What is content of the log when SSSD is doing auth? When i log in with IPA domain client, the output of the log is (anything non standard?):
Jan 5 12:08:37 ipaserver sshd[24434]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.227.1 user= r...@example.com Jan 5 12:08:37 ipaserver sshd[24434]: pam_sss(sshd:auth): authentication success; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.227.1 user= r...@example.com Jan 5 12:08:37 ipaserver sshd[24434]: Accepted password for ron@EXAMPLE.COMfrom 192.168.227.1 port 57144 ssh2 Jan 5 12:08:37 ipaserver sshd[24434]: pam_unix(sshd:session): session opened for user r...@example.com by (uid=0) Here is the /etc/pam.d/system-auth file : https://gist.github.com/anonymous/8273507 it does contains pam_sss.so module. When i created the the environment, first i installed the IPA server, then joined the IPA clients and finally created the trust. 2014/1/5 Dmitri Pal <d...@redhat.com> > On 01/04/2014 06:13 PM, Genadi Postrilko wrote: > > Output from /var/log/secure: > > Jan 4 15:03:02 ipaserver sshd[5958]: Invalid user Administrator@ADDC.COMfrom > 192.168.227.1 > Jan 4 15:03:02 ipaserver sshd[5959]: input_userauth_request: invalid user > administra...@addc.com > Jan 4 15:03:06 ipaserver sshd[5958]: pam_unix(sshd:auth): check pass; > user unknown > Jan 4 15:03:06 ipaserver sshd[5958]: pam_unix(sshd:auth): authentication > failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.227.1 > Jan 4 15:03:06 ipaserver sshd[5958]: pam_succeed_if(sshd:auth): error > retrieving information about user administra...@addc.com > Jan 4 15:03:08 ipaserver sshd[5958]: Failed password for invalid user > administra...@addc.com from 192.168.227.1 port 53125 ssh2 > > > I do not see SSSD doing auth. > Is pam_sss configured for PAM for SSH? > See more details here: > > https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html-single/Identity_Management_Guide/index.html#installing-host-keys > http://www.freeipa.org/images/1/10/Freeipa30_SSSD_OpenSSH_integration.pdf > > I do not see simple HowTo to configure SSH to use SSSD for cases when > ipa-client-install is not used. May be we should provide one. > The expectation is: > You install IPA, create trust, join client to IPA using ipa-client-install > and it configures everything you need. > The order of last two steps can be reversed but the result should be the > same. > > > > > 2014/1/3 Genadi Postrilko <genadip...@gmail.com> > >> Here are the other logs as well (ldap_child.log, sssd_pac.log, >> sssd_ssh.log). >> >> https://gist.github.com/anonymous/8242061 >> >> I attempted to log in (as administra...@addc.com) at 9:04. >> >> Thanks for the help. >> > > > _______________________________________________ > Freeipa-users mailing > listFreeipa-users@redhat.comhttps://www.redhat.com/mailman/listinfo/freeipa-users > > > > -- > Thank you, > Dmitri Pal > > Sr. Engineering Manager for IdM portfolio > Red Hat Inc. > > > ------------------------------- > Looking to carve out IT costs?www.redhat.com/carveoutcosts/ > > > _______________________________________________ > Freeipa-users mailing list > Freeipa-users@redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-users >
_______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users