SSO works intermittently. I’m having trouble tracing the issue. Here is what I see from /var/log/secure. Where should I look for more detail to figure out why the SSO login is failing?
Mar 30 08:47:39 mid-ipa-vp01 sshd[9317]: Starting session: shell on pts/0 for root from 10.34.149.105 port 49725 Mar 30 08:47:39 mid-ipa-vp01 sshd[9322]: debug1: Setting controlling tty using TIOCSCTTY. Mar 30 08:47:39 mid-ipa-vp01 sshd[9322]: debug1: PAM: reinitializing credentials Mar 30 08:47:39 mid-ipa-vp01 sshd[9322]: debug1: permanently_set_uid: 0/0 Mar 30 08:49:05 mid-ipa-vp01 sshd[9317]: debug1: server_input_global_request: rtype keepal...@openssh.com want_reply 1 Mar 30 08:50:05 mid-ipa-vp01 sshd[9317]: debug1: server_input_global_request: rtype keepal...@openssh.com want_reply 1 Mar 30 08:51:57 mid-ipa-vp01 sshd[9317]: debug1: server_input_global_request: rtype keepal...@openssh.com want_reply 1 Mar 30 08:52:57 mid-ipa-vp01 sshd[9317]: debug1: server_input_global_request: rtype keepal...@openssh.com want_reply 1 Mar 30 08:53:51 mid-ipa-vp01 sshd[1388]: debug1: Forked child 12621. Mar 30 08:53:51 mid-ipa-vp01 sshd[12621]: Set /proc/self/oom_score_adj to 0 Mar 30 08:53:51 mid-ipa-vp01 sshd[12621]: debug1: rexec start in 5 out 5 newsock 5 pipe 7 sock 8 Mar 30 08:53:51 mid-ipa-vp01 sshd[12621]: debug1: inetd sockets after dupping: 3, 3 Mar 30 08:53:51 mid-ipa-vp01 sshd[12621]: Connection from 10.80.5.239 port 52982 on 10.127.26.73 port 22 Mar 30 08:53:51 mid-ipa-vp01 sshd[12621]: debug1: Client protocol version 2.0; client software version PuTTY_Release_0.64 Mar 30 08:53:51 mid-ipa-vp01 sshd[12621]: debug1: no match: PuTTY_Release_0.64 Mar 30 08:53:51 mid-ipa-vp01 sshd[12621]: debug1: Enabling compatibility mode for protocol 2.0 Mar 30 08:53:51 mid-ipa-vp01 sshd[12621]: debug1: Local version string SSH-2.0-OpenSSH_6.6.1 Mar 30 08:53:51 mid-ipa-vp01 sshd[12621]: debug1: SELinux support enabled [preauth] Mar 30 08:53:51 mid-ipa-vp01 sshd[12621]: debug1: permanently_set_uid: 74/74 [preauth] Mar 30 08:53:51 mid-ipa-vp01 sshd[12621]: debug1: list_hostkey_types: ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519 [preauth] Mar 30 08:53:51 mid-ipa-vp01 sshd[12621]: debug1: SSH2_MSG_KEXINIT sent [preauth] Mar 30 08:53:51 mid-ipa-vp01 sshd[12621]: debug1: SSH2_MSG_KEXINIT received [preauth] Mar 30 08:53:51 mid-ipa-vp01 sshd[12621]: debug1: kex: client->server aes256-ctr hmac-sha2-256 none [preauth] Mar 30 08:53:51 mid-ipa-vp01 sshd[12621]: debug1: kex: server->client aes256-ctr hmac-sha2-256 none [preauth] Mar 30 08:53:51 mid-ipa-vp01 sshd[12621]: debug1: kex: diffie-hellman-group-exchange-sha256 need=32 dh_need=32 [preauth] Mar 30 08:53:51 mid-ipa-vp01 sshd[12621]: debug1: kex: diffie-hellman-group-exchange-sha256 need=32 dh_need=32 [preauth] Mar 30 08:53:51 mid-ipa-vp01 sshd[12621]: debug1: SSH2_MSG_KEX_DH_GEX_REQUEST_OLD received [preauth] Mar 30 08:53:51 mid-ipa-vp01 sshd[12621]: debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent [preauth] Mar 30 08:53:51 mid-ipa-vp01 sshd[12621]: debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT [preauth] Mar 30 08:53:51 mid-ipa-vp01 sshd[12621]: debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent [preauth] Mar 30 08:53:51 mid-ipa-vp01 sshd[12621]: debug1: SSH2_MSG_NEWKEYS sent [preauth] Mar 30 08:53:51 mid-ipa-vp01 sshd[12621]: debug1: expecting SSH2_MSG_NEWKEYS [preauth] Mar 30 08:53:52 mid-ipa-vp01 sshd[12621]: debug1: SSH2_MSG_NEWKEYS received [preauth] Mar 30 08:53:52 mid-ipa-vp01 sshd[12621]: debug1: KEX done [preauth] Mar 30 08:53:52 mid-ipa-vp01 sshd[12621]: debug1: userauth-request for user adm-faru03@test.osuwmc service ssh-connection method none [preauth] Mar 30 08:53:52 mid-ipa-vp01 sshd[12621]: debug1: attempt 0 failures 0 [preauth] Mar 30 08:53:53 mid-ipa-vp01 sshd[12621]: debug1: PAM: initializing for "adm-faru03@test.osuwmc" Mar 30 08:53:53 mid-ipa-vp01 sshd[12621]: debug1: PAM: setting PAM_RHOST to "svr-addc-vt01.test.osuwmc" Mar 30 08:53:53 mid-ipa-vp01 sshd[12621]: debug1: PAM: setting PAM_TTY to "ssh" Mar 30 08:53:53 mid-ipa-vp01 sshd[12621]: debug1: userauth-request for user adm-faru03@test.osuwmc service ssh-connection method gssapi-with-mic [preauth] Mar 30 08:53:53 mid-ipa-vp01 sshd[12621]: debug1: attempt 1 failures 0 [preauth] Mar 30 08:53:53 mid-ipa-vp01 sshd[12621]: Postponed gssapi-with-mic for adm-faru03@test.osuwmc from 10.80.5.239 port 52982 ssh2 [preauth] Mar 30 08:53:58 mid-ipa-vp01 sshd[12621]: debug1: userauth-request for user adm-faru03@test.osuwmc service ssh-connection method password [preauth] Mar 30 08:53:58 mid-ipa-vp01 sshd[12621]: debug1: attempt 2 failures 0 [preauth] Mar 30 08:53:58 mid-ipa-vp01 sshd[12621]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=svr-addc-vt01.test.osuwmc user=adm-faru03@test.osuwmc Mar 30 08:54:00 mid-ipa-vp01 sshd[12621]: pam_sss(sshd:auth): authentication success; logname= uid=0 euid=0 tty=ssh ruser= rhost=svr-addc-vt01.test.osuwmc user=adm-faru03@test.osuwmc Mar 30 08:54:00 mid-ipa-vp01 sshd[12621]: debug1: PAM: password authentication accepted for adm-faru03@test.osuwmc Mar 30 08:54:00 mid-ipa-vp01 sshd[12621]: debug1: do_pam_account: called
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
