In sssd logs, it didn't printed anything for the logon attempt through openvpn with 2FA enabled.
However, this is what I found in sssd_pam logs. Please confirm if any specific worker logs are needed. (2024-07-10 23:32:38): [pam] [get_client_cred] (0x0080): The following failure is expected to happen in case SELinux is disabled: SELINUX_getpeercon failed [92][Protocol not available]. Please, consider enabling SELinux in your system. (2024-07-10 23:32:38): [pam] [accept_fd_handler] (0x0400): Client [CID #2][cmd /usr/sbin/openvpn][0x55c575eebfd0][24] connected to privileged pipe! (2024-07-10 23:32:38): [pam] [sss_cmd_get_version] (0x0200): Received client version [3]. (2024-07-10 23:32:38): [pam] [sss_cmd_get_version] (0x0200): Offered version [3]. (2024-07-10 23:32:38): [pam] [pam_cmd_preauth] (0x0100): entering pam_cmd_preauth (2024-07-10 23:32:38): [pam] [sss_domain_get_state] (0x1000): Domain tinku.local is Active (2024-07-10 23:32:38): [pam] [sss_parse_name] (0x0100): Domain not provided! (2024-07-10 23:32:38): [pam] [sss_parse_name_for_domains] (0x0200): name 'asingh' matched without domain, user is asingh (2024-07-10 23:32:38): [pam] [pam_print_data] (0x0100): [CID #2] command: SSS_PAM_PREAUTH (2024-07-10 23:32:38): [pam] [pam_print_data] (0x0100): [CID #2] domain: not set (2024-07-10 23:32:38): [pam] [pam_print_data] (0x0100): [CID #2] user: asingh (2024-07-10 23:32:38): [pam] [pam_print_data] (0x0100): [CID #2] service: login (2024-07-10 23:32:38): [pam] [pam_print_data] (0x0100): [CID #2] tty: not set (2024-07-10 23:32:38): [pam] [pam_print_data] (0x0100): [CID #2] ruser: not set (2024-07-10 23:32:38): [pam] [pam_print_data] (0x0100): [CID #2] rhost: not set (2024-07-10 23:32:38): [pam] [pam_print_data] (0x0100): [CID #2] authtok type: 0 (No authentication token available) (2024-07-10 23:32:38): [pam] [pam_print_data] (0x0100): [CID #2] newauthtok type: 0 (No authentication token available) (2024-07-10 23:32:38): [pam] [pam_print_data] (0x0100): [CID #2] priv: 1 (2024-07-10 23:32:38): [pam] [pam_print_data] (0x0100): [CID #2] cli_pid: 335493 (2024-07-10 23:32:38): [pam] [pam_print_data] (0x0100): [CID #2] logon name: asingh (2024-07-10 23:32:38): [pam] [pam_print_data] (0x0100): [CID #2] flags: 2 (2024-07-10 23:32:38): [pam] [cache_req_send] (0x0400): CR #3: REQ_TRACE: New request [CID #2] 'Initgroups by name' (2024-07-10 23:32:38): [pam] [cache_req_process_input] (0x0400): CR #3: Parsing input name [asingh] (2024-07-10 23:32:38): [pam] [sss_domain_get_state] (0x1000): Domain tinku.local is Active (2024-07-10 23:32:38): [pam] [sss_parse_name] (0x0100): Domain not provided! (2024-07-10 23:32:38): [pam] [sss_parse_name_for_domains] (0x0200): name 'asingh' matched without domain, user is asingh (2024-07-10 23:32:38): [pam] [cache_req_set_name] (0x0400): CR #3: Setting name [asingh] (2024-07-10 23:32:38): [pam] [cache_req_select_domains] (0x0400): CR #3: Performing a multi-domain search (2024-07-10 23:32:38): [pam] [cache_req_search_domains] (0x0400): CR #3: Search will check the cache and bypass the data provider (2024-07-10 23:32:38): [pam] [cache_req_set_domain] (0x0400): CR #3: Using domain [implicit_files] (2024-07-10 23:32:38): [pam] [cache_req_prepare_domain_data] (0x0400): CR #3: Preparing input