Hi, I've checked the uid from the user, it is far above 1000, so that can not be the issue.
Disabling the pam_ldap.so in /etc/pam.d/system-auth results in not being able to login via ssh: Aug 17 13:49:02 hpdw0001 sshd[5401]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=acc3044.nxdi.nl-cdc01.nxp.comuser=nxp21358 Aug 17 13:49:02 hpdw0001 sshd[5401]: pam_sss(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost= acc3044.nxdi.nl-cdc01.nxp.com user=nxp21358 Aug 17 13:49:02 hpdw0001 sshd[5401]: pam_sss(sshd:auth): received for user nxp21358: 10 (User not known to the underlying authentication module) Aug 17 13:49:04 hpdw0001 sshd[5401]: Failed password for nxp21358 from 92.120.72.67 port 52178 ssh2 Aug 17 13:49:12 hpdw0001 sshd[5401]: pam_sss(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost= acc3044.nxdi.nl-cdc01.nxp.com user=nxp21358 Aug 17 13:49:12 hpdw0001 sshd[5401]: pam_sss(sshd:auth): received for user nxp21358: 10 (User not known to the underlying authentication module) Aug 17 13:49:14 hpdw0001 sshd[5401]: Failed password for nxp21358 from 92.120.72.67 port 52178 ssh2 Aug 17 13:50:01 hpdw0001 sshd[5401]: pam_sss(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost= acc3044.nxdi.nl-cdc01.nxp.com user=nxp21358 Aug 17 13:50:01 hpdw0001 sshd[5401]: pam_sss(sshd:auth): received for user nxp21358: 10 (User not known to the underlying authentication module) Aug 17 13:50:01 hpdw0001 crond[5440]: pam_unix(crond:session): session opened for user root by (uid=0) Aug 17 13:50:02 hpdw0001 crond[5440]: pam_unix(crond:session): session closed for user root Aug 17 13:50:03 hpdw0001 sshd[5401]: Failed password for nxp21358 from 92.120.72.67 port 52178 ssh2 Aug 17 13:50:03 hpdw0001 sshd[5402]: Connection closed by 92.120.72.67 Aug 17 13:50:03 hpdw0001 sshd[5401]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=acc3044.nxdi.nl-cdc01.nxp.com user=nxp21358 Enabling the line again results in the being able to login, but still with the errors: Aug 17 13:55:57 hpdw0001 sshd[5634]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=acc3044.nxdi.nl-cdc01.nxp.comuser=nxp21358 Aug 17 13:55:57 hpdw0001 sshd[5634]: pam_sss(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost= acc3044.nxdi.nl-cdc01.nxp.com user=nxp21358 Aug 17 13:55:57 hpdw0001 sshd[5634]: pam_sss(sshd:auth): received for user nxp21358: 10 (User not known to the underlying authentication module) Aug 17 13:55:57 hpdw0001 sshd[5634]: Accepted password for nxp21358 from 92.120.72.67 port 52313 ssh2 Aug 17 13:55:57 hpdw0001 sshd[5634]: pam_unix(sshd:session): session opened for user nxp21358 by (uid=0) May I assume that the ldap config part in sssd.conf is not correct ? regards, Andy 2010/8/17 Stephen Gallagher <sgall...@redhat.com> > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On 08/17/2010 07:39 AM, Andy Kannberg wrote: > > Aug 17 13:35:50 hpdw0001 sshd[5204]: pam_sss(sshd:auth): received for > > user nxp21358: 10 (User not known to the underlying authentication > module) > > This means that the SSSD couldn't find that user in LDAP. I noticed in > your earlier email that you have "min_id=1000" set. If this user's UID > or primary GID is < 1000, he'll be filtered out. Try setting this to > min_id=1 and see if that solves the problem. > > - -- > Stephen Gallagher > RHCE 804006346421761 > > Delivering value year after year. > Red Hat ranks #1 in value among software vendors. > http://www.redhat.com/promo/vendor/ > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v2.0.14 (GNU/Linux) > Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ > > iEYEARECAAYFAkxqddQACgkQeiVVYja6o6PApwCfT3LaHT5lj08iQQd3p/OwVMqI > 3bQAn2o3TzEXzcTXxcRNmYiWtDafcKuD > =WOdN > -----END PGP SIGNATURE----- > _______________________________________________ > sssd-devel mailing list > sssd-devel@lists.fedorahosted.org > https://fedorahosted.org/mailman/listinfo/sssd-devel >
_______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://fedorahosted.org/mailman/listinfo/sssd-devel
