subject:"\[Freeipa\-users\] Not able to SSH with User Created in IPA Server"

Re: [Freeipa-users] Not able to SSH with User Created in IPA Server

2015-03-27 Thread Natxo Asenjo

On Fri, Mar 27, 2015 at 5:58 AM, Yogesh Sharma  wrote:

> (Fri Mar 27 10:19:57 2015) [sssd[be[sd.int]]] [sss_krb5_cc_verify_ccache]
> (0x0020): 1078: [-1765328190][Credentials cache permissions incorrect]
> (Fri Mar 27 10:19:57 2015) [sssd[be[sd.int]]] [check_old_ccache]
> (0x0040): Cannot check if saved ccache FILE:/tmp/krb5cc_131283_LTtoQU
> is valid
> (Fri Mar 27 10:19:57 2015) [sssd[be[sd.int]]] [krb5_auth_send] (0x0020):
> check_if_ccache_file_is_used failed.
> (Fri Mar 27 10:19:57 2015) [sssd[be[sd.int]]] [fo_resolve_service_send]
> (0x0100): Trying to resolve service 'IPA'
>

maybe this? Could you check what the permissions are on the kerberos cache
file for this test user?

-- 
regards,
Natxo
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] Not able to SSH with User Created in IPA Server

2015-03-27 Thread Jakub Hrozek

On Fri, Mar 27, 2015 at 12:34:57PM +0530, Yogesh Sharma wrote:
> No. This is the second attempt after changing the password on first login.
> 
> If you want I can re-send you the logs but this is the second login logs of
> this user.

Then it would be most interesting to see the logs of the password
change, I wonder if something went wrong there.

You said that if you change the password via kinit, then it's changed
successfully, right?

Does the wrong password change happen only on one certain host or do all
behave the same?

Did you configure the host using ipa-client-install or some manual
method? I just tested a new user with centos 7 server and git head
client and everything seemed to work fine..

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] Not able to SSH with User Created in IPA Server

2015-03-27 Thread Yogesh Sharma

No. This is the second attempt after changing the password on first login.

If you want I can re-send you the logs but this is the second login logs of
this user.




*Best Regards,__*

*Yogesh Sharma*
*Email: yks0...@gmail.com  | Web: www.initd.in
*

RHCE, VCE-CIA, RackSpace Cloud U
[image: My LinkedIn Profile] 


On Fri, Mar 27, 2015 at 12:32 PM, Jakub Hrozek  wrote:

> On Fri, Mar 27, 2015 at 10:28:13AM +0530, Yogesh Sharma wrote:
> > Hi Jakub,
> >
> > Please find the logs for the user "test" created in IPA.
> >
> > (Fri Mar 27 10:19:52 2015) [sssd[nss]] [nss_cmd_getbynam] (0x0100):
> > Requesting info for [test] from []
> > (Fri Mar 27 10:19:52 2015) [sssd[nss]] [nss_cmd_getpwnam_search]
> (0x0100):
> > Requesting info for [t...@sd.int]
> > (Fri Mar 27 10:19:52 2015) [sssd[be[sd.int]]] [be_get_account_info]
> > (0x0100): Got request for [4097][1][name=test]
> > (Fri Mar 27 10:19:52 2015) [sssd[be[sd.int]]]
> > [sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not parse
> > domain SID from [(null)]
> > (Fri Mar 27 10:19:52 2015) [sssd[be[sd.int]]] [sdap_attrs_get_sid_str]
> > (0x0080): No [objectSIDString] attribute while id-mapping. [0][Success]
> > (Fri Mar 27 10:19:52 2015) [sssd[be[sd.int]]]
> > [sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not parse
> > domain SID from [(null)]
> > (Fri Mar 27 10:19:52 2015) [sssd[nss]] [nss_cmd_getpwnam_search]
> (0x0100):
> > Requesting info for [t...@sd.int]
> > (Fri Mar 27 10:19:52 2015) [sssd[be[sd.int]]] [acctinfo_callback]
> (0x0100):
> > Request processed. Returned 0,0,Success
> > (Fri Mar 27 10:19:52 2015) [sssd[nss]] [nss_cmd_getbynam] (0x0100):
> > Requesting info for [test] from []
> > (Fri Mar 27 10:19:52 2015) [sssd[nss]] [nss_cmd_initgroups_search]
> > (0x0100): Requesting info for [t...@sd.int]
> > (Fri Mar 27 10:19:52 2015) [sssd[be[sd.int]]] [be_get_account_info]
> > (0x0100): Got request for [4099][1][name=test]
> > (Fri Mar 27 10:19:52 2015) [sssd[be[sd.int]]]
> > [sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not parse
> > domain SID from [(null)]
> > (Fri Mar 27 10:19:52 2015) [sssd[be[sd.int]]]
> > [sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not parse
> > domain SID from [(null)]
> > (Fri Mar 27 10:19:52 2015) [sssd[be[sd.int]]] [sdap_attrs_get_sid_str]
> > (0x0080): No [objectSIDString] attribute while id-mapping. [0][Success]
> > (Fri Mar 27 10:19:52 2015) [sssd[be[sd.int]]]
> > [sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not parse
> > domain SID from [(null)]
> > (Fri Mar 27 10:19:52 2015) [sssd[be[sd.int]]]
> > [sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not parse
> > domain SID from [(null)]
> > (Fri Mar 27 10:19:52 2015) [sssd[be[sd.int]]] [sdap_attrs_get_sid_str]
> > (0x0080): No [objectSIDString] attribute while id-mapping. [0][Success]
> > (Fri Mar 27 10:19:52 2015) [sssd[be[sd.int]]]
> > [sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not parse
> > domain SID from [(null)]
> > (Fri Mar 27 10:19:52 2015) [sssd[nss]] [nss_cmd_initgroups_search]
> > (0x0100): Requesting info for [t...@sd.int]
> > (Fri Mar 27 10:19:52 2015) [sssd[be[sd.int]]] [acctinfo_callback]
> (0x0100):
> > Request processed. Returned 0,0,Success
> > (Fri Mar 27 10:19:52 2015) [sssd[be[sd.int]]] [be_get_account_info]
> > (0x0100): Got request for [1][1][name=test]
> > (Fri Mar 27 10:19:52 2015) [sssd[be[sd.int]]]
> > [sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not parse
> > domain SID from [(null)]
> > (Fri Mar 27 10:19:52 2015) [sssd[be[sd.int]]] [sdap_attrs_get_sid_str]
> > (0x0080): No [objectSIDString] attribute while id-mapping. [0][Success]
> > (Fri Mar 27 10:19:52 2015) [sssd[be[sd.int]]]
> > [sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not parse
> > domain SID from [(null)]
> > (Fri Mar 27 10:19:52 2015) [sssd[be[sd.int]]] [acctinfo_callback]
> (0x0100):
> > Request processed. Returned 0,0,Success
> > (Fri Mar 27 10:19:56 2015) [sssd] [service_send_ping] (0x0100): Pinging
> > sd.int
> > (Fri Mar 27 10:19:56 2015) [sssd] [service_send_ping] (0x0100): Pinging
> nss
> > (Fri Mar 27 10:19:56 2015) [sssd] [service_send_ping] (0x0100): Pinging
> pam
> > (Fri Mar 27 10:19:56 2015) [sssd] [service_send_ping] (0x0100): Pinging
> ssh
> > (Fri Mar 27 10:19:56 2015) [sssd] [service_send_ping] (0x0100): Pinging
> pac
> > (Fri Mar 27 10:19:56 2015) [sssd] [ping_check] (0x0100): Service pam
> > replied to ping
> > (Fri Mar 27 10:19:56 2015) [sssd] [ping_check] (0x0100): Service pac
> > replied to ping
> > (Fri Mar 27 10:19:56 2015) [sssd] [ping_check] (0x0100): Service ssh
> > replied to ping
> > (Fri Mar 27 10:19:56 2015) [sssd] [ping_check] (0x0100): Service nss
> > replied to ping
> > (Fri Mar 27 10:19:56 2015) [sssd] [ping_check] (0x0100): Service sd.int
> > replied to ping
> > (Fri Mar 27 10:19:57 2015) [sssd[nss]] [nss_cmd_getbynam] (0x0100):
> >

