Hello community, I have problems with FreeIPA-client configuration on OpenSUSE 12.2, and I think I can't fix it without your help. I have following errors in my /var/log/messages, when I try login in by freeipa account:


############################################################
Dec 2 18:21:24 linux-l3wy sshd[12481]: Invalid user admin from 192.168.0.159 Dec 2 18:21:24 linux-l3wy sshd[12481]: input_userauth_request: invalid user admin [preauth]
Dec  2 18:21:24 linux-l3wy sssd_be: No worthy mechs found
Dec 2 18:21:24 linux-l3wy sshd[12481]: Postponed keyboard-interactive for invalid user admin from 192.168.0.159 port 38175 ssh2 [preauth] Dec 2 18:21:41 linux-l3wy sshd[12484]: pam_sss(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.0.159 user=admin Dec 2 18:21:41 linux-l3wy sshd[12484]: pam_sss(sshd:auth): received for user admin: 10 (User not known to the underlying authentication module) Dec 2 18:21:41 linux-l3wy sshd[12481]: error: PAM: User not known to the underlying authentication module for illegal user admin from 192.168.0.159 Dec 2 18:21:41 linux-l3wy sshd[12481]: Failed keyboard-interactive/pam for invalid user admin from 192.168.0.159 port 38175 ssh2 Dec 2 18:21:41 linux-l3wy sshd[12481]: Postponed keyboard-interactive for invalid user admin from 192.168.0.159 port 38175 ssh2 [preauth] Dec 2 18:21:50 linux-l3wy sshd[12481]: Connection closed by 192.168.0.159 [preauth]
############################################################

About client configuration:
My installed packages
sssd-ldap-1.11.2-110.6.x86_64
sssd-ipa-1.11.2-110.6.x86_64
sssd-1.11.2-110.6.x86_64
sssd-tools-1.11.2-110.6.x86_64
sssd-krb5-common-1.11.2-110.6.x86_64


*//etc/sss/**/d/sssd.conf:/*
############################################################
[domain/example.com]
cache_credentials = True
krb5_store_password_if_offline = True
ipa_domain = example.com
id_provider = ipa
auth_provider = ipa
access_provider = ipa
ipa_hostname = client1.example.com
chpass_provider = ipa
ipa_server = _srv_, ipa.example.com
ldap_tls_cacert = /etc/ipa/ca.crt

[sssd]
services = nss, pam, ssh
config_file_version = 2
domains = example.com
debug_level=9
############################################################

/etc/krb5.conf:
############################################################
[libdefaults]
  default_realm = EXAMPLE.COM
  #dns_lookup_realm = false
  #dns_lookup_kdc = false
  dns_lookup_realm = true
  dns_lookup_kdc = true
  rdns = false
  ticket_lifetime = 24h
  forwardable = yes
  #allow_weak_crypto = true

[realms]
  example.COM = {
    pkinit_anchors = FILE:/etc/ipa/ca.crt
    #kdc = ipa.example.com:88
    #admin_server = ipa.example.com:749
    #default_domain = example.com
  }

[domain_realm]
  .example.com = example.COM
  example.com = example.COM

[logging]
  default = FILE:/var/log/krb5libs.log
  kdc = FILE:/var/log/krb5kdc.log
  admin_server = FILE:/var/log/kadmind.log
############################################################

P.S. Thank you for your time, and sorry for my English.

--
Sergey Prokhorov
System Engineer
e-mail:sprokho...@intech-global.com


_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to