data for domain [implicit_files] rules (2024-07-10 23:32:38): [pam] [cache_req_search_send] (0x0400): CR #3: Looking up asingh@implicit_files (2024-07-10 23:32:38): [pam] [cache_req_search_ncache] (0x0400): CR #3: Checking negative cache for [asingh@implicit_files] (2024-07-10 23:32:38): [pam] [cache_req_search_ncache] (0x0400): CR #3: [asingh@implicit_files] is not present in negative cache (2024-07-10 23:32:38): [pam] [cache_req_search_cache] (0x0400): CR #3: Looking up [asingh@implicit_files] in cache (2024-07-10 23:32:38): [pam] [cache_req_search_cache] (0x0400): CR #3: Object [asingh@implicit_files] was not found in cache (2024-07-10 23:32:38): [pam] [cache_req_set_domain] (0x0400): CR #3: Using domain [tinku.local] (2024-07-10 23:32:38): [pam] [cache_req_prepare_domain_data] (0x0400): CR #3: Preparing input data for domain [tinku.local] rules (2024-07-10 23:32:38): [pam] [cache_req_search_send] (0x0400): CR #3: Looking up [email protected] (2024-07-10 23:32:38): [pam] [cache_req_search_ncache] (0x0400): CR #3: Checking negative cache for [[email protected]] (2024-07-10 23:32:38): [pam] [cache_req_search_ncache] (0x0400): CR #3: [[email protected]] is not present in negative cache (2024-07-10 23:32:38): [pam] [cache_req_search_cache] (0x0400): CR #3: Looking up [[email protected]] in cache (2024-07-10 23:32:38): [pam] [cache_req_search_send] (0x0400): CR #3: Returning [[email protected]] from cache (2024-07-10 23:32:38): [pam] [cache_req_search_ncache_filter] (0x0400): CR #3: This request type does not support filtering result by negative cache (2024-07-10 23:32:38): [pam] [cache_req_create_and_add_result] (0x0400): CR #3: Found 3 entries in domain tinku.local (2024-07-10 23:32:38): [pam] [cache_req_done] (0x0400): CR #3: Finished: Success (2024-07-10 23:32:38): [pam] [cache_req_send] (0x0400): CR #4: REQ_TRACE: New request [CID #2] 'Initgroups by name' (2024-07-10 23:32:38): [pam] [cache_req_process_input] (0x0400): CR #4: Parsing input name [asingh] (2024-07-10 23:32:38): [pam] [sss_domain_get_state] (0x1000): Domain tinku.local is Active (2024-07-10 23:32:38): [pam] [sss_parse_name] (0x0100): Domain not provided! (2024-07-10 23:32:38): [pam] [sss_parse_name_for_domains] (0x0200): name 'asingh' matched without domain, user is asingh (2024-07-10 23:32:38): [pam] [cache_req_set_name] (0x0400): CR #4: Setting name [asingh] (2024-07-10 23:32:38): [pam] [cache_req_select_domains] (0x0400): CR #4: Performing a multi-domain search (2024-07-10 23:32:38): [pam] [cache_req_search_domains] (0x0400): CR #4: Search will bypass the cache and check the data provider (2024-07-10 23:32:38): [pam] [cache_req_set_domain] (0x0400): CR #4: Using domain [implicit_files] (2024-07-10 23:32:38): [pam] [cache_req_prepare_domain_data] (0x0400): CR #4: Preparing input data for domain [implicit_files] rules (2024-07-10 23:32:38): [pam] [cache_req_search_send] (0x0400): CR #4: Looking up asingh@implicit_files (2024-07-10 23:32:38): [pam] [cache_req_search_ncache] (0x0400): CR #4: Checking negative cache for [asingh@implicit_files] (2024-07-10 23:32:38): [pam] [cache_req_search_ncache] (0x0400): CR #4: [asingh@implicit_files] is not present in negative cache (2024-07-10 23:32:38): [pam] [cache_req_search_dp] (0x0400): CR #4: Looking