Re: [Freeipa-users] Not able to SSH with User Created in IPA Server

2015-03-27 Thread Jakub Hrozek

On Fri, Mar 27, 2015 at 10:28:13AM +0530, Yogesh Sharma wrote:
> Hi Jakub,
> 
> Please find the logs for the user "test" created in IPA.
> 
> (Fri Mar 27 10:19:52 2015) [sssd[nss]] [nss_cmd_getbynam] (0x0100):
> Requesting info for [test] from []
> (Fri Mar 27 10:19:52 2015) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0100):
> Requesting info for [t...@sd.int]
> (Fri Mar 27 10:19:52 2015) [sssd[be[sd.int]]] [be_get_account_info]
> (0x0100): Got request for [4097][1][name=test]
> (Fri Mar 27 10:19:52 2015) [sssd[be[sd.int]]]
> [sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not parse
> domain SID from [(null)]
> (Fri Mar 27 10:19:52 2015) [sssd[be[sd.int]]] [sdap_attrs_get_sid_str]
> (0x0080): No [objectSIDString] attribute while id-mapping. [0][Success]
> (Fri Mar 27 10:19:52 2015) [sssd[be[sd.int]]]
> [sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not parse
> domain SID from [(null)]
> (Fri Mar 27 10:19:52 2015) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0100):
> Requesting info for [t...@sd.int]
> (Fri Mar 27 10:19:52 2015) [sssd[be[sd.int]]] [acctinfo_callback] (0x0100):
> Request processed. Returned 0,0,Success
> (Fri Mar 27 10:19:52 2015) [sssd[nss]] [nss_cmd_getbynam] (0x0100):
> Requesting info for [test] from []
> (Fri Mar 27 10:19:52 2015) [sssd[nss]] [nss_cmd_initgroups_search]
> (0x0100): Requesting info for [t...@sd.int]
> (Fri Mar 27 10:19:52 2015) [sssd[be[sd.int]]] [be_get_account_info]
> (0x0100): Got request for [4099][1][name=test]
> (Fri Mar 27 10:19:52 2015) [sssd[be[sd.int]]]
> [sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not parse
> domain SID from [(null)]
> (Fri Mar 27 10:19:52 2015) [sssd[be[sd.int]]]
> [sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not parse
> domain SID from [(null)]
> (Fri Mar 27 10:19:52 2015) [sssd[be[sd.int]]] [sdap_attrs_get_sid_str]
> (0x0080): No [objectSIDString] attribute while id-mapping. [0][Success]
> (Fri Mar 27 10:19:52 2015) [sssd[be[sd.int]]]
> [sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not parse
> domain SID from [(null)]
> (Fri Mar 27 10:19:52 2015) [sssd[be[sd.int]]]
> [sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not parse
> domain SID from [(null)]
> (Fri Mar 27 10:19:52 2015) [sssd[be[sd.int]]] [sdap_attrs_get_sid_str]
> (0x0080): No [objectSIDString] attribute while id-mapping. [0][Success]
> (Fri Mar 27 10:19:52 2015) [sssd[be[sd.int]]]
> [sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not parse
> domain SID from [(null)]
> (Fri Mar 27 10:19:52 2015) [sssd[nss]] [nss_cmd_initgroups_search]
> (0x0100): Requesting info for [t...@sd.int]
> (Fri Mar 27 10:19:52 2015) [sssd[be[sd.int]]] [acctinfo_callback] (0x0100):
> Request processed. Returned 0,0,Success
> (Fri Mar 27 10:19:52 2015) [sssd[be[sd.int]]] [be_get_account_info]
> (0x0100): Got request for [1][1][name=test]
> (Fri Mar 27 10:19:52 2015) [sssd[be[sd.int]]]
> [sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not parse
> domain SID from [(null)]
> (Fri Mar 27 10:19:52 2015) [sssd[be[sd.int]]] [sdap_attrs_get_sid_str]
> (0x0080): No [objectSIDString] attribute while id-mapping. [0][Success]
> (Fri Mar 27 10:19:52 2015) [sssd[be[sd.int]]]
> [sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not parse
> domain SID from [(null)]
> (Fri Mar 27 10:19:52 2015) [sssd[be[sd.int]]] [acctinfo_callback] (0x0100):
> Request processed. Returned 0,0,Success
> (Fri Mar 27 10:19:56 2015) [sssd] [service_send_ping] (0x0100): Pinging
> sd.int
> (Fri Mar 27 10:19:56 2015) [sssd] [service_send_ping] (0x0100): Pinging nss
> (Fri Mar 27 10:19:56 2015) [sssd] [service_send_ping] (0x0100): Pinging pam
> (Fri Mar 27 10:19:56 2015) [sssd] [service_send_ping] (0x0100): Pinging ssh
> (Fri Mar 27 10:19:56 2015) [sssd] [service_send_ping] (0x0100): Pinging pac
> (Fri Mar 27 10:19:56 2015) [sssd] [ping_check] (0x0100): Service pam
> replied to ping
> (Fri Mar 27 10:19:56 2015) [sssd] [ping_check] (0x0100): Service pac
> replied to ping
> (Fri Mar 27 10:19:56 2015) [sssd] [ping_check] (0x0100): Service ssh
> replied to ping
> (Fri Mar 27 10:19:56 2015) [sssd] [ping_check] (0x0100): Service nss
> replied to ping
> (Fri Mar 27 10:19:56 2015) [sssd] [ping_check] (0x0100): Service sd.int
> replied to ping
> (Fri Mar 27 10:19:57 2015) [sssd[nss]] [nss_cmd_getbynam] (0x0100):
> Requesting info for [test] from []
> (Fri Mar 27 10:19:57 2015) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0100):
> Requesting info for [t...@sd.int]
> (Fri Mar 27 10:19:57 2015) [sssd[nss]] [nss_cmd_getbynam] (0x0100):
> Requesting info for [test] from []
> (Fri Mar 27 10:19:57 2015) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0100):
> Requesting info for [t...@sd.int]
> (Fri Mar 27 10:19:57 2015) [sssd[nss]] [nss_cmd_getbynam] (0x0100):
> Requesting info for [test] from []
> (Fri Mar 27 10:19:57 2015) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0100):
> Requesting info for [t...@sd.int]
> (Fri Mar 27 10:19:57 2015) [sssd[pam]] [pam_cmd_authenticat

