Hello, Rob Crittenden via FreeIPA-users <[email protected]> writes:
> mir mal via FreeIPA-users wrote: >> I'm still struggling to find a clue why it's happening, any help much >> appriciated. > > This stands out: > > Nov 30 10:15:46 csc-64 sshd[608090]: pam_unix(sshd:auth): authentication > failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.0.0.6 user=c111111 > Nov 30 10:15:46 csc-64 sshd[608090]: pam_sss(sshd:auth): authentication > success; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.0.0.6 user=c111111 > Nov 30 10:15:46 csc-64 sshd[608090]: pam_tally2(sshd:auth): user c111111 > (1938600006) tally 52, deny 9 > > An auth failure immediately followed by an auth success. And: failure with pam_unix (local user?) and success with pam_sss. On most Systems we have something like that in /etc/pam.d/password-auth or common-auth: auth [default=1 ignore=ignore success=ok] pam_usertype.so isregular auth [default=1 ignore=ignore success=ok] pam_localuser.so auth sufficient pam_unix.so nullok try_first_pass auth [default=1 ignore=ignore success=ok] pam_usertype.so isregular auth sufficient pam_sss.so forward_pass auth required pam_deny.so so, call pam_unix only for local users, not IPA users. Something like that? Jochen -- This space is intentionally left blank. _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