up [asingh@implicit_files] in data provider (2024-07-10 23:32:38): [pam] [sss_domain_get_state] (0x1000): Domain implicit_files is Active (2024-07-10 23:32:38): [pam] [sss_domain_get_state] (0x1000): Domain implicit_files is Active (2024-07-10 23:32:38): [pam] [cache_req_search_cache] (0x0400): CR #4: Looking up [asingh@implicit_files] in cache (2024-07-10 23:32:38): [pam] [cache_req_search_cache] (0x0400): CR #4: Object [asingh@implicit_files] was not found in cache (2024-07-10 23:32:38): [pam] [cache_req_search_ncache_add_to_domain] (0x0400): CR #4: Adding [asingh@implicit_files] to negative cache (2024-07-10 23:32:38): [pam] [sss_ncache_set_str] (0x0400): Adding [NCE/USER/implicit_files/asingh@implicit_files] to negative cache (2024-07-10 23:32:38): [pam] [cache_req_set_domain] (0x0400): CR #4: Using domain [tinku.local] (2024-07-10 23:32:38): [pam] [cache_req_prepare_domain_data] (0x0400): CR #4: Preparing input data for domain [tinku.local] rules (2024-07-10 23:32:38): [pam] [cache_req_search_send] (0x0400): CR #4: Looking up [email protected] (2024-07-10 23:32:38): [pam] [cache_req_search_ncache] (0x0400): CR #4: Checking negative cache for [[email protected]] (2024-07-10 23:32:38): [pam] [cache_req_search_ncache] (0x0400): CR #4: [[email protected]] is not present in negative cache (2024-07-10 23:32:38): [pam] [cache_req_search_dp] (0x0400): CR #4: Looking up [[email protected]] in data provider (2024-07-10 23:32:38): [pam] [sss_dp_get_account_send] (0x0400): Creating request for [tinku.local][0x3][BE_REQ_INITGROUPS][[email protected]:-] (2024-07-10 23:32:38): [pam] [sss_domain_get_state] (0x1000): Domain tinku.local is Active (2024-07-10 23:32:38): [pam] [cache_req_search_cache] (0x0400): CR #4: Looking up [[email protected]] in cache (2024-07-10 23:32:38): [pam] [cache_req_search_ncache_filter] (0x0400): CR #4: This request type does not support filtering result by negative cache (2024-07-10 23:32:38): [pam] [cache_req_search_done] (0x0400): CR #4: Returning updated object [[email protected]] (2024-07-10 23:32:38): [pam] [cache_req_create_and_add_result] (0x0400): CR #4: Found 3 entries in domain tinku.local (2024-07-10 23:32:38): [pam] [cache_req_done] (0x0400): CR #4: Finished: Success (2024-07-10 23:32:38): [pam] [pd_set_primary_name] (0x0400): User's primary name is [email protected] (2024-07-10 23:32:38): [pam] [pam_dp_send_req] (0x0100): Sending request [CID #2] with the following data: (2024-07-10 23:32:38): [pam] [pam_print_data] (0x0100): [CID #2] command: SSS_PAM_PREAUTH (2024-07-10 23:32:38): [pam] [pam_print_data] (0x0100): [CID #2] domain: tinku.local (2024-07-10 23:32:38): [pam] [pam_print_data] (0x0100): [CID #2] user: [email protected] (2024-07-10 23:32:38): [pam] [pam_print_data] (0x0100): [CID #2] service: login (2024-07-10 23:32:38): [pam] [pam_print_data] (0x0100): [CID #2] tty: not set (2024-07-10 23:32:38): [pam] [pam_print_data] (0x0100): [CID #2] ruser: not set (2024-07-10 23:32:38): [pam] [pam_print_data] (0x0100): [CID #2] rhost: not set (2024-07-10 23:32:38): [pam] [pam_print_data] (0x0100): [CID #2] authtok type: 0 (No authentication token available) (2024-07-10 23:32:38): [pam] [pam_print_data] (0x0100): [CID #2] newauthtok type: 0 (No authentication token available) (2024-07-10 