Re: [Freeipa-users] Not able to SSH with User Created in IPA Server

2015-03-26 Thread Yogesh Sharma

Hi Jakub,

Please find the logs for the user "test" created in IPA.

(Fri Mar 27 10:19:52 2015) [sssd[nss]] [nss_cmd_getbynam] (0x0100):
Requesting info for [test] from []
(Fri Mar 27 10:19:52 2015) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0100):
Requesting info for [t...@sd.int]
(Fri Mar 27 10:19:52 2015) [sssd[be[sd.int]]] [be_get_account_info]
(0x0100): Got request for [4097][1][name=test]
(Fri Mar 27 10:19:52 2015) [sssd[be[sd.int]]]
[sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not parse
domain SID from [(null)]
(Fri Mar 27 10:19:52 2015) [sssd[be[sd.int]]] [sdap_attrs_get_sid_str]
(0x0080): No [objectSIDString] attribute while id-mapping. [0][Success]
(Fri Mar 27 10:19:52 2015) [sssd[be[sd.int]]]
[sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not parse
domain SID from [(null)]
(Fri Mar 27 10:19:52 2015) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0100):
Requesting info for [t...@sd.int]
(Fri Mar 27 10:19:52 2015) [sssd[be[sd.int]]] [acctinfo_callback] (0x0100):
Request processed. Returned 0,0,Success
(Fri Mar 27 10:19:52 2015) [sssd[nss]] [nss_cmd_getbynam] (0x0100):
Requesting info for [test] from []
(Fri Mar 27 10:19:52 2015) [sssd[nss]] [nss_cmd_initgroups_search]
(0x0100): Requesting info for [t...@sd.int]
(Fri Mar 27 10:19:52 2015) [sssd[be[sd.int]]] [be_get_account_info]
(0x0100): Got request for [4099][1][name=test]
(Fri Mar 27 10:19:52 2015) [sssd[be[sd.int]]]
[sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not parse
domain SID from [(null)]
(Fri Mar 27 10:19:52 2015) [sssd[be[sd.int]]]
[sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not parse
domain SID from [(null)]
(Fri Mar 27 10:19:52 2015) [sssd[be[sd.int]]] [sdap_attrs_get_sid_str]
(0x0080): No [objectSIDString] attribute while id-mapping. [0][Success]
(Fri Mar 27 10:19:52 2015) [sssd[be[sd.int]]]
[sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not parse
domain SID from [(null)]
(Fri Mar 27 10:19:52 2015) [sssd[be[sd.int]]]
[sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not parse
domain SID from [(null)]
(Fri Mar 27 10:19:52 2015) [sssd[be[sd.int]]] [sdap_attrs_get_sid_str]
(0x0080): No [objectSIDString] attribute while id-mapping. [0][Success]
(Fri Mar 27 10:19:52 2015) [sssd[be[sd.int]]]
[sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not parse
domain SID from [(null)]
(Fri Mar 27 10:19:52 2015) [sssd[nss]] [nss_cmd_initgroups_search]
(0x0100): Requesting info for [t...@sd.int]
(Fri Mar 27 10:19:52 2015) [sssd[be[sd.int]]] [acctinfo_callback] (0x0100):
Request processed. Returned 0,0,Success
(Fri Mar 27 10:19:52 2015) [sssd[be[sd.int]]] [be_get_account_info]
(0x0100): Got request for [1][1][name=test]
(Fri Mar 27 10:19:52 2015) [sssd[be[sd.int]]]
[sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not parse
domain SID from [(null)]
(Fri Mar 27 10:19:52 2015) [sssd[be[sd.int]]] [sdap_attrs_get_sid_str]
(0x0080): No [objectSIDString] attribute while id-mapping. [0][Success]
(Fri Mar 27 10:19:52 2015) [sssd[be[sd.int]]]
[sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not parse
domain SID from [(null)]
(Fri Mar 27 10:19:52 2015) [sssd[be[sd.int]]] [acctinfo_callback] (0x0100):
Request processed. Returned 0,0,Success
(Fri Mar 27 10:19:56 2015) [sssd] [service_send_ping] (0x0100): Pinging
sd.int
(Fri Mar 27 10:19:56 2015) [sssd] [service_send_ping] (0x0100): Pinging nss
(Fri Mar 27 10:19:56 2015) [sssd] [service_send_ping] (0x0100): Pinging pam
(Fri Mar 27 10:19:56 2015) [sssd] [service_send_ping] (0x0100): Pinging ssh
(Fri Mar 27 10:19:56 2015) [sssd] [service_send_ping] (0x0100): Pinging pac
(Fri Mar 27 10:19:56 2015) [sssd] [ping_check] (0x0100): Service pam
replied to ping
(Fri Mar 27 10:19:56 2015) [sssd] [ping_check] (0x0100): Service pac
replied to ping
(Fri Mar 27 10:19:56 2015) [sssd] [ping_check] (0x0100): Service ssh
replied to ping
(Fri Mar 27 10:19:56 2015) [sssd] [ping_check] (0x0100): Service nss
replied to ping
(Fri Mar 27 10:19:56 2015) [sssd] [ping_check] (0x0100): Service sd.int
replied to ping
(Fri Mar 27 10:19:57 2015) [sssd[nss]] [nss_cmd_getbynam] (0x0100):
Requesting info for [test] from []
(Fri Mar 27 10:19:57 2015) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0100):
Requesting info for [t...@sd.int]
(Fri Mar 27 10:19:57 2015) [sssd[nss]] [nss_cmd_getbynam] (0x0100):
Requesting info for [test] from []
(Fri Mar 27 10:19:57 2015) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0100):
Requesting info for [t...@sd.int]
(Fri Mar 27 10:19:57 2015) [sssd[nss]] [nss_cmd_getbynam] (0x0100):
Requesting info for [test] from []
(Fri Mar 27 10:19:57 2015) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0100):
Requesting info for [t...@sd.int]
(Fri Mar 27 10:19:57 2015) [sssd[pam]] [pam_cmd_authenticate] (0x0100):
entering pam_cmd_authenticate
(Fri Mar 27 10:19:57 2015) [sssd[pam]] [pam_print_data] (0x0100): command:
PAM_AUTHENTICATE
(Fri Mar 27 10:19:57 2015) [sssd[pam]] [pam_print_data] (0x0100): domain:
not set
(Fri Mar 27 10:19:57 2015) [ss

