Hi Everybody.


I ran into a strange problem today: I reset a user password in the GUI
to "Test1234" for testing but when I tried to login as that user and
enter the password, I got an authentication error. Does anyone know why
this might be occurring or how I can debug it?


Here are some additional details: 

*        OS: CentOS 6.2

*        FreeIPA: 2.1.3


Here are the steps I went through:

1.      I log into the server as "A".

2.      I run "kinit admin

3.      I add a user "B" with password: "F00bar5pam!"

4.      I  verify that the user exists https://localhost

5.      I reset the password in the web interface to "Test1234" (yeah, I
know, completely lame)

6.      The GUI tells me that it reset.

7.      I then try "ssh B@some-host" using the "Test1234" and get
permission denied. That is odd, it may indicate an HBAC error.

8.      So I try "su - B" with password "Test1234" and get "su:
incorrect password"

9.      Now I am stumped so I look /var/log/secure and see these
Jun 29 17:53:11 cuthbert su: pam_sss(su-l:auth): authentication failure;
logname=A uid=500 euid=0 tty=pts/1 ruser=A rhost= user=B
Jun 29 17:53:11 cuthbert su: pam_sss(su-l:auth): received for B: 4
(System error)

10.   I didn't see anything strange in

11.   I didn't see anything strange in

12.   I didn't see any SELinux errors in /var/log/audit/audit.log

13.   I didn't see anything suspicious in /var/log/krb5kdc.log

14.   In /var/log/pki-ca/debug there was some stuff about no sessions
have been created but I am not sure whether that has anything to do with


What is system error 4 (step #9)? Is that the source of the problem?


Any help would be greatly appreciated.







Freeipa-users mailing list

Reply via email to