Hello community, I have problems with FreeIPA-client configuration on
OpenSUSE 12.2, and I think I can't fix it without your help. I have
following errors in my /var/log/messages, when I try login in by freeipa
account:
############################################################
Dec 2 18:21:24 linux-l3wy sshd[12481]: Invalid user admin from
192.168.0.159
Dec 2 18:21:24 linux-l3wy sshd[12481]: input_userauth_request: invalid
user admin [preauth]
Dec 2 18:21:24 linux-l3wy sssd_be: No worthy mechs found
Dec 2 18:21:24 linux-l3wy sshd[12481]: Postponed keyboard-interactive
for invalid user admin from 192.168.0.159 port 38175 ssh2 [preauth]
Dec 2 18:21:41 linux-l3wy sshd[12484]: pam_sss(sshd:auth):
authentication failure; logname= uid=0 euid=0 tty=ssh ruser=
rhost=192.168.0.159 user=admin
Dec 2 18:21:41 linux-l3wy sshd[12484]: pam_sss(sshd:auth): received for
user admin: 10 (User not known to the underlying authentication module)
Dec 2 18:21:41 linux-l3wy sshd[12481]: error: PAM: User not known to
the underlying authentication module for illegal user admin from
192.168.0.159
Dec 2 18:21:41 linux-l3wy sshd[12481]: Failed keyboard-interactive/pam
for invalid user admin from 192.168.0.159 port 38175 ssh2
Dec 2 18:21:41 linux-l3wy sshd[12481]: Postponed keyboard-interactive
for invalid user admin from 192.168.0.159 port 38175 ssh2 [preauth]
Dec 2 18:21:50 linux-l3wy sshd[12481]: Connection closed by
192.168.0.159 [preauth]
############################################################
About client configuration:
My installed packages
sssd-ldap-1.11.2-110.6.x86_64
sssd-ipa-1.11.2-110.6.x86_64
sssd-1.11.2-110.6.x86_64
sssd-tools-1.11.2-110.6.x86_64
sssd-krb5-common-1.11.2-110.6.x86_64
*//etc/sss/**/d/sssd.conf:/*
############################################################
[domain/example.com]
cache_credentials = True
krb5_store_password_if_offline = True
ipa_domain = example.com
id_provider = ipa
auth_provider = ipa
access_provider = ipa
ipa_hostname = client1.example.com
chpass_provider = ipa
ipa_server = _srv_, ipa.example.com
ldap_tls_cacert = /etc/ipa/ca.crt
[sssd]
services = nss, pam, ssh
config_file_version = 2
domains = example.com
debug_level=9
############################################################
/etc/krb5.conf:
############################################################
[libdefaults]
default_realm = EXAMPLE.COM
#dns_lookup_realm = false
#dns_lookup_kdc = false
dns_lookup_realm = true
dns_lookup_kdc = true
rdns = false
ticket_lifetime = 24h
forwardable = yes
#allow_weak_crypto = true
[realms]
example.COM = {
pkinit_anchors = FILE:/etc/ipa/ca.crt
#kdc = ipa.example.com:88
#admin_server = ipa.example.com:749
#default_domain = example.com
}
[domain_realm]
.example.com = example.COM
example.com = example.COM
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
############################################################
P.S. Thank you for your time, and sorry for my English.
--
Sergey Prokhorov
System Engineer
e-mail:sprokho...@intech-global.com
_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