Re: [Freeipa-users] Not able to SSH with User Created in IPA Server

2015-03-26 Thread Jakub Hrozek

On Thu, Mar 26, 2015 at 08:05:03PM +0530, Yogesh Sharma wrote:
> Hi Jakub,
> 
> SSSD prompted to change the password. After changing the password, when we
> try to ssh again using the new password, it failed.

And what do the logs say then, with the new password?

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] Not able to SSH with User Created in IPA Server

2015-03-26 Thread Yogesh Sharma

Hi Jakub,

SSSD prompted to change the password. After changing the password, when we
try to ssh again using the new password, it failed.






*Best Regards,__*

*Yogesh Sharma*
*Email: yks0...@gmail.com  | Web: www.initd.in
*

RHCE, VCE-CIA, RackSpace Cloud U
[image: My LinkedIn Profile] 


On Thu, Mar 26, 2015 at 7:55 PM, Jakub Hrozek  wrote:

> On Thu, Mar 26, 2015 at 07:47:34PM +0530, Yogesh Sharma wrote:
> > Once I manually initialize the user Ticket on IPA Server using kinit
> > username, I am able to login with and without FQDN.
>
> It's expected that IPA users are created with expired password. But SSSD
> should have prompted you for a password change if you logged in the
> first time you logged in with the expired password...as seen from the
> krb5_child.log, it got the correct response from the KDC..
>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project
>
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] Not able to SSH with User Created in IPA Server

2015-03-26 Thread Yogesh Sharma

This message is coming as user is trying to login for first time. IPA Admin
has set a password and when user try to login it will prompt to change.
sssd log it as password expired.




*Best Regards,__*

*Yogesh Sharma*
*Email: yks0...@gmail.com  | Web: www.initd.in
*

RHCE, VCE-CIA, RackSpace Cloud U
[image: My LinkedIn Profile] 


On Thu, Mar 26, 2015 at 7:55 PM, Natxo Asenjo 
wrote:

>
>
> On Thu, Mar 26, 2015 at 3:12 PM, Yogesh Sharma  wrote:
>
>> Thanks, but when I trying to use admin user (default user created by
>> IPA), I am able to login. The issue is happening only with new users we are
>> trying to create.
>>
>> (Thu Mar 26 19:30:52 2015) [[sssd[krb5_child[13625 [get_and_save_tgt]
>> (0x0020): 981: [-1765328361][Password has expired]
>> (Thu Mar 26 19:30:55 2015) [[sssd[krb5_child[13625 [map_krb5_error]
>> (0x0020): 1043: [-1765328360][Preauthentication failed]
>>
>
> password expired?
>
> --
> regards,
> natxo
>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project
>
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] Not able to SSH with User Created in IPA Server

2015-03-26 Thread Jakub Hrozek

On Thu, Mar 26, 2015 at 07:47:34PM +0530, Yogesh Sharma wrote:
> Once I manually initialize the user Ticket on IPA Server using kinit
> username, I am able to login with and without FQDN.

It's expected that IPA users are created with expired password. But SSSD
should have prompted you for a password change if you logged in the
first time you logged in with the expired password...as seen from the
krb5_child.log, it got the correct response from the KDC..

