Any suggestion please. *Best Regards,*
*__________________________________________* *Yogesh Sharma* *Email: yks0...@gmail.com <yks0...@gmail.com> | Web: www.initd.in <http://www.initd.in/> * *RHCE, VCE-CIA, RACKSPACE CLOUD U Certified* <https://www.fb.com/yks0000> <http://in.linkedin.com/in/yks0000> <https://twitter.com/checkwithyogesh> <http://google.com/+YogeshSharmaOnGooglePlus> On Wed, Aug 19, 2015 at 1:37 PM, Yogesh Sharma <yks0...@gmail.com> wrote: > Re-Enrolling the server has fixed it, but what has caused this, is still > an issue. > > *Best Regards,* > > *__________________________________________* > > *Yogesh Sharma* > *Email: yks0...@gmail.com <yks0...@gmail.com> | Web: www.initd.in > <http://www.initd.in/> * > > *RHCE, VCE-CIA, RACKSPACE CLOUD U Certified* > > <https://www.fb.com/yks0000> <http://in.linkedin.com/in/yks0000> > <https://twitter.com/checkwithyogesh> > <http://google.com/+YogeshSharmaOnGooglePlus> > > On Wed, Aug 19, 2015 at 1:23 AM, Yogesh Sharma <yks0...@gmail.com> wrote: > >> Majority of sssd logs are filled with below error: >> >> (Wed Aug 19 01:22:24 2015) [sssd[be[klikpay.int]]] >> [sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not parse >> domain SID from [(null)] >> (Wed Aug 19 01:22:24 2015) [sssd[be[klikpay.int]]] >> [sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not parse >> domain SID from [(null)] >> (Wed Aug 19 01:22:24 2015) [sssd[be[klikpay.int]]] >> [sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not parse >> domain SID from [(null)] >> >> >> *Best Regards,* >> >> *__________________________________________* >> >> *Yogesh Sharma* >> *Email: yks0...@gmail.com <yks0...@gmail.com> | Web: www.initd.in >> <http://www.initd.in/> * >> >> *RHCE, VCE-CIA, RACKSPACE CLOUD U Certified* >> >> <https://www.fb.com/yks0000> <http://in.linkedin.com/in/yks0000> >> <https://twitter.com/checkwithyogesh> >> <http://google.com/+YogeshSharmaOnGooglePlus> >> >> On Wed, Aug 19, 2015 at 12:44 AM, Yogesh Sharma <yks0...@gmail.com> >> wrote: >> >>> Team. >>> >>> We are using public key authentication instead of password. It was >>> working fine but a day latter it has stopped working. The same key is >>> working for if change the username. >>> >>> For eg: >>> >>> Initially we created a user - ipa1 with ssh public key, but after >>> sometime it has stopped working, now the same key is working if we create >>> ipa2 user but with ipa1 user it fail to accept the keys. >>> >>> >>> >>> Below are ssh logs of failed attempt: >>> >>> root@yogesh-ubuntu-pc:/home/yogesh# ssh -i /root/.ssh/id_rsa >>> vg4381@172.16.32.24 -vv >>> OpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014 >>> debug1: Reading configuration data /etc/ssh/ssh_config >>> debug1: /etc/ssh/ssh_config line 19: Applying options for * >>> debug2: ssh_connect: needpriv 0 >>> debug1: Connecting to 172.16.32.24 [172.16.32.24] port 22. >>> debug1: Connection established. >>> debug1: permanently_set_uid: 0/0 >>> debug1: identity file /root/.ssh/id_rsa type 1 >>> debug1: identity file /root/.ssh/id_rsa-cert type -1 >>> debug1: Enabling compatibility mode for protocol 2.0 >>> debug1: Local version string SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.2 >>> debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3 >>> debug1: match: OpenSSH_5.3 pat OpenSSH_5* compat 0x0c000000 >>> debug2: fd 3 setting O_NONBLOCK >>> debug1: SSH2_MSG_KEXINIT sent >>> debug1: SSH2_MSG_KEXINIT received >>> debug2: kex_parse_kexinit: curve25519-sha...@libssh.org >>> ,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 >>> debug2: kex_parse_kexinit: ssh-rsa-cert-...@openssh.com, >>> ssh-rsa-cert-...@openssh.com,ssh-rsa, >>> ecdsa-sha2-nistp256-cert-...@openssh.com, >>> ecdsa-sha2-nistp384-cert-...@openssh.com, >>> ecdsa-sha2-nistp521-cert-...@openssh.com, >>> ssh-ed25519-cert-...@openssh.com,ssh-dss-cert-...@openssh.com, >>> ssh-dss-cert-...@openssh.com >>> ,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,ssh-dss >>> debug2: kex_parse_kexinit: >>> aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128, >>> aes128-...@openssh.com,aes256-...@openssh.com, >>> chacha20-poly1...@openssh.com >>> ,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour, >>> rijndael-...@lysator.liu.se >>> debug2: kex_parse_kexinit: >>> aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128, >>> aes128-...@openssh.com,aes256-...@openssh.com, >>> chacha20-poly1...@openssh.com >>> ,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour, >>> rijndael-...@lysator.liu.se >>> debug2: kex_parse_kexinit: hmac-md5-...@openssh.com, >>> hmac-sha1-...@openssh.com,umac-64-...@openssh.com, >>> umac-128-...@openssh.com,hmac-sha2-256-...@openssh.com, >>> hmac-sha2-512-...@openssh.com,hmac-ripemd160-...@openssh.com, >>> hmac-sha1-96-...