This actually the most important part, and the GSS Failure concerns me: debug1: SSH2_MSG_SERVICE_ACCEPT received debug2: key: /root/.ssh/id_rsa ((nil)), debug2: key: /root/.ssh/id_dsa ((nil)), debug2: key: /root/.ssh/id_ecdsa ((nil)), debug2: key: /root/.ssh/id_ed25519 ((nil)), debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password debug3: start over, passed a different list publickey,gssapi-keyex,gssapi-with-mic,password debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password debug3: authmethod_lookup gssapi-keyex debug3: remaining preferred: gssapi-with-mic,publickey,keyboard-interactive,password debug3: authmethod_is_enabled gssapi-keyex debug1: Next authentication method: gssapi-keyex debug1: No valid Key exchange context debug2: we did not send a packet, disable method debug3: authmethod_lookup gssapi-with-mic debug3: remaining preferred: publickey,keyboard-interactive,password debug3: authmethod_is_enabled gssapi-with-mic debug1: Next authentication method: gssapi-with-mic debug1: Unspecified GSS failure. Minor code may provide more information No Kerberos credentials available
debug1: Unspecified GSS failure. Minor code may provide more information No Kerberos credentials available debug1: Unspecified GSS failure. Minor code may provide more information debug1: Unspecified GSS failure. Minor code may provide more information No Kerberos credentials available debug2: we did not send a packet, disable method debug3: authmethod_lookup publickey debug3: remaining preferred: keyboard-interactive,password debug3: authmethod_is_enabled publickey debug1: Next authentication method: publickey debug1: Trying private key: /root/.ssh/id_rsa debug3: no such identity: /root/.ssh/id_rsa: No such file or directory debug1: Trying private key: /root/.ssh/id_dsa debug3: no such identity: /root/.ssh/id_dsa: No such file or directory debug1: Trying private key: /root/.ssh/id_ecdsa debug3: no such identity: /root/.ssh/id_ecdsa: No such file or directory debug1: Trying private key: /root/.ssh/id_ed25519 debug3: no such identity: /root/.ssh/id_ed25519: No such file or directory debug2: we did not send a packet, disable method debug3: authmethod_lookup password debug3: remaining preferred: ,password debug3: authmethod_is_enabled password debug1: Next authentication method: password [email protected]'s password: debug3: packet_send2: adding 64 (len 58 padlen 6 extra_pad 64) debug2: we sent a password packet, wait for reply debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password Permission denied, please try again. 2015-08-01 22:02 GMT+02:00 Janelle <[email protected]>: > What is in the logs on the machine that is failing? Can you login to admin > from anywhere? Logs are you best friend. > Also, a simply "ssh -vvv" will help. > > ~J > > > On 8/1/15 12:51 PM, Matt . wrote: >> >> Hi, >> >> This didn't fix it yet. >> >> I wonder if there are any checks I can do as in the very past I was >> able to do a simple replica without any issues. >> >> Matt >> >> 2015-08-01 21:34 GMT+02:00 Janelle <[email protected]>: >>> >>> Double check you do not have "AllowGroups" set in your >>> /etc/ssh/sshd_config >>> file. If you do, add the "admins" group. >>> >>> Also, make sure on the master, that the /etc/nsswitch.conf was properly >>> updated. Several server installs I have done, have left off the "sss" for >>> "passwd", "group" and "shadow". >>> >>> passwd: files sss >>> shadow: files sss >>> group: files sss >>> >>> I bet one of those will fix your problem. Restart sssd and/of sshd if you >>> have to make changes. >>> >>> ~Janelle >>> >>> >>> >>> >>> On 8/1/15 10:13 AM, Matt . wrote: >>>> >>>> Hi Guys, >>>> >>>> I'm doing a replica install there my admin password for the SSH check >>>> to the master is not accepted. >>>> >>>> The password is not expired, I can use it on the GUI and even changing >>>> it in the GUI doesn't fix this. >>>> >>>> What can I check ? >>>> >>>> Cheers, >>>> >>>> Matt >>>> > -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