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] Not able to SSH with User Created in IPA Server

2015-03-26 Thread Natxo Asenjo

On Thu, Mar 26, 2015 at 3:12 PM, Yogesh Sharma  wrote:

> Thanks, but when I trying to use admin user (default user created by IPA),
> I am able to login. The issue is happening only with new users we are
> trying to create.
>
> (Thu Mar 26 19:30:52 2015) [[sssd[krb5_child[13625 [get_and_save_tgt]
> (0x0020): 981: [-1765328361][Password has expired]
> (Thu Mar 26 19:30:55 2015) [[sssd[krb5_child[13625 [map_krb5_error]
> (0x0020): 1043: [-1765328360][Preauthentication failed]
>

password expired?

-- 
regards,
natxo
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] Not able to SSH with User Created in IPA Server

2015-03-26 Thread Yogesh Sharma

I have tried with FQDN of host also as registered, but error remain same:

(Thu Mar 26 19:43:01 2015) [[sssd[krb5_child[13730 [unpack_buffer]
(0x0100): cmd [241] uid [131284] gid [131284] validate [true]
enterprise principal [false] offline [false] UPN [te...@sd.int]
(Thu Mar 26 19:43:01 2015) [[sssd[krb5_child[13730 [unpack_buffer]
(0x0100): ccname: [FILE:/tmp/krb5cc_131284_XX] keytab:
[/etc/krb5.keytab]
(Thu Mar 26 19:43:01 2015) [[sssd[krb5_child[13730
[set_lifetime_options] (0x0100): Cannot read [SSSD_KRB5_RENEWABLE_LIFETIME]
from environment.
(Thu Mar 26 19:43:01 2015) [[sssd[krb5_child[13730
[set_lifetime_options] (0x0100): Cannot read [SSSD_KRB5_LIFETIME] from
environment.
(Thu Mar 26 19:43:01 2015) [[sssd[krb5_child[13730
[set_canonicalize_option] (0x0100): SSSD_KRB5_CANONICALIZE is set to [true]
(Thu Mar 26 19:43:01 2015) [[sssd[krb5_child[13730 [k5c_setup_fast]
(0x0100): SSSD_KRB5_FAST_PRINCIPAL is set to [host/
dns-inf-stg-sg1-01.sd@sd.int]
(Thu Mar 26 19:43:02 2015) [[sssd[krb5_child[13730 [get_and_save_tgt]
(0x0020): 981: [-1765328361][Password has expired]
(Thu Mar 26 19:43:06 2015) [[sssd[krb5_child[13730 [map_krb5_error]
(0x0020): 1043: [-1765328360][Preauthentication failed]
(Thu Mar 26 19:43:06 2015) [sssd[be[sd.int]]] [child_sig_handler] (0x0100):
child [13730] finished successfully.
(Thu Mar 26 19:43:06 2015) [sssd[be[sd.int]]] [ipa_get_migration_flag_done]
(0x0100): Password migration is not enabled.
(Thu Mar 26 19:43:06 2015) [sssd[be[sd.int]]] [be_pam_handler_callback]
(0x0100): Backend returned: (0, 17, ) [Success]





Once I manually initialize the user Ticket on IPA Server using kinit
username, I am able to login with and without FQDN.


[root@ldap-inf-stg-sg1-01 lib]# kinit test1
Password for te...@sd.int:
Password expired.  You must change it now.
Enter new password:
Enter it again:
Password change rejected: Password is too short

Password not changed..  Please try again.

Enter new password:
Enter it again:


root@yogesh-ubuntu-pc:/home/yogesh# ssh te...@dns-inf-stg-sg1-01.sd.int
te...@dns-inf-stg-sg1-01.sd.int's password:
Last login: Thu Mar 26 19:45:36 2015 from 125.63.90.34
-sh-4.1$ logout
Connection to dns-inf-stg-sg1-01.sd.int closed.


root@yogesh-ubuntu-pc:/home/yogesh# ssh test1@52.74.84.94
test1@52.74.84.94's password:
Last login: Thu Mar 26 19:45:55 2015 from 125.63.90.34
-sh-4.1$





*Best Regards,__*

*Yogesh Sharma*
*Email: yks0...@gmail.com  | Web: www.initd.in
*

RHCE, VCE-CIA, RackSpace Cloud U
[image: My LinkedIn Profile] 


On Thu, Mar 26, 2015 at 7:42 PM, Yogesh Sharma  wrote:

> Thanks, but when I trying to use admin user (default user created by IPA),
> I am able to login. The issue is happening only with new users we are
> trying to create.
>
>
>
> ===
> TEST user Login Logs:
>
> (Thu Mar 26 19:30:51 2015) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0100):
> Requesting info for [t...@sd.int]
> (Thu Mar 26 19:30:51 2015) [sssd[be[sd.int]]] [be_get_account_info]
> (0x0100): Got request for [4097][1][name=test]
> (Thu Mar 26 19:30:51 2015) [sssd[be[sd.int]]]
> [sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not parse
> domain SID from [(null)]
> (Thu Mar 26 19:30:51 2015) [sssd[be[sd.int]]] [sdap_attrs_get_sid_str]
> (0x0080): No [objectSIDString] attribute while id-mapping. [0][Success]
> (Thu Mar 26 19:30:51 2015) [sssd[be[sd.int]]]
> [sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not parse
> domain SID from [(null)]
> (Thu Mar 26 19:30:51 2015) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0100):
> Requesting info for [t...@sd.int]
> (Thu Mar 26 19:30:51 2015) [sssd[nss]] [nss_cmd_getbynam] (0x0100):
> Requesting info for [test] from []
> (Thu Mar 26 19:30:51 2015) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0100):
> Requesting info for [t...@sd.int]
> (Thu Mar 26 19:30:51 2015) [sssd[nss]] [nss_cmd_getbynam] (0x0100):
> Requesting info for [test] from []
> (Thu Mar 26 19:30:51 2015) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0100):
> Requesting info for [t...@sd.int]
> (Thu Mar 26 19:30:51 2015) [sssd[pam]] [pam_cmd_authenticate] (0x0100):
> entering pam_cmd_authenticate
> (Thu Mar 26 19:30:51 2015) [sssd[pam]] [pam_print_data] (0x0100): command:
> PAM_AUTHENTICATE
> (Thu Mar 26 19:30:51 2015) [sssd[pam]] [pam_print_data] (0x0100): domain:
> not set
> (Thu Mar 26 19:30:51 2015) [sssd[pam]] [pam_print_data] (0x0100): user:
> test
> (Thu Mar 26 19:30:51 2015) [sssd[pam]] [pam_print_data] (0x0100): service:
> sshd
> (Thu Mar 26 19:30:51 2015) [sssd[pam]] [pam_print_data] (0x0100): tty: ssh
> (Thu Mar 26 19:30:51 2015) [sssd[pam]] [pam_print_data] (0x0100): ruser:
> not set
> (Thu Mar 26 19:30:51 2015) [sssd[pam]] [pam_print_data] (0x0100): rhost:
> 125.63.90.34
> (Thu Mar 26 19:30:51 2015) [sssd[pam]] [pam_print_data] (0x0100): authtok
> type: 1
> (Thu Mar 26 19:30:51 2015) [sssd[pam]] [pam_print_da

