debug3: mm_request_receive >> entering >> > > [preauth] >> > > May 2 17:10:32 neodymium sshd[752]: debug3: mm_request_receive >> entering >> > > May 2 17:10:32 neodymium sshd[752]: debug3: monitor_read: checking >> > > request 120 >> > > May 2 17:10:32 neodymium sshd[752]: debug3: mm_request_send entering: >> > > type 121 >> > > May 2 17:10:32 neodymium sshd[752]: debug1: expecting >> > > SSH2_MSG_KEX_ECDH_INIT [preauth] >> > > May 2 17:10:32 neodymium sshd[752]: debug3: mm_key_sign entering >> [preauth] >> > > May 2 17:10:32 neodymium sshd[752]: debug3: mm_request_send entering: >> > > type 6 [preauth] >> > > May 2 17:10:32 neodymium sshd[752]: debug3: mm_key_sign: waiting for >> > > MONITOR_ANS_SIGN [preauth] >> > > May 2 17:10:32 neodymium sshd[752]: debug3: mm_request_receive_expect >> > > entering: type 7 [preauth] >> > > May 2 17:10:32 neodymium sshd[752]: debug3: mm_request_receive >> entering >> > > [preauth] >> > > May 2 17:10:32 neodymium sshd[752]: debug3: mm_request_receive >> entering >> > > May 2 17:10:32 neodymium sshd[752]: debug3: monitor_read: checking >> > > request 6 >> > > May 2 17:10:32 neodymium sshd[752]: debug3: mm_answer_sign >> > > May 2 17:10:32 neodymium sshd[752]: debug3: mm_answer_sign: signature >> > > 0x7f7ea34ed250(83) >> > > May 2 17:10:32 neodymium sshd[752]: debug3: mm_request_send entering: >> > > type 7 >> > > May 2 17:10:32 neodymium sshd[752]: debug2: monitor_read: 6 used >> once, >> > > disabling now >> > > May 2 17:10:32 neodymium sshd[752]: debug2: kex_derive_keys [preauth] >> > > May 2 17:10:32 neodymium sshd[752]: debug2: set_newkeys: mode 1 >> [preauth] >> > > May 2 17:10:32 neodymium sshd[752]: debug1: SSH2_MSG_NEWKEYS sent >> > > [preauth] >> > > May 2 17:10:32 neodymium sshd[752]: debug1: expecting >> SSH2_MSG_NEWKEYS >> > > [preauth] >> > > May 2 17:10:33 neodymium sshd[752]: debug2: set_newkeys: mode 0 >> [preauth] >> > > May 2 17:10:33 neodymium sshd[752]: debug1: SSH2_MSG_NEWKEYS received >> > > [preauth] >> > > May 2 17:10:33 neodymium sshd[752]: debug1: KEX done [preauth] >> > > May 2 17:10:42 neodymium sshd[752]: debug1: userauth-request for user >> > > [email protected] service ssh-connection method none >> > > [preauth] >> > > May 2 17:10:42 neodymium sshd[752]: debug1: attempt 0 failures 0 >> [preauth] >> > > May 2 17:10:42 neodymium sshd[752]: debug3: mm_getpwnamallow entering >> > > [preauth] >> > > May 2 17:10:42 neodymium sshd[752]: debug3: mm_request_send entering: >> > > type 8 [preauth] >> > > May 2 17:10:42 neodymium sshd[752]: debug3: mm_getpwnamallow: >> waiting for >> > > MONITOR_ANS_PWNAM [preauth] >> > > May 2 17:10:42 neodymium sshd[752]: debug3: mm_request_receive_expect >> > > entering: type 9 [preauth] >> > > May 2 17:10:42 neodymium sshd[752]: debug3: mm_request_receive >> entering >> > > [preauth] >> > > May 2 17:10:42 neodymium sshd[752]: debug3: mm_request_receive >> entering >> > > May 2 17:10:42 neodymium sshd[752]: debug3: monitor_read: checking >> > > request 8 >> > > May 2 17:10:42 neodymium sshd[752]: debug3: mm_answer_pwnamallow >> > > May 2 17:10:42 neodymium sshd[752]: debug3: Trying to reverse map >> address >> > > 192.168.10.155. >> > > May 2 17:10:42 neodymium sshd[752]: debug2: parse_server_config: >> config >> > > reprocess config len 922 >> > > May 2 17:10:42 neodymium sshd[752]: debug3: mm_answer_pwnamallow: >> sending >> > > MONITOR_ANS_PWNAM: 1 >> > > May 2 17:10:42 neodymium sshd[752]: debug3: mm_request_send entering: >> > > type 9 >> > > May 2 17:10:42 neodymium sshd[752]: debug2: monitor_read: 8 used >> once, >> > > disabling now >> > > May 2 17:10:42 neodymium sshd[752]: debug2: input_userauth_request: >> > > setting up authctxt for [email protected] [preauth] >> > > May 2 17:10:42 neodymium sshd[752]: debug3: mm_start_pam entering >> > > [preauth] >> > > May 2 17:10:42 