23:32:38): [pam] [pam_print_data] (0x0100): [CID #2] priv: 1 (2024-07-10 23:32:38): [pam] [pam_print_data] (0x0100): [CID #2] cli_pid: 335493 (2024-07-10 23:32:38): [pam] [pam_print_data] (0x0100): [CID #2] logon name: asingh (2024-07-10 23:32:38): [pam] [pam_print_data] (0x0100): [CID #2] flags: 2 (2024-07-10 23:32:38): [pam] [pam_dom_forwarder] (0x0100): pam_dp_send_req returned 0 (2024-07-10 23:32:39): [pam] [pam_dp_send_req_done] (0x0200): received: [0 (Success)][tinku.local][CID #2] (2024-07-10 23:32:39): [pam] [pam_reply] (0x0200): blen: 47 (2024-07-10 23:32:39): [pam] [pam_reply] (0x0200): Returning [0]: Success to the client [CID #2] (2024-07-10 23:32:39): [pam] [pam_cmd_authenticate] (0x0100): entering pam_cmd_authenticate (2024-07-10 23:32:39): [pam] [sss_domain_get_state] (0x1000): Domain tinku.local is Active (2024-07-10 23:32:39): [pam] [sss_parse_name] (0x0100): Domain not provided! (2024-07-10 23:32:39): [pam] [sss_parse_name_for_domains] (0x0200): name 'asingh' matched without domain, user is asingh (2024-07-10 23:32:39): [pam] [pam_print_data] (0x0100): [CID #2] command: SSS_PAM_AUTHENTICATE (2024-07-10 23:32:39): [pam] [pam_print_data] (0x0100): [CID #2] domain: not set (2024-07-10 23:32:39): [pam] [pam_print_data] (0x0100): [CID #2] user: asingh (2024-07-10 23:32:39): [pam] [pam_print_data] (0x0100): [CID #2] service: login (2024-07-10 23:32:39): [pam] [pam_print_data] (0x0100): [CID #2] tty: not set (2024-07-10 23:32:39): [pam] [pam_print_data] (0x0100): [CID #2] ruser: not set (2024-07-10 23:32:39): [pam] [pam_print_data] (0x0100): [CID #2] rhost: not set (2024-07-10 23:32:39): [pam] [pam_print_data] (0x0100): [CID #2] authtok type: 3 (Two factors) (2024-07-10 23:32:39): [pam] [pam_print_data] (0x0100): [CID #2] newauthtok type: 0 (No authentication token available) (2024-07-10 23:32:39): [pam] [pam_print_data] (0x0100): [CID #2] priv: 1 (2024-07-10 23:32:39): [pam] [pam_print_data] (0x0100): [CID #2] cli_pid: 335493 (2024-07-10 23:32:39): [pam] [pam_print_data] (0x0100): [CID #2] logon name: asingh (2024-07-10 23:32:39): [pam] [pam_print_data] (0x0100): [CID #2] flags: 2 (2024-07-10 23:32:39): [pam] [cache_req_send] (0x0400): CR #5: REQ_TRACE: New request [CID #2] 'Initgroups by name' (2024-07-10 23:32:39): [pam] [cache_req_process_input] (0x0400): CR #5: Parsing input name [asingh] (2024-07-10 23:32:39): [pam] [sss_domain_get_state] (0x1000): Domain tinku.local is Active (2024-07-10 23:32:39): [pam] [sss_parse_name] (0x0100): Domain not provided! (2024-07-10 23:32:39): [pam] [sss_parse_name_for_domains] (0x0200): name 'asingh' matched without domain, user is asingh (2024-07-10 23:32:39): [pam] [cache_req_set_name] (0x0400): CR #5: Setting name [asingh] (2024-07-10 23:32:39): [pam] [cache_req_select_domains] (0x0400): CR #5: Performing a multi-domain search (2024-07-10 23:32:39): [pam] [cache_req_search_domains] (0x0400): CR #5: Search will check the cache and bypass the data provider (2024-07-10 23:32:39): [pam] [cache_req_set_domain] (0x0400): CR #5: Using domain [implicit_files] (2024-07-10 23:32:39): [pam] [cache_req_prepare_domain_data] (0x0400): CR #5: Preparing input data for domain [implicit_files] rules (2024-07-10 23:32:39): [pam] [cache_req_search_send] (0x0400): CR #5: Looking up asingh@implicit_files (2024-07-10 23:32:39): [pam] [cache_req_search_ncache] (0x0400): CR #5: Checking negative cache for [asingh@implicit_files] (2024-07-10 23:32:39): [pam] [cache_req_search_ncache] (0x0400): CR #5: [asingh@implicit_files] does not exist (negative cache) (2024-07-10 23:32:39): [pam] [cache_req_set_domain] (0x0400): CR #5: Using domain [tinku.local] (2024-07-10 23:32:39): [pam] [cache_req_prepare_domain_data] (0x0400): CR #5: Preparing input data for domain [tinku.local] rules (2024-07-10 23:32:39): [pam] [cache_req_search_send] (0x0400): CR #5: Looking up [email protected] (2024-07-10 23:32:39): [pam] [cache_req_search_ncache] (0x0400): CR #5: Checking negative cache for [[email protected]] (2024-07-10 23:32:39): [pam] [cache_req_search_ncache] (0x0400): CR #5: [[email protected]] is not present in negative cache (2024-07-10 23:32:39): [pam] [cache_req_search_cache] (0x0400): CR #5: Looking up [[email protected]] in cache (2024-07-10 23:32:39): [pam] [cache_req_search_send] (0x0400): CR #5: Returning [[email protected]] from cache (2024-07-10 23:32:39): [pam] [cache_req_search_ncache_filter] (0x0400): CR #5: This request type does not support filtering result by negative cache (2024-07-10 23:32:39): [pam] [cache_req_create_and_add_result] (0x0400): CR #5: Found 3 entries in domain tinku.local (2024-07-10 23:32:39): [pam] [cache_req_done] (0x0400): CR #5: Finished: Success (2024-07-10 23:32:39): [pam] [pd_set_primary_name] (0x0400): User's primary name is [email protected] (2024-07-10 23:32:39): [pam] [pam_dp_send_req] (0x0100): Sending request [CID #2] with the following data: (2024-07-10 23:32:39): [pam] [pam_print_data] (0x0100): [CID #2] command: SSS_PAM_AUTHENTICATE (2024-07-10 23:32:39): [pam] [pam_print_data] (0x0100): [CID #2] domain: tinku.local (2024-07-10 23:32:39): [pam] [pam_print_data] (0x0100): [CID #2] user: [email protected] (2024-07-10 23:32:39): [pam] [pam_print_data] (0x0100): [CID #2] service: login (2024-07-10 23:32:39): [pam] [pam_print_data] (0x0100): [CID #2] tty: not set (2024-07-10 23:32:39): [pam] [pam_print_data] (0x0100): [CID #2] ruser: not set (2024-07-10 23:32:39): [pam] [pam_print_data] (0x0100): [CID #2] rhost: not set (2024-07-10 23:32:39): [pam] [pam_print_data] (0x0100): [CID #2] authtok type: 3 (Two factors) (2024-07-10 23:32:39): [pam] [pam_print_data] (0x0100): [CID #2] newauthtok type: 0 (No authentication token available) (2024-07-10 23:32:39): [pam] [pam_print_data] (0x0100): [CID #2] priv: 1 (2024-07-10 23:32:39): [pam] [pam_print_data] (0x0100): [CID #2] cli_pid: 335493 (2024-07-10 23:32:39): [pam] [pam_print_data] (0x0100): [CID #2] logon name: asingh (2024-07-10 23:32:39): [pam] [pam_print_data] (0x0100): [CID #2] flags: 2 (2024-07-10 23:32:39): [pam] [pam_dom_forwarder] (0x0100): pam_dp_send_req returned 0 (2024-07-10 23:32:41): [pam] [pam_dp_send_req_done] (0x0200): received: [7 (Authentication failure)][tinku.local][CID #2] (2024-07-10 23:32:41): [pam] [pam_reply] (0x0200): blen: 28 (2024-07-10 23:32:41): [pam] [pam_reply] (0x0200): Returning [7]: Authentication failure to the client [CID #2] (2024-07-10 23:32:43): [pam] [client_recv] (0x0200): Client disconnected! -- _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