Re: [Freeipa-users] Not able to SSH with User Created in IPA Server

2015-03-26 Thread Yogesh Sharma

Thanks, but when I trying to use admin user (default user created by IPA),
I am able to login. The issue is happening only with new users we are
trying to create.



===
TEST user Login Logs:

(Thu Mar 26 19:30:51 2015) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0100):
Requesting info for [t...@sd.int]
(Thu Mar 26 19:30:51 2015) [sssd[be[sd.int]]] [be_get_account_info]
(0x0100): Got request for [4097][1][name=test]
(Thu Mar 26 19:30:51 2015) [sssd[be[sd.int]]]
[sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not parse
domain SID from [(null)]
(Thu Mar 26 19:30:51 2015) [sssd[be[sd.int]]] [sdap_attrs_get_sid_str]
(0x0080): No [objectSIDString] attribute while id-mapping. [0][Success]
(Thu Mar 26 19:30:51 2015) [sssd[be[sd.int]]]
[sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not parse
domain SID from [(null)]
(Thu Mar 26 19:30:51 2015) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0100):
Requesting info for [t...@sd.int]
(Thu Mar 26 19:30:51 2015) [sssd[nss]] [nss_cmd_getbynam] (0x0100):
Requesting info for [test] from []
(Thu Mar 26 19:30:51 2015) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0100):
Requesting info for [t...@sd.int]
(Thu Mar 26 19:30:51 2015) [sssd[nss]] [nss_cmd_getbynam] (0x0100):
Requesting info for [test] from []
(Thu Mar 26 19:30:51 2015) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0100):
Requesting info for [t...@sd.int]
(Thu Mar 26 19:30:51 2015) [sssd[pam]] [pam_cmd_authenticate] (0x0100):
entering pam_cmd_authenticate
(Thu Mar 26 19:30:51 2015) [sssd[pam]] [pam_print_data] (0x0100): command:
PAM_AUTHENTICATE
(Thu Mar 26 19:30:51 2015) [sssd[pam]] [pam_print_data] (0x0100): domain:
not set
(Thu Mar 26 19:30:51 2015) [sssd[pam]] [pam_print_data] (0x0100): user: test
(Thu Mar 26 19:30:51 2015) [sssd[pam]] [pam_print_data] (0x0100): service:
sshd
(Thu Mar 26 19:30:51 2015) [sssd[pam]] [pam_print_data] (0x0100): tty: ssh
(Thu Mar 26 19:30:51 2015) [sssd[pam]] [pam_print_data] (0x0100): ruser:
not set
(Thu Mar 26 19:30:51 2015) [sssd[pam]] [pam_print_data] (0x0100): rhost:
125.63.90.34
(Thu Mar 26 19:30:51 2015) [sssd[pam]] [pam_print_data] (0x0100): authtok
type: 1
(Thu Mar 26 19:30:51 2015) [sssd[pam]] [pam_print_data] (0x0100):
newauthtok type: 0
(Thu Mar 26 19:30:51 2015) [sssd[pam]] [pam_print_data] (0x0100): priv: 1
(Thu Mar 26 19:30:51 2015) [sssd[pam]] [pam_print_data] (0x0100): cli_pid:
13615
(Thu Mar 26 19:30:51 2015) [sssd[be[sd.int]]] [acctinfo_callback] (0x0100):
Request processed. Returned 0,0,Success
(Thu Mar 26 19:30:51 2015) [sssd[be[sd.int]]] [be_get_account_info]
(0x0100): Got request for [3][1][name=test]
(Thu Mar 26 19:30:51 2015) [sssd[be[sd.int]]]
[sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not parse
domain SID from [(null)]
(Thu Mar 26 19:30:51 2015) [sssd[be[sd.int]]]
[sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not parse
domain SID from [(null)]
(Thu Mar 26 19:30:51 2015) [sssd[be[sd.int]]] [sdap_attrs_get_sid_str]
(0x0080): No [objectSIDString] attribute while id-mapping. [0][Success]
(Thu Mar 26 19:30:51 2015) [sssd[be[sd.int]]]
[sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not parse
domain SID from [(null)]
(Thu Mar 26 19:30:51 2015) [sssd[be[sd.int]]]
[sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not parse
domain SID from [(null)]
(Thu Mar 26 19:30:51 2015) [sssd[be[sd.int]]] [sdap_attrs_get_sid_str]
(0x0080): No [objectSIDString] attribute while id-mapping. [0][Success]
(Thu Mar 26 19:30:51 2015) [sssd[be[sd.int]]]
[sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not parse
domain SID from [(null)]
(Thu Mar 26 19:30:51 2015) [sssd[pam]] [pam_check_user_search] (0x0100):
Requesting info for [t...@sd.int]
(Thu Mar 26 19:30:51 2015) [sssd[pam]] [pam_dp_send_req] (0x0100): Sending
request with the following data:
(Thu Mar 26 19:30:51 2015) [sssd[pam]] [pam_print_data] (0x0100): command:
PAM_AUTHENTICATE
(Thu Mar 26 19:30:51 2015) [sssd[pam]] [pam_print_data] (0x0100): domain:
sd.int
(Thu Mar 26 19:30:51 2015) [sssd[pam]] [pam_print_data] (0x0100): user: test
(Thu Mar 26 19:30:51 2015) [sssd[pam]] [pam_print_data] (0x0100): service:
sshd
(Thu Mar 26 19:30:51 2015) [sssd[pam]] [pam_print_data] (0x0100): tty: ssh
(Thu Mar 26 19:30:51 2015) [sssd[pam]] [pam_print_data] (0x0100): ruser:
not set
(Thu Mar 26 19:30:51 2015) [sssd[pam]] [pam_print_data] (0x0100): rhost:
125.63.90.34
(Thu Mar 26 19:30:51 2015) [sssd[pam]] [pam_print_data] (0x0100): authtok
type: 1
(Thu Mar 26 19:30:51 2015) [sssd[pam]] [pam_print_data] (0x0100):
newauthtok type: 0
(Thu Mar 26 19:30:51 2015) [sssd[pam]] [pam_print_data] (0x0100): priv: 1
(Thu Mar 26 19:30:51 2015) [sssd[pam]] [pam_print_data] (0x0100): cli_pid:
13615
(Thu Mar 26 19:30:51 2015) [sssd[pam]] [pam_dom_forwarder] (0x0100):
pam_dp_send_req returned 0
(Thu Mar 26 19:30:51 2015) [sssd[be[sd.int]]] [acctinfo_callback] (0x0100):
Request processed. Returned 0,0,Success
(Thu Mar 26 19:30:51 2015) [sssd[be[sd.int]]] [be_pam_handler] (0x0100):
Got request wi