neodymium sshd[752]: debug3: mm_request_send entering: >> > > type 100 [preauth] >> > > May 2 17:10:42 neodymium sshd[752]: debug3: mm_inform_authserv >> entering >> > > [preauth] >> > > May 2 17:10:42 neodymium sshd[752]: debug3: mm_request_send entering: >> > > type 4 [preauth] >> > > May 2 17:10:42 neodymium sshd[752]: debug3: mm_inform_authrole >> entering >> > > [preauth] >> > > May 2 17:10:42 neodymium sshd[752]: debug3: mm_request_send entering: >> > > type 80 [preauth] >> > > May 2 17:10:42 neodymium sshd[752]: debug2: input_userauth_request: >> try >> > > method none [preauth] >> > > May 2 17:10:42 neodymium sshd[752]: debug3: userauth_finish: failure >> > > partial=0 next methods="publickey,gssapi-keye >> x,gssapi-with-mic,password,keyboard-interactive" >> > > [preauth] >> > > May 2 17:10:42 neodymium sshd[752]: debug3: mm_request_receive >> entering >> > > May 2 17:10:42 neodymium sshd[752]: debug3: monitor_read: checking >> > > request 100 >> > > May 2 17:10:42 neodymium sshd[752]: debug1: PAM: initializing for " >> > > [email protected]" >> > > May 2 17:10:42 neodymium sshd[752]: debug1: PAM: setting PAM_RHOST to >> > > "192.168.10.155" >> > > May 2 17:10:42 neodymium sshd[752]: debug1: PAM: setting PAM_TTY to >> "ssh" >> > > May 2 17:10:42 neodymium sshd[752]: debug2: monitor_read: 100 used >> once, >> > > disabling now >> > > May 2 17:10:42 neodymium sshd[752]: debug1: userauth-request for user >> > > [email protected] service ssh-connection method >> > > gssapi-with-mic [preauth] >> > > May 2 17:10:42 neodymium sshd[752]: debug1: attempt 1 failures 0 >> [preauth] >> > > May 2 17:10:42 neodymium sshd[752]: debug2: input_userauth_request: >> try >> > > method gssapi-with-mic [preauth] >> > > May 2 17:10:42 neodymium sshd[752]: debug3: mm_request_send entering: >> > > type 42 [preauth] >> > > May 2 17:10:42 neodymium sshd[752]: debug3: mm_request_receive_expect >> > > entering: type 43 [preauth] >> > > May 2 17:10:42 neodymium sshd[752]: debug3: mm_request_receive >> entering >> > > [preauth] >> > > May 2 17:10:42 neodymium sshd[752]: debug3: mm_request_receive >> entering >> > > May 2 17:10:42 neodymium sshd[752]: debug3: monitor_read: checking >> > > request 4 >> > > May 2 17:10:42 neodymium sshd[752]: debug3: mm_answer_authserv: >> > > service=ssh-connection, style= >> > > May 2 17:10:42 neodymium sshd[752]: debug2: monitor_read: 4 used >> once, >> > > disabling now >> > > May 2 17:10:42 neodymium sshd[752]: debug3: mm_request_receive >> entering >> > > May 2 17:10:42 neodymium sshd[752]: debug3: monitor_read: checking >> > > request 80 >> > > May 2 17:10:42 neodymium sshd[752]: debug3: mm_answer_authrole: role= >> > > May 2 17:10:42 neodymium sshd[752]: debug2: monitor_read: 80 used >> once, >> > > disabling now >> > > May 2 17:10:42 neodymium sshd[752]: debug3: mm_request_receive >> entering >> > > May 2 17:10:42 neodymium sshd[752]: debug3: monitor_read: checking >> > > request 42 >> > > May 2 17:10:42 neodymium sshd[752]: debug3: mm_request_send entering: >> > > type 43 >> > > May 2 17:10:42 neodymium sshd[752]: Postponed gssapi-with-mic for >> > > [email protected] from 192.168.10.155 port 53106 ssh2 >> > > [preauth] >> > > May 2 17:10:42 neodymium sshd[752]: debug1: userauth-request for user >> > > [email protected] service ssh-connection method >> > > keyboard-interactive [preauth] >> > > May 2 17:10:42 neodymium sshd[752]: debug1: attempt 2 failures 0 >> [preauth] >> > > May 2 17:10:42 neodymium sshd[752]: debug2: input_userauth_request: >> try >> > > method keyboard-interactive [preauth] >> > > May 2 17:10:42 neodymium sshd[752]: debug1: keyboard-interactive devs >> > > [preauth] >> > > May 2 17:10:42 neodymium sshd[752]: debug1: auth2_challenge: user= >> > > [email protected] devs= [preauth] >> > > May 2 17:10:42 neodymium sshd[752]: debug1: kbdint_alloc: devices >> 'pam' >> > > [preauth] >> > > May 2 17:10:42 neodymium sshd[752]: debug2: auth2_challenge_start: >> > > devices pam [preauth] >> > > May 2 17:10:42 neodymium sshd[752]: debug2: kbdint_next_device: >> devices >> > > <empty> [preauth] >> > > May 2 17:10:42 neodymium sshd[752]: debug1: auth2_challenge_start: >> trying >> > > authentication method 'pam' [preauth] >> > > May 2 17:10:42 neodymium sshd[752]: debug3: mm_sshpam_init_ctx >> [preauth] >> > > May 2 17:10:42 neodymium sshd[752]: debug3: mm_request_send entering: >> > > type 104 [preauth] >> > > May 2 17:10:42 neodymium sshd[752]: debug3: mm_sshpam_init_ctx: >> waiting >> > > for MONITOR_ANS_PAM_INIT_CTX [preauth] >> > > May 2 17:10:42 neodymium sshd[752]: debug3: mm_request_receive_expect >> > > entering: type 105 [preauth] >> > > May 2 17:10:42 neodymium sshd[752]: debug3: mm_request_receive >> entering >> > > [preauth] >> > > May 2 17:10:42 neodymium sshd[752]: debug3: mm_request_receive >> entering >> > > May 2 17:10:42 neodymium sshd[752]: debug3: monitor_read: checking >> > > request 104 >> > > May 2 17:10:42 neodymium sshd[752]: debug3: mm_answer_pam_init_ctx >> > > May 2 17:10:42 neodymium sshd[752]: debug3: PAM: sshpam_init_ctx >> entering >> > > May 2 17:10:42 neodymium sshd[752]: debug3: mm_request_send entering: >> > > type 105 >> > > May 2 17:10:42 neodymium sshd[752]: debug3: mm_sshpam_query [preauth] >> > > May 2 17:10:42 neodymium sshd[752]: debug3: mm_request_send entering: >> > > type 106 [preauth] >> > > May 2 17:10:42 neodymium sshd[752]: debug3: mm_sshpam_query: waiting >> for >> > > MONITOR_ANS_PAM_QUERY [preauth] >> > > May 2 17:10:42 neodymium sshd[752]: debug3: mm_request_receive_expect >> > > entering: type 107 [preauth] >> > > May 2 17:10:42 neodymium sshd[752]: debug3: mm_request_receive >> entering >> > > [preauth] >> > > May 2 17:10:42 neodymium sshd[752]: debug3: mm_request_receive >> entering >> > > May 2 17:10:42 neodymium sshd[752]: debug3: monitor_read: checking >> > > request 106 >> > > May 2 17:10:42 neodymium sshd[752]: debug3: mm_answer_pam_query >> > > May 2 17:10:42 neodymium sshd[752]: debug3: PAM: sshpam_query >> entering >> > > May 2 17:10:42 neodymium sshd[752]: debug3: ssh_msg_recv entering >> > > May 2 17:10:42 neodymium sshd[766]: debug3: PAM: sshpam_thread_conv >> > > entering, 1 messages >> > > May 2 17:10:42 neodymium sshd[766]: debug3: ssh_msg_send: type 1 >> > > May 2 17:10:42 neodymium sshd[766]: debug3: ssh_msg_recv entering >> > > May 2 17:10:42 neodymium sshd[752]: debug3: mm_request_send entering: >> > > type 107 >> > > May 2 17:10:42 neodymium sshd[752]: debug3: mm_sshpam_query: >> pam_query >> > > returned 0 [preauth] >> > > May 2 17:10:42 neodymium sshd[752]: Postponed keyboard-interactive >> for >> > > [email protected] from 192.168.10.155 port 53106 ssh2 >> > > [preauth] >> > > >> > > >> > > >> > > >> > > >> > > >> > > >> > > >> > > -- >> > > Tiemen Ruiten >> > > Systems Engineer >> > > R&D Media >> > > >> > > -- >> > > Manage your subscription for the Freeipa-users mailing list: >> > > https://www.redhat.com/mailman/listinfo/freeipa-users >> > > Go to http://freeipa.org for more info on the project >> > > >> > > >> > > >> > >> > >> > -- >> > Tiemen Ruiten >> > Systems Engineer >> > R&D Media >> >> > -- >> > Manage your subscription for the Freeipa-users mailing list: >> > https://www.redhat.com/mailman/listinfo/freeipa-users >> > Go to http://freeipa.org for more info on the project >> >> -- >> Manage your subscription for the Freeipa-users mailing list: >> https://www.redhat.com/mailman/listinfo/freeipa-users >> Go to http://freeipa.org for more info on the project >> > > > > -- > Tiemen Ruiten > Systems Engineer > R&D Media > -- Tiemen Ruiten Systems Engineer R&D Media
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
