Hello, I've just installed a new Fedora 13 client and configured it to use FreeIPA. During ipa-client install, I received the following error:
nss_ldap is not able to use DNS discovery! However, the /etc/ldap.conf and /etc/krb5.conf appear to be configured correctly. I am unable to login to the machine. Here is an extract from /var/log/secure: Jun 28 12:12:01 pc45 sshd[2263]: Invalid user djscott from 192.168.1.35 Jun 28 12:12:01 pc45 sshd[2264]: input_userauth_request: invalid user djscott Jun 28 12:12:07 pc45 sshd[2263]: pam_unix(sshd:auth): check pass; user unknown Jun 28 12:12:07 pc45 sshd[2263]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=pc35.example.com Jun 28 12:12:07 pc45 sshd[2263]: pam_succeed_if(sshd:auth): error retrieving information about user djscott Jun 28 12:12:09 pc45 sshd[2263]: Failed password for invalid user djscott from 192.168.1.35 port 50502 ssh2 Here is the PAM configuration: [r...@pc45 ~]# cat /etc/pam.d/sshd #%PAM-1.0 auth required pam_sepermit.so auth include password-auth account required pam_nologin.so account include password-auth password include password-auth # pam_selinux.so close should be the first session rule session required pam_selinux.so close session required pam_loginuid.so # pam_selinux.so open should only be followed by sessions to be executed in the user context session required pam_selinux.so open env_params #session optional pam_keyinit.so force revoke session include password-auth [r...@pc45 ~]# cat /etc/pam.d/password-auth #%PAM-1.0 # This file is auto-generated. # User changes will be destroyed the next time authconfig is run. auth required pam_env.so auth sufficient pam_unix.so nullok try_first_pass auth requisite pam_succeed_if.so uid >= 500 quiet auth sufficient pam_krb5.so use_first_pass auth required pam_deny.so account required pam_unix.so broken_shadow account sufficient pam_localuser.so account sufficient pam_succeed_if.so uid < 500 quiet account [default=bad success=ok user_unknown=ignore] pam_krb5.so account required pam_permit.so password requisite pam_cracklib.so try_first_pass retry=3 password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok password sufficient pam_krb5.so use_authtok password required pam_deny.so session optional pam_keyinit.so revoke session required pam_limits.so session optional pam_mkhomedir.so session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid session required pam_unix.so session optional pam_krb5.so [r...@pc45 ~]# Does anyone have any suggestions for why this is not working? Thanks, Dan Scott _______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
