kinit admin works perfectly, that is such strange.

2015-08-01 22:15 GMT+02:00 Janelle <janellenicol...@gmail.com>:
> lastly -- on the master - do you get the same error if you "kinit admin"?
> ~J
>
>
> On 8/1/15 1:05 PM, Matt . wrote:
>>
>> This actually the most important part, and the GSS Failure concerns me:
>>
>> debug1: SSH2_MSG_SERVICE_ACCEPT received
>> debug2: key: /root/.ssh/id_rsa ((nil)),
>> debug2: key: /root/.ssh/id_dsa ((nil)),
>> debug2: key: /root/.ssh/id_ecdsa ((nil)),
>> debug2: key: /root/.ssh/id_ed25519 ((nil)),
>> debug1: Authentications that can continue:
>> publickey,gssapi-keyex,gssapi-with-mic,password
>> debug3: start over, passed a different list
>> publickey,gssapi-keyex,gssapi-with-mic,password
>> debug3: preferred
>> gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password
>> debug3: authmethod_lookup gssapi-keyex
>> debug3: remaining preferred:
>> gssapi-with-mic,publickey,keyboard-interactive,password
>> debug3: authmethod_is_enabled gssapi-keyex
>> debug1: Next authentication method: gssapi-keyex
>> debug1: No valid Key exchange context
>> debug2: we did not send a packet, disable method
>> debug3: authmethod_lookup gssapi-with-mic
>> debug3: remaining preferred: publickey,keyboard-interactive,password
>> debug3: authmethod_is_enabled gssapi-with-mic
>> debug1: Next authentication method: gssapi-with-mic
>> debug1: Unspecified GSS failure.  Minor code may provide more information
>> No Kerberos credentials available
>>
>> debug1: Unspecified GSS failure.  Minor code may provide more information
>> No Kerberos credentials available
>>
>> debug1: Unspecified GSS failure.  Minor code may provide more information
>>
>>
>> debug1: Unspecified GSS failure.  Minor code may provide more information
>> No Kerberos credentials available
>>
>> debug2: we did not send a packet, disable method
>> debug3: authmethod_lookup publickey
>> debug3: remaining preferred: keyboard-interactive,password
>> debug3: authmethod_is_enabled publickey
>> debug1: Next authentication method: publickey
>> debug1: Trying private key: /root/.ssh/id_rsa
>> debug3: no such identity: /root/.ssh/id_rsa: No such file or directory
>> debug1: Trying private key: /root/.ssh/id_dsa
>> debug3: no such identity: /root/.ssh/id_dsa: No such file or directory
>> debug1: Trying private key: /root/.ssh/id_ecdsa
>> debug3: no such identity: /root/.ssh/id_ecdsa: No such file or directory
>> debug1: Trying private key: /root/.ssh/id_ed25519
>> debug3: no such identity: /root/.ssh/id_ed25519: No such file or directory
>> debug2: we did not send a packet, disable method
>> debug3: authmethod_lookup password
>> debug3: remaining preferred: ,password
>> debug3: authmethod_is_enabled password
>> debug1: Next authentication method: password
>> admin@ipa-01.domain.local's password:
>> debug3: packet_send2: adding 64 (len 58 padlen 6 extra_pad 64)
>> debug2: we sent a password packet, wait for reply
>> debug1: Authentications that can continue:
>> publickey,gssapi-keyex,gssapi-with-mic,password
>> Permission denied, please try again.
>>
>> 2015-08-01 22:02 GMT+02:00 Janelle <janellenicol...@gmail.com>:
>>>
>>> What is in the logs on the machine that is failing? Can you login to
>>> admin
>>> from anywhere?  Logs are you best friend.
>>> Also, a simply "ssh -vvv" will help.
>>>
>>> ~J
>>>
>>>
>>> On 8/1/15 12:51 PM, Matt . wrote:
>>>>
>>>> Hi,
>>>>
>>>> This didn't fix it yet.
>>>>
>>>> I wonder if there are any checks I can do as in the very past I was
>>>> able to do a simple replica without any issues.
>>>>
>>>> Matt
>>>>
>>>> 2015-08-01 21:34 GMT+02:00 Janelle <janellenicol...@gmail.com>:
>>>>>
>>>>> Double check you do not have "AllowGroups" set in your
>>>>> /etc/ssh/sshd_config
>>>>> file. If you do, add the "admins" group.
>>>>>
>>>>> Also, make sure on the master, that the /etc/nsswitch.conf was properly
>>>>> updated. Several server installs I have done, have left off the "sss"
>>>>> for
>>>>> "passwd", "group" and "shadow".
>>>>>
>>>>> passwd:     files sss
>>>>> shadow:     files sss
>>>>> group:      files sss
>>>>>
>>>>> I bet one of those will fix your problem. Restart sssd and/of sshd if
>>>>> you
>>>>> have to make changes.
>>>>>
>>>>> ~Janelle
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> On 8/1/15 10:13 AM, Matt . wrote:
>>>>>>
>>>>>> Hi Guys,
>>>>>>
>>>>>> I'm doing a replica install there my admin password for the SSH check
>>>>>> to the master is not accepted.
>>>>>>
>>>>>> The password is not expired, I can use it on the GUI and even changing
>>>>>> it in the GUI doesn't fix this.
>>>>>>
>>>>>> What can I check ?
>>>>>>
>>>>>> Cheers,
>>>>>>
>>>>>> Matt
>>>>>>
>

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to