On 03/24/2015 09:01 AM, Bobby Prins wrote:
Does the user that you use (bpr...@example.corp) is a member of many
----- Oorspronkelijk bericht -----
Van: "Alexander Bokovoy" <aboko...@redhat.com>
Aan: "Bobby Prins" <bobby.pr...@proxy.nl>
Cc: d...@redhat.com, firstname.lastname@example.org
Verzonden: Maandag 23 maart 2015 16:44:47
Onderwerp: Re: [Freeipa-users] 'Preauthentication failed' with SSSD in
Can you show relevant parts of /var/log/dirsrv/slapd-EXAMPLE-CORP/access
and sssd logs from IPA master (with debug_level = 10) at least in
[domain], [nss], and [pam] sections.
You need to filter dirsrv logs by connection coming from AIX IP address
and then by conn=<number> where number is the same number as the one
with IP address line.
When authenticating, AIX would talk to IPA LDAP server to compat tree
and slapi-nis plugin which serves compat tree would do PAM
authentication as service system-auth where SSSD on IPA master will do
the actual authentication work.
/ Alexander Bokovoy
Here you can see the DS connection from AIX:
[24/Mar/2015:12:53:19 +0100] conn=96 fd=110 slot=110 connection from
192.168.140.107 to 192.168.140.133
[24/Mar/2015:12:53:20 +0100] conn=96 op=0 BIND
[24/Mar/2015:12:53:43 +0100] conn=96 op=0 RESULT err=0 tag=97 nentries=0 etime=24
[24/Mar/2015:12:53:43 +0100] conn=96 op=-1 fd=110 closed - B1
As you can see it also takes quite some time to process the login. Could that
be a problem?
The SSSD log files are a bit large with debug_level set to 10 and it will take
me some time to strip all customer data from it. Any log events in particular
you would like to see?
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project