On Thu, Dec 05, 2013 at 09:49:11AM +0100, Jakub Hrozek wrote: > On Thu, Dec 05, 2013 at 12:02:12PM +0400, Прохоров Сергей wrote: > > > > Hello community, I have problems with FreeIPA-client configuration > > on OpenSUSE 12.2, and I think I can't fix it without your help. I > > have following errors in my /var/log/messages, when I try login in > > by freeipa account: > > > > ############################################################ > > Dec 2 18:21:24 linux-l3wy sshd[12481]: Invalid user admin from > > 192.168.0.159 > > Dec 2 18:21:24 linux-l3wy sshd[12481]: input_userauth_request: > > invalid user admin [preauth] > > Dec 2 18:21:24 linux-l3wy sssd_be: No worthy mechs found > > Dec 2 18:21:24 linux-l3wy sshd[12481]: Postponed > > keyboard-interactive for invalid user admin from 192.168.0.159 port > > 38175 ssh2 [preauth] > > Dec 2 18:21:41 linux-l3wy sshd[12484]: pam_sss(sshd:auth): > > authentication failure; logname= uid=0 euid=0 tty=ssh ruser= > > rhost=192.168.0.159 user=admin > > Dec 2 18:21:41 linux-l3wy sshd[12484]: pam_sss(sshd:auth): received > > for user admin: 10 (User not known to the underlying authentication > > module) > > Dec 2 18:21:41 linux-l3wy sshd[12481]: error: PAM: User not known > > to the underlying authentication module for illegal user admin from > > 192.168.0.159 > > Dec 2 18:21:41 linux-l3wy sshd[12481]: Failed > > keyboard-interactive/pam for invalid user admin from 192.168.0.159 > > port 38175 ssh2 > > Dec 2 18:21:41 linux-l3wy sshd[12481]: Postponed > > keyboard-interactive for invalid user admin from 192.168.0.159 port > > 38175 ssh2 [preauth] > > Dec 2 18:21:50 linux-l3wy sshd[12481]: Connection closed by > > 192.168.0.159 [preauth] > > ############################################################ > > Hi Sergey, > > are you able to run "getent passwd admin" from the command line? SSH is > complaining that admin is not a known account. > > I suspect that for whatevet reason the sssd is unable to connect to the > IPA servers. getent passwd admin or id admin don't return anything, you > should put debug_level=6 into the [domain] section, restart sssd and > then check out /var/log/sssd/sssd_example.com log.
btw Sergey sent me the SSSD logs directly and it seems he was missing cyrus-sasl-gssapi, which sounds like SUSE packaging bug. _______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users