Re: [Freeipa-users] Not able to SSH with User Created in IPA Server

2015-03-26 Thread Simo Sorce

On Thu, 2015-03-26 at 15:42 +0530, Yogesh Sharma wrote:
> Hi,
> 
> We are getting error while trying to ssh using users created in IPA
> server.
> 
> root@yogesh-ubuntu-pc:~# ssh -vvv cm8158@52.74.84.94

You should use the machine's fully qualified name if you want to login
using GSSAPI/Krb5, an IP address cannot be resolved to a proper key as
keys are registerd into the KDC as
host/machine.fully.qualified.name@REALM.

It's the same thing as with HTTPS, the client need to know the "name" of
the server in order to be able to properly communicate with it.

Simo.

-- 
Simo Sorce * Red Hat, Inc * New York

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] Not able to SSH with User Created in IPA Server

2015-03-26 Thread Rob Crittenden

Yogesh Sharma wrote:
> Hi,
> 
> We are getting error while trying to ssh using users created in IPA server.
> 
> root@yogesh-ubuntu-pc:~# ssh -vvv cm8158@52.74.84.94

You don't have a Kerberos ticket and you don't have ssh keys for this
user. kinit cm8158 first or get the ssh keys.

You'll need to use the FQDN of the host as well, rather than th IP
address, if using Kerberos.

rob

> 
> OpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014
> debug1: Reading configuration data /etc/ssh/ssh_config
> debug1: /etc/ssh/ssh_config line 19: Applying options for *
> debug2: ssh_connect: needpriv 0
> debug1: Connecting to 52.74.84.94 [52.74.84.94] port 22.
> debug1: Connection established.
> debug1: permanently_set_uid: 0/0
> debug3: Incorrect RSA1 identifier
> debug3: Could not load "/root/.ssh/id_rsa" as a RSA1 public key
> debug1: identity file /root/.ssh/id_rsa type 1
> debug1: identity file /root/.ssh/id_rsa-cert type -1
> debug1: identity file /root/.ssh/id_dsa type -1
> debug1: identity file /root/.ssh/id_dsa-cert type -1
> debug1: identity file /root/.ssh/id_ecdsa type -1
> debug1: identity file /root/.ssh/id_ecdsa-cert type -1
> debug1: identity file /root/.ssh/id_ed25519 type -1
> debug1: identity file /root/.ssh/id_ed25519-cert type -1
> debug1: Enabling compatibility mode for protocol 2.0
> debug1: Local version string SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2
> debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3
> debug1: match: OpenSSH_5.3 pat OpenSSH_5* compat 0x0c00
> debug2: fd 3 setting O_NONBLOCK
> debug3: load_hostkeys: loading entries for host "52.74.84.94" from file
> "/root/.ssh/known_hosts"
> debug3: load_hostkeys: found key type RSA in file /root/.ssh/known_hosts:89
> debug3: load_hostkeys: loaded 1 keys
> debug3: order_hostkeyalgs: prefer hostkeyalgs:
> ssh-rsa-cert-...@openssh.com
> ,ssh-rsa-cert-...@openssh.com
> ,ssh-rsa
> debug1: SSH2_MSG_KEXINIT sent
> debug1: SSH2_MSG_KEXINIT received
> debug2: kex_parse_kexinit: curve25519-sha...@libssh.org
> ,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
> debug2: kex_parse_kexinit: ssh-rsa-cert-...@openssh.com
> ,ssh-rsa-cert-...@openssh.com
> ,ssh-rsa,ecdsa-sha2-nistp256-cert-...@openssh.com
> ,ecdsa-sha2-nistp384-cert-...@openssh.com
> ,ecdsa-sha2-nistp521-cert-...@openssh.com
> ,ssh-ed25519-cert-...@openssh.com
> ,ssh-dss-cert-...@openssh.com
> ,ssh-dss-cert-...@openssh.com
> ,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,ssh-dss
> debug2: kex_parse_kexinit:
> aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-...@openssh.com
> ,aes256-...@openssh.com
> ,chacha20-poly1...@openssh.com
> ,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-...@lysator.liu.se
> 
> debug2: kex_parse_kexinit:
> aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-...@openssh.com
> ,aes256-...@openssh.com
> ,chacha20-poly1...@openssh.com
> ,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-...@lysator.liu.se
> 
> debug2: kex_parse_kexinit: hmac-md5-...@openssh.com
> ,hmac-sha1-...@openssh.com
> ,umac-64-...@openssh.com
> ,umac-128-...@openssh.com
> ,hmac-sha2-256-...@openssh.com
> ,hmac-sha2-512-...@openssh.com
> ,hmac-ripemd160-...@openssh.com
> ,hmac-sha1-96-...@openssh.com
> ,hmac-md5-96-...@openssh.com
> ,hmac-md5,hmac-sha1,umac...@openssh.com
> ,umac-...@openssh.com
> ,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd...@openssh.com
> ,hmac-sha1-96,hmac-md5-96
> debug2: kex_parse_kexinit: hmac-md5-...@openssh.com
> ,hmac-sha1-...@openssh.com
> ,umac-64-...@openssh.com
>

