Hello How do I get password authentication to work with freeipa-client 3.3.4-0ubuntu3.1 on Ubuntu 14.04 for ssh and sudo?
Long version follows :) We've got an IPA server with the Red Hat Identity Management server on RHEL 7.1 servers; FreeIPA v4.1.0 is being used there. I configured users and groups there and would now like to login with SSH. When I store a SSH key for the user account, I can login just fine, using this SSH key. But I'd like/need to use passwords as well. And sudo also doesn't work, when it's asking for passwords - I supposed, it's the same root cause. Let's stick with SSH. Initially, I installed the FreeIPA client with this command line: ipa-client-install --force-join --mkhomedir --ssh-trust-dns \ --enable-dns-updates --unattended \ --principal=admin --password=correctone \ --domain=customer.company.internal \ --server=auth01.customer.company.internal I then try to do a SSH login with: ssh -l ewt@customer.company.internal 192.168.229.143 or: ssh -l ewt 192.168.229.143 Password authentication doesn't work. In the /var/log/syslog on the system where I try to login, I find this: 2015-10-02T15:33:38.771291+02:00 mgmt02 [sssd[krb5_child[14154]]]: Key table entry not found After having turned up the debug level of the sssd with "sssd -i -f -d 0x0770 --debug-timestamps=1", I find the following in the system log files: 2015-10-02T15:40:48.756399+02:00 mgmt02 sshd[14194]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.71.117.1 user=ewt 2015-10-02T15:40:48.775896+02:00 mgmt02 sshd[14194]: pam_sss(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.71.117.1 user=ewt 2015-10-02T15:40:48.775927+02:00 mgmt02 sshd[14194]: pam_sss(sshd:auth): received for user ewt: 4 (System error) 2015-10-02T15:40:50.988591+02:00 mgmt02 sshd[14194]: Failed password for ewt from 212.71.117.1 port 58136 ssh2 TBH, I don't quite understand it. Anyway, in /var/log/sssd/sssd_customer.company.internal.log I noticed: (Fri Oct 2 15:46:26 2015) [sssd[be[customer.company.internal]]] [read_pipe_handler] (0x0400): EOF received, client finished (Fri Oct 2 15:46:26 2015) [sssd[be[customer.company.internal]]] [parse_krb5_child_response] (0x0020): message too short. (Fri Oct 2 15:46:26 2015) [sssd[be[customer.company.internal]]] [krb5_auth_done] (0x0040): Could not parse child response [22]: Invalid argument (Fri Oct 2 15:46:26 2015) [sssd[be[customer.company.internal]]] [ipa_auth_handler_done] (0x0040): krb5_auth_recv request failed. Well… What am I doing wrong or what might I have forgotten? Thanks a lot and best regards, Alexander -- => Google+ => http://plus.skwar.me <== => Chat (Jabber/Google Talk) => a.sk...@gmail.com <== -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project