Hi Rob, Thank you for your email. I've identified the issue. When attempting to create a user using the 'ipa user-add' command and defining the UID and GID according to my specifications, the UID falls within the 4-digit range, for instance, 4141. The IPA IDs range during installation was set to 770000. Users created within this range are accepted with their passwords. However, users created with UIDs like 4141 or 4142 encounter issues.
Looks like attributes, were not creating objectclass: top, person, organizationalperson, inetorgperson, inetuser, posixaccount, krbprincipalaux, krbticketpolicyaux, ipaobject, ipasshuser, ipaSshGroupOfPubKeys, mepOriginEntry, ipantuserattrs If i mention uid and gid using ipa user-add command ipantuserattrs is not getting create. I tried to modify default range but it dint happened. On Mon, 27 Nov 2023 at 9:41 PM, Rob Crittenden <rcrit...@redhat.com> wrote: > Pradeep KNS wrote: > > Hi, > > I have installed an ipa with internal dns.After installing updated > > entries on dns as well. > > > > My main criteria is to communicate with ipa clients with ssh keybased > > authentication which is working fine. > > > > Today i tot of i want to test with password based authentication which > > is not happening.I dont know where i am missing > > > > > > [r...@example.com <mailto:r...@example.com>]# ipa --version > > VERSION: 4.10.1, API_VERSION: 2.251 > > [r...@example.com <mailto:r...@example.com>]# > > > > ********************** PREVIOUS MESSAGE WAS TRIGGERED BY THE FOLLOWING > > BACKTRACE: > > * (2023-11-23 19:33:16): [krb5_child[11588]] [tgt_req_child] > > (0x1000): [RID#15] Password was expired > > The user's password is expired. > > IPA intends that only the end-user knows their password. So if it is set > or reset by an administrator the user will need to change it. > > Is the user not prompted to reset it? > > rob > > > * (2023-11-23 19:33:16): [krb5_child[11588]] [sss_krb5_responder] > > (0x4000): [RID#15] Got question [password]. > > * (2023-11-23 19:33:16): [krb5_child[11588]] [map_krb5_error] > > (0x0020): [RID#15] 2138: [-1765328324][Generic error (see e-text)] > > ********************** BACKTRACE DUMP ENDS HERE > > ********************************* > > > > ssh log > > > > Nov 23 19:33:16 test-example.com <http://test-example.com> sshd[11586]: > > pam_sss(sshd:auth): authentication failure; logname= uid=0 euid=0 > > tty=ssh ruser= rhost=10.10.1.1 user=harsh > > Nov 23 19:33:16 test-example.com <http://test-example.com> sshd[11586]: > > pam_sss(sshd:auth): received for user harsh: 4 (System error) > > Nov 23 19:33:18test-example.com <http://18test-example.com> sshd[11584]: > > error: PAM: Authentication failure for harsh from 10.10.1.1 > > Nov 23 19:33:20 test-example.com <http://test-example.com> sshd[11584]: > > Connection closed by authenticating user harsh 10.10.1.1 port 47724 > > [preauth] > > >
-- _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
