Majority of sssd logs are filled with below error: (Wed Aug 19 01:22:24 2015) [sssd[be[klikpay.int]]] [sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not parse domain SID from [(null)] (Wed Aug 19 01:22:24 2015) [sssd[be[klikpay.int]]] [sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not parse domain SID from [(null)] (Wed Aug 19 01:22:24 2015) [sssd[be[klikpay.int]]] [sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not parse domain SID from [(null)]
*Best Regards,* *__________________________________________* *Yogesh Sharma* *Email: yks0...@gmail.com <yks0...@gmail.com> | Web: www.initd.in <http://www.initd.in/> * *RHCE, VCE-CIA, RACKSPACE CLOUD U Certified* <https://www.fb.com/yks0000> <http://in.linkedin.com/in/yks0000> <https://twitter.com/checkwithyogesh> <http://google.com/+YogeshSharmaOnGooglePlus> On Wed, Aug 19, 2015 at 12:44 AM, Yogesh Sharma <yks0...@gmail.com> wrote: > Team. > > We are using public key authentication instead of password. It was working > fine but a day latter it has stopped working. The same key is working for > if change the username. > > For eg: > > Initially we created a user - ipa1 with ssh public key, but after sometime > it has stopped working, now the same key is working if we create ipa2 user > but with ipa1 user it fail to accept the keys. > > > > Below are ssh logs of failed attempt: > > root@yogesh-ubuntu-pc:/home/yogesh# ssh -i /root/.ssh/id_rsa > vg4381@172.16.32.24 -vv > OpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014 > debug1: Reading configuration data /etc/ssh/ssh_config > debug1: /etc/ssh/ssh_config line 19: Applying options for * > debug2: ssh_connect: needpriv 0 > debug1: Connecting to 172.16.32.24 [172.16.32.24] port 22. > debug1: Connection established. > debug1: permanently_set_uid: 0/0 > debug1: identity file /root/.ssh/id_rsa type 1 > debug1: identity file /root/.ssh/id_rsa-cert type -1 > debug1: Enabling compatibility mode for protocol 2.0 > debug1: Local version string SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.2 > debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3 > debug1: match: OpenSSH_5.3 pat OpenSSH_5* compat 0x0c000000 > debug2: fd 3 setting O_NONBLOCK > debug1: SSH2_MSG_KEXINIT sent > debug1: SSH2_MSG_KEXINIT received > debug2: kex_parse_kexinit: curve25519-sha...@libssh.org > ,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 > debug2: kex_parse_kexinit: ssh-rsa-cert-...@openssh.com, > ssh-rsa-cert-...@openssh.com,ssh-rsa, > ecdsa-sha2-nistp256-cert-...@openssh.com, > ecdsa-sha2-nistp384-cert-...@openssh.com, > ecdsa-sha2-nistp521-cert-...@openssh.com,ssh-ed25519-cert-...@openssh.com, > ssh-dss-cert-...@openssh.com,ssh-dss-cert-...@openssh.com > ,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,ssh-dss > debug2: kex_parse_kexinit: > aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128, > aes128-...@openssh.com,aes256-...@openssh.com, > chacha20-poly1...@openssh.com > ,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour, > rijndael-...@lysator.liu.se > debug2: kex_parse_kexinit: > aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128, > aes128-...@openssh.com,aes256-...@openssh.com, > chacha20-poly1...@openssh.com > ,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour, > rijndael-...@lysator.liu.se > debug2: kex_parse_kexinit: hmac-md5-...@openssh.com, > hmac-sha1-...@openssh.com,umac-64-...@openssh.com,umac-128-...@openssh.com > ,hmac-sha2-256-...@openssh.com,hmac-sha2-512-...@openssh.com, > hmac-ripemd160-...@openssh.com,hmac-sha1-96-...@openssh.com, > hmac-md5-96-...@openssh.com,hmac-md5,hmac-sha1,umac...@openssh.com, > umac-...@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160, > hmac-ripemd...@openssh.com,hmac-sha1-96,hmac-md5-96 > debug2: kex_parse_kexinit: hmac-md5-...@openssh.com, > hmac-sha1-...@openssh.com,umac-64-...@openssh.com,umac-128-...@openssh.com > ,hmac-sha2-256-...@openssh.com,hmac-sha2-512-...@openssh.com, > hmac-ripemd160-...@openssh.com,hmac-sha1-96-...@openssh.com, > hmac-md5-96-...@openssh.com,hmac-md5,hmac-sha1,umac...