> ^^^^^^^^^^^^^^^^ > This usually mean critical error in sssd. > Please provide log files (sssd_$domain.log and krb5_child.log)
I found this in my sssd-$domain.log [krb5_auth_prepare_ccache_name] (0x1000): No ccache file for user [tempuser] found so searching around I found that the permissions for the /tmp directory should be 777.. setting it to 777 fixed the issue for me.. Thanks, Rakesh On Fri, Feb 19, 2016 at 1:08 PM, Lukas Slebodnik <[email protected]> wrote: > On (18/02/16 18:41), Rakesh Rajasekharan wrote: > >I set up freeipa on our environment and its works perfectly for most of > the > >hosts.. but on few I am getting a permission denied. > > > >[root@ipa-client-1c :~] ssh tempuser@localhost > >tempuser@localhost's password: > >Permission denied, please try again. > >tempuser@localhost's password: > > > > > > > > > >I checked the hbac, but that seems to be fine > > > >root@ipa-master-test-1b ] ipa hbactest --user=tempuser --host=x.x.x.x > >--service=sshd > >-------------------- > >Access granted: True > >-------------------- > > Matched rules: allow_all > > > > > >Another thing I noticed is the nsswitch.conf had the below entries after > >the freeipa installation > >passwd: files sss ldap > >shadow: files sss ldap > >group: files sss ldap > > > >hosts: files dns > > > > > >bootparams: nisplus [NOTFOUND=return] files > > > >ethers: files > >netmasks: files > >networks: files > >protocols: files > >rpc: files > >services: files sss > > > >netgroup: files sss ldap > > > >publickey: nisplus > > > >automount: files ldap > >aliases: files nisplus > > > >sudoers: files sss > > > > > >The ldap shouldn't be there above I guess.. > > > >and from the logs, i have the below errors > > > >==> /var/log/secure <== > >Feb 18 03:29:33 ip-x-x-x-x sshd[24851]: pam_unix(sshd:auth): > authentication > >failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=x.x.x.x user=tempuser > >Feb 18 03:29:33 ip-x-x-x-x sshd[24851]: pam_sss(sshd:auth): authentication > >failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=x.x.x.x user=tempuser > >Feb 18 03:29:33 ip-x-x-x-x sshd[24851]: pam_sss(sshd:auth): received for > >user tempuser: 4 (System error) > ^^^^^^^^^^^^^^^^ > This usually mean critical error in sssd. > Please provide log files (sssd_$domain.log and krb5_child.log) > with high debug level. > https://fedorahosted.org/sssd/wiki/Troubleshooting > > Whis version of sssd do you have? > > LS >
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
