On 01/04/2014 06:13 PM, Genadi Postrilko wrote: > Output from /var/log/secure: > > Jan 4 15:03:02 ipaserver sshd[5958]: Invalid user > administra...@addc.com <mailto:administra...@addc.com> from 192.168.227.1 > Jan 4 15:03:02 ipaserver sshd[5959]: input_userauth_request: invalid > user administra...@addc.com <mailto:administra...@addc.com> > Jan 4 15:03:06 ipaserver sshd[5958]: pam_unix(sshd:auth): check pass; > user unknown > Jan 4 15:03:06 ipaserver sshd[5958]: pam_unix(sshd:auth): > authentication failure; logname= uid=0 euid=0 tty=ssh ruser= > rhost=192.168.227.1 > Jan 4 15:03:06 ipaserver sshd[5958]: pam_succeed_if(sshd:auth): error > retrieving information about user administra...@addc.com > <mailto:administra...@addc.com> > Jan 4 15:03:08 ipaserver sshd[5958]: Failed password for invalid user > administra...@addc.com <mailto:administra...@addc.com> from > 192.168.227.1 port 53125 ssh2
I do not see SSSD doing auth. Is pam_sss configured for PAM for SSH? See more details here: https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html-single/Identity_Management_Guide/index.html#installing-host-keys http://www.freeipa.org/images/1/10/Freeipa30_SSSD_OpenSSH_integration.pdf I do not see simple HowTo to configure SSH to use SSSD for cases when ipa-client-install is not used. May be we should provide one. The expectation is: You install IPA, create trust, join client to IPA using ipa-client-install and it configures everything you need. The order of last two steps can be reversed but the result should be the same. > > > > 2014/1/3 Genadi Postrilko <genadip...@gmail.com > <mailto:genadip...@gmail.com>> > > Here are the other logs as well (ldap_child.log, sssd_pac.log, > sssd_ssh.log). > > https://gist.github.com/anonymous/8242061 > > I attempted to log in (as administra...@addc.com > <mailto:administra...@addc.com>) at 9:04. > > Thanks for the help. > > > > _______________________________________________ > Freeipa-users mailing list > Freeipa-users@redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-users -- Thank you, Dmitri Pal Sr. Engineering Manager for IdM portfolio Red Hat Inc. ------------------------------- Looking to carve out IT costs? www.redhat.com/carveoutcosts/
_______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users