@openssh.com, > umac-...@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160, > hmac-ripemd...@openssh.com,hmac-sha1-96,hmac-md5-96 > debug2: kex_parse_kexinit: none,z...@openssh.com,zlib > debug2: kex_parse_kexinit: none,z...@openssh.com,zlib > debug2: kex_parse_kexinit: > debug2: kex_parse_kexinit: > debug2: kex_parse_kexinit: first_kex_follows 0 > debug2: kex_parse_kexinit: reserved 0 > debug2: kex_parse_kexinit: > diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 > debug2: kex_parse_kexinit: ssh-rsa,ssh-dss > debug2: kex_parse_kexinit: > aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour, > rijndael-...@lysator.liu.se > debug2: kex_parse_kexinit: > aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour, > rijndael-...@lysator.liu.se > debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac...@openssh.com > ,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd...@openssh.com > ,hmac-sha1-96,hmac-md5-96 > debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac...@openssh.com > ,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd...@openssh.com > ,hmac-sha1-96,hmac-md5-96 > debug2: kex_parse_kexinit: none,z...@openssh.com > debug2: kex_parse_kexinit: none,z...@openssh.com > debug2: kex_parse_kexinit: > debug2: kex_parse_kexinit: > debug2: kex_parse_kexinit: first_kex_follows 0 > debug2: kex_parse_kexinit: reserved 0 > debug2: mac_setup: setup hmac-md5 > debug1: kex: server->client aes128-ctr hmac-md5 none > debug2: mac_setup: setup hmac-md5 > debug1: kex: client->server aes128-ctr hmac-md5 none > debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<3072<8192) sent > debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP > debug2: bits set: 1554/3072 > debug1: SSH2_MSG_KEX_DH_GEX_INIT sent > debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY > debug1: Server host key: RSA > 78:1f:15:bf:d3:fb:1a:49:44:8c:3a:28:b0:1f:6b:15 > debug1: Host '172.16.32.24' is known and matches the RSA host key. > debug1: Found key in /root/.ssh/known_hosts:2258 > debug2: bits set: 1553/3072 > debug1: ssh_rsa_verify: signature correct > debug2: kex_derive_keys > debug2: set_newkeys: mode 1 > debug1: SSH2_MSG_NEWKEYS sent > debug1: expecting SSH2_MSG_NEWKEYS > debug2: set_newkeys: mode 0 > debug1: SSH2_MSG_NEWKEYS received > debug1: Roaming not allowed by server > debug1: SSH2_MSG_SERVICE_REQUEST sent > debug2: service_accept: ssh-userauth > debug1: SSH2_MSG_SERVICE_ACCEPT received > debug2: key: /root/.ssh/id_rsa (0x7f646fa5b830), explicit > debug1: Authentications that can continue: > publickey,gssapi-keyex,gssapi-with-mic,password > debug1: Next authentication method: gssapi-keyex > debug1: No valid Key exchange context > debug2: we did not send a packet, disable method > debug1: Next authentication method: gssapi-with-mic > debug1: Unspecified GSS failure. Minor code may provide more information > No Kerberos credentials available > > debug1: Unspecified GSS failure. Minor code may provide more information > No Kerberos credentials available > > debug1: Unspecified GSS failure. Minor code may provide more information > > > debug1: Unspecified GSS failure. Minor code may provide more information > No Kerberos credentials available > > debug2: we did not send a packet, disable method > debug1: Next authentication method: publickey > debug1: Offering RSA public key: /root/.ssh/id_rsa > debug2: we sent a publickey packet, wait for reply > debug1: Authentications that can continue: > publickey,gssapi-keyex,gssapi-with-mic,password > debug2: we did not send a packet, disable method > debug1: Next authentication method: password > > *Best Regards,* > > *__________________________________________* > > *Yogesh Sharma* > *Email: yks0...@gmail.com <yks0...@gmail.com> | Web: www.initd.in > <http://www.initd.in/> * > > *RHCE, VCE-CIA, RACKSPACE CLOUD U Certified* > > <https://www.fb.com/yks0000> <http://in.linkedin.com/in/yks0000> > <https://twitter.com/checkwithyogesh> > <http://google.com/+YogeshSharmaOnGooglePlus> >
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project