Hi Everybody.
I ran into a strange problem today: I reset a user password in the GUI to "Test1234" for testing but when I tried to login as that user and enter the password, I got an authentication error. Does anyone know why this might be occurring or how I can debug it? Here are some additional details: * OS: CentOS 6.2 * FreeIPA: 2.1.3 Here are the steps I went through: 1. I log into the server as "A". 2. I run "kinit admin 3. I add a user "B" with password: "F00bar5pam!" 4. I verify that the user exists https://localhost 5. I reset the password in the web interface to "Test1234" (yeah, I know, completely lame) 6. The GUI tells me that it reset. 7. I then try "ssh B@some-host" using the "Test1234" and get permission denied. That is odd, it may indicate an HBAC error. 8. So I try "su - B" with password "Test1234" and get "su: incorrect password" 9. Now I am stumped so I look /var/log/secure and see these entries: Jun 29 17:53:11 cuthbert su: pam_sss(su-l:auth): authentication failure; logname=A uid=500 euid=0 tty=pts/1 ruser=A rhost= user=B Jun 29 17:53:11 cuthbert su: pam_sss(su-l:auth): received for B: 4 (System error) 10. I didn't see anything strange in /var/log/dirsrv/slapd-EXAMPLE-COM/access 11. I didn't see anything strange in /var/log/dirsrc/slapd-PKI-API/access 12. I didn't see any SELinux errors in /var/log/audit/audit.log 13. I didn't see anything suspicious in /var/log/krb5kdc.log 14. In /var/log/pki-ca/debug there was some stuff about no sessions have been created but I am not sure whether that has anything to do with this What is system error 4 (step #9)? Is that the source of the problem? Any help would be greatly appreciated. Thanks, Joe
_______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users