kinit admin works perfectly, that is such strange. 2015-08-01 22:15 GMT+02:00 Janelle <[email protected]>: > lastly -- on the master - do you get the same error if you "kinit admin"? > ~J > > > On 8/1/15 1:05 PM, Matt . wrote: >> >> This actually the most important part, and the GSS Failure concerns me: >> >> debug1: SSH2_MSG_SERVICE_ACCEPT received >> debug2: key: /root/.ssh/id_rsa ((nil)), >> debug2: key: /root/.ssh/id_dsa ((nil)), >> debug2: key: /root/.ssh/id_ecdsa ((nil)), >> debug2: key: /root/.ssh/id_ed25519 ((nil)), >> debug1: Authentications that can continue: >> publickey,gssapi-keyex,gssapi-with-mic,password >> debug3: start over, passed a different list >> publickey,gssapi-keyex,gssapi-with-mic,password >> debug3: preferred >> gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password >> debug3: authmethod_lookup gssapi-keyex >> debug3: remaining preferred: >> gssapi-with-mic,publickey,keyboard-interactive,password >> debug3: authmethod_is_enabled gssapi-keyex >> debug1: Next authentication method: gssapi-keyex >> debug1: No valid Key exchange context >> debug2: we did not send a packet, disable method >> debug3: authmethod_lookup gssapi-with-mic >> debug3: remaining preferred: publickey,keyboard-interactive,password >> debug3: authmethod_is_enabled gssapi-with-mic >> debug1: Next authentication method: gssapi-with-mic >> debug1: Unspecified GSS failure. Minor code may provide more information >> No Kerberos credentials available >> >> debug1: Unspecified GSS failure. Minor code may provide more information >> No Kerberos credentials available >> >> debug1: Unspecified GSS failure. Minor code may provide more information >> >> >> debug1: Unspecified GSS failure. Minor code may provide more information >> No Kerberos credentials available >> >> debug2: we did not send a packet, disable method >> debug3: authmethod_lookup publickey >> debug3: remaining preferred: keyboard-interactive,password >> debug3: authmethod_is_enabled publickey >> debug1: Next authentication method: publickey >> debug1: Trying private key: /root/.ssh/id_rsa >> debug3: no such identity: /root/.ssh/id_rsa: No such file or directory >> debug1: Trying private key: /root/.ssh/id_dsa >> debug3: no such identity: /root/.ssh/id_dsa: No such file or directory >> debug1: Trying private key: /root/.ssh/id_ecdsa >> debug3: no such identity: /root/.ssh/id_ecdsa: No such file or directory >> debug1: Trying private key: /root/.ssh/id_ed25519 >> debug3: no such identity: /root/.ssh/id_ed25519: No such file or directory >> debug2: we did not send a packet, disable method >> debug3: authmethod_lookup password >> debug3: remaining preferred: ,password >> debug3: authmethod_is_enabled password >> debug1: Next authentication method: password >> [email protected]'s password: >> debug3: packet_send2: adding 64 (len 58 padlen 6 extra_pad 64) >> debug2: we sent a password packet, wait for reply >> debug1: Authentications that can continue: >> publickey,gssapi-keyex,gssapi-with-mic,password >> Permission denied, please try again. >> >> 2015-08-01 22:02 GMT+02:00 Janelle <[email protected]>: >>> >>> What is in the logs on the machine that is failing? Can you login to >>> admin >>> from anywhere? Logs are you best friend. >>> Also, a simply "ssh -vvv" will help. >>> >>> ~J >>> >>> >>> On 8/1/15 12:51 PM, Matt . wrote: >>>> >>>> Hi, >>>> >>>> This didn't fix it yet. >>>> >>>> I wonder if there are any checks I can do as in the very past I was >>>> able to do a simple replica without any issues. >>>> >>>> Matt >>>> >>>> 2015-08-01 21:34 GMT+02:00 Janelle <[email protected]>: >>>>> >>>>> Double check you do not have "AllowGroups" set in your >>>>> /etc/ssh/sshd_config >>>>> file. If you do, add the "admins" group. >>>>> >>>>> Also, make sure on the master, that the /etc/nsswitch.conf was properly >>>>> updated. Several server installs I have done, have left off the "sss" >>>>> for >>>>> "passwd", "group" and "shadow". >>>>> >>>>> passwd: files sss >>>>> shadow: files sss >>>>> group: files sss >>>>> >>>>> I bet one of those will fix your problem. Restart sssd and/of sshd if >>>>> you >>>>> have to make changes. >>>>> >>>>> ~Janelle >>>>> >>>>> >>>>> >>>>> >>>>> On 8/1/15 10:13 AM, Matt . wrote: >>>>>> >>>>>> Hi Guys, >>>>>> >>>>>> I'm doing a replica install there my admin password for the SSH check >>>>>> to the master is not accepted. >>>>>> >>>>>> The password is not expired, I can use it on the GUI and even changing >>>>>> it in the GUI doesn't fix this. >>>>>> >>>>>> What can I check ? >>>>>> >>>>>> Cheers, >>>>>> >>>>>> Matt >>>>>> >
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