[Freeipa-users] Not able to SSH with User Created in IPA Server

2015-03-26 Thread Yogesh Sharma

Hi,

We are getting error while trying to ssh using users created in IPA server.

root@yogesh-ubuntu-pc:~# ssh -vvv cm8158@52.74.84.94
OpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to 52.74.84.94 [52.74.84.94] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug3: Incorrect RSA1 identifier
debug3: Could not load "/root/.ssh/id_rsa" as a RSA1 public key
debug1: identity file /root/.ssh/id_rsa type 1
debug1: identity file /root/.ssh/id_rsa-cert type -1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: identity file /root/.ssh/id_dsa-cert type -1
debug1: identity file /root/.ssh/id_ecdsa type -1
debug1: identity file /root/.ssh/id_ecdsa-cert type -1
debug1: identity file /root/.ssh/id_ed25519 type -1
debug1: identity file /root/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3
debug1: match: OpenSSH_5.3 pat OpenSSH_5* compat 0x0c00
debug2: fd 3 setting O_NONBLOCK
debug3: load_hostkeys: loading entries for host "52.74.84.94" from file
"/root/.ssh/known_hosts"
debug3: load_hostkeys: found key type RSA in file /root/.ssh/known_hosts:89
debug3: load_hostkeys: loaded 1 keys
debug3: order_hostkeyalgs: prefer hostkeyalgs: ssh-rsa-cert-...@openssh.com,
ssh-rsa-cert-...@openssh.com,ssh-rsa
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: curve25519-sha...@libssh.org
,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa-cert-...@openssh.com,
ssh-rsa-cert-...@openssh.com,ssh-rsa,
ecdsa-sha2-nistp256-cert-...@openssh.com,
ecdsa-sha2-nistp384-cert-...@openssh.com,
ecdsa-sha2-nistp521-cert-...@openssh.com,ssh-ed25519-cert-...@openssh.com,
ssh-dss-cert-...@openssh.com,ssh-dss-cert-...@openssh.com
,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,ssh-dss
debug2: kex_parse_kexinit:
aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,
aes128-...@openssh.com,aes256-...@openssh.com,chacha20-poly1...@openssh.com
,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,
rijndael-...@lysator.liu.se
debug2: kex_parse_kexinit:
aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,
aes128-...@openssh.com,aes256-...@openssh.com,chacha20-poly1...@openssh.com
,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,
rijndael-...@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5-...@openssh.com,
hmac-sha1-...@openssh.com,umac-64-...@openssh.com,umac-128-...@openssh.com,
hmac-sha2-256-...@openssh.com,hmac-sha2-512-...@openssh.com,
hmac-ripemd160-...@openssh.com,hmac-sha1-96-...@openssh.com,
hmac-md5-96-...@openssh.com,hmac-md5,hmac-sha1,umac...@openssh.com,
umac-...@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,
hmac-ripemd...@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5-...@openssh.com,
hmac-sha1-...@openssh.com,umac-64-...@openssh.com,umac-128-...@openssh.com,
hmac-sha2-256-...@openssh.com,hmac-sha2-512-...@openssh.com,
hmac-ripemd160-...@openssh.com,hmac-sha1-96-...@openssh.com,
hmac-md5-96-...@openssh.com,hmac-md5,hmac-sha1,umac...@openssh.com,
umac-...@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,
hmac-ripemd...@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,z...@openssh.com,zlib
debug2: kex_parse_kexinit: none,z...@openssh.com,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit:
diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit:
aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,
rijndael-...@lysator.liu.se
debug2: kex_parse_kexinit:
aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,
rijndael-...@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac...@openssh.com
,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd...@openssh.com
,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac...@openssh.com
,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd...@openssh.com
,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,z...@openssh.com
debug2: kex_parse_kexinit: none,z...@openssh.com
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_f

Re: [Freeipa-users] Not able to SSH with User Created in IPA Server

Re: [Freeipa-users] Not able to SSH with User Created in IPA Server

Re: [Freeipa-users] Not able to SSH with User Created in IPA Server

Re: [Freeipa-users] Not able to SSH with User Created in IPA Server

Re: [Freeipa-users] Not able to SSH with User Created in IPA Server

Re: [Freeipa-users] Not able to SSH with User Created in IPA Server

Re: [Freeipa-users] Not able to SSH with User Created in IPA Server

Re: [Freeipa-users] Not able to SSH with User Created in IPA Server

Re: [Freeipa-users] Not able to SSH with User Created in IPA Server

Re: [Freeipa-users] Not able to SSH with User Created in IPA Server

Re: [Freeipa-users] Not able to SSH with User Created in IPA Server

Re: [Freeipa-users] Not able to SSH with User Created in IPA Server

Re: [Freeipa-users] Not able to SSH with User Created in IPA Server

Re: [Freeipa-users] Not able to SSH with User Created in IPA Server

[Freeipa-users] Not able to SSH with User Created in IPA Server

15 matches

Site Navigation

Mail list logo

Footer information