@openssh.com,hmac-md5-96-...@openssh.com >>> ,hmac-md5,hmac-sha1,umac...@openssh.com,umac-...@openssh.com >>> ,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd...@openssh.com >>> ,hmac-sha1-96,hmac-md5-96 >>> debug2: kex_parse_kexinit: hmac-md5-...@openssh.com, >>> hmac-sha1-...@openssh.com,umac-64-...@openssh.com, >>> umac-128-...@openssh.com,hmac-sha2-256-...@openssh.com, >>> hmac-sha2-512-...@openssh.com,hmac-ripemd160-...@openssh.com, >>> hmac-sha1-96-...@openssh.com,hmac-md5-96-...@openssh.com >>> ,hmac-md5,hmac-sha1,umac...@openssh.com,umac-...@openssh.com >>> ,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd...@openssh.com >>> ,hmac-sha1-96,hmac-md5-96 >>> debug2: kex_parse_kexinit: none,z...@openssh.com,zlib >>> debug2: kex_parse_kexinit: none,z...@openssh.com,zlib >>> debug2: kex_parse_kexinit: >>> debug2: kex_parse_kexinit: >>> debug2: kex_parse_kexinit: first_kex_follows 0 >>> debug2: kex_parse_kexinit: reserved 0 >>> debug2: kex_parse_kexinit: >>> diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 >>> debug2: kex_parse_kexinit: ssh-rsa,ssh-dss >>> debug2: kex_parse_kexinit: >>> aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour, >>> rijndael-...@lysator.liu.se >>> debug2: kex_parse_kexinit: >>> aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour, >>> rijndael-...@lysator.liu.se >>> debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac...@openssh.com >>> ,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd...@openssh.com >>> ,hmac-sha1-96,hmac-md5-96 >>> debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac...@openssh.com >>> ,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd...@openssh.com >>> ,hmac-sha1-96,hmac-md5-96 >>> debug2: kex_parse_kexinit: none,z...@openssh.com >>> debug2: kex_parse_kexinit: none,z...@openssh.com >>> debug2: kex_parse_kexinit: >>> debug2: kex_parse_kexinit: >>> debug2: kex_parse_kexinit: first_kex_follows 0 >>> debug2: kex_parse_kexinit: reserved 0 >>> debug2: mac_setup: setup hmac-md5 >>> debug1: kex: server->client aes128-ctr hmac-md5 none >>> debug2: mac_setup: setup hmac-md5 >>> debug1: kex: client->server aes128-ctr hmac-md5 none >>> debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<3072<8192) sent >>> debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP >>> debug2: bits set: 1554/3072 >>> debug1: SSH2_MSG_KEX_DH_GEX_INIT sent >>> debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY >>> debug1: Server host key: RSA >>> 78:1f:15:bf:d3:fb:1a:49:44:8c:3a:28:b0:1f:6b:15 >>> debug1: Host '172.16.32.24' is known and matches the RSA host key. >>> debug1: Found key in /root/.ssh/known_hosts:2258 >>> debug2: bits set: 1553/3072 >>> debug1: ssh_rsa_verify: signature correct >>> debug2: kex_derive_keys >>> debug2: set_newkeys: mode 1 >>> debug1: SSH2_MSG_NEWKEYS sent >>> debug1: expecting SSH2_MSG_NEWKEYS >>> debug2: set_newkeys: mode 0 >>> debug1: SSH2_MSG_NEWKEYS received >>> debug1: Roaming not allowed by server >>> debug1: SSH2_MSG_SERVICE_REQUEST sent >>> debug2: service_accept: ssh-userauth >>> debug1: SSH2_MSG_SERVICE_ACCEPT received >>> debug2: key: /root/.ssh/id_rsa (0x7f646fa5b830), explicit >>> debug1: Authentications that can continue: >>> publickey,gssapi-keyex,gssapi-with-mic,password >>> debug1: Next authentication method: gssapi-keyex >>> debug1: No valid Key exchange context >>> debug2: we did not send a packet, disable method >>> debug1: Next authentication method: gssapi-with-mic >>> debug1: Unspecified GSS failure. Minor code may provide more information >>> No Kerberos credentials available >>> >>> debug1: Unspecified GSS failure. Minor code may provide more information >>> No Kerberos credentials available >>> >>> debug1: Unspecified GSS failure. Minor code may provide more information >>> >>> >>> debug1: Unspecified GSS failure. Minor code may provide more information >>> No Kerberos credentials available >>> >>> debug2: we did not send a packet, disable method >>> debug1: Next authentication method: publickey >>> debug1: Offering RSA public key: /root/.ssh/id_rsa >>> debug2: we sent a publickey packet, wait for reply >>> debug1: Authentications that can continue: >>> publickey,gssapi-keyex,gssapi-with-mic,password >>> debug2: we did not send a packet, disable method >>> debug1: Next authentication method: password >>> >>> *Best Regards,* >>> >>> *__________________________________________* >>> >>> *Yogesh Sharma* >>> *Email: yks0...@gmail.com <yks0...@gmail.com> | Web: www.initd.in >>> <http://www.initd.in/> * >>> >>> *RHCE, VCE-CIA, RACKSPACE CLOUD U Certified* >>> >>> <https://www.fb.com/yks0000> <http://in.linkedin.com/in/yks0000> >>> <https://twitter.com/checkwithyogesh> >>> <http://google.com/+YogeshSharmaOnGooglePlus> >>> >> >> >
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project