On Thu, 2016-02-25 at 14:36 +0000, Terry John wrote:
> This turned out to be a setting in /etc/ssh/sshd_config which gets overridden
> by ipa-client-install. Needed to un-comment
> PasswordAuthentication yes
This is disabled because we enable ChallengeResponseAuthentication which
is a superset of PasswordAuthentication.
PasswordAuthentication can't deal with PAM prompts, it is a oneshot only
option (ie fails if PAM asks you to make a pasword change), while
ChallengeResponseAuthentication is the more modern method that properly
deals with PAM prompts.
You should prefer ChallengeResponseAuthentication over
> From: freeipa-users-boun...@redhat.com
> [mailto:freeipa-users-boun...@redhat.com] On Behalf Of Terry John
> Sent: 18 February 2016 11:41
> To: firstname.lastname@example.org
> Subject: [Freeipa-users] 14: No supported authentication methods available
> I have an AWS instance running Centos 6.7 correctly configured for freeipa
> but I needed to make a backup machine which would remain live.
> I created a clone of the machine and changed the host name and the settings
> in /etc/hosts. When I tried to run ipa-client-install it told me to run the
> uninstall which I did. This had the worrying effect of not being able to log
> into my original live server but thankfully after a while it came good. I
> don't know why.
> Back on the new server I ran 'ipa-client-install --enable-dns-updates
> -mkhomedir' and it seemed to run ok. The host was created on the freeipa GUI
> and I added it to the same host group as the original server. But when I try
> to log in via SSH I get the error 'No supported authentication methods
> available'. I do have root access via the AWS Key file.
> As far as I can tell all the relevant settings seem the same between the two
> servers but one works and the other doesn't. I can kinit and klist using my
> freeipa account. 'getent netgroup my-servergroup' works fine.
> I can't seem to find anything relevant in the sssd logs and /var/log/secure
> just give me the same error of no supported authentication methods available
> I have noticed in /var/log/messages when I restart sssd and error which may
> be relevant but can't find anything useful so far
> sssd[be[my.domain.net]]: dereference processing failed : Input/output error
> The Manheim group of companies within the UK comprises: Manheim Europe
> Limited (registered number: 03183918), Manheim Auctions Limited (registered
> number: 00448761), Manheim Retail Services Limited (registered number:
> 02838588), Motors.co.uk Limited (registered number: 05975777), Real Time
> Communications Limited (registered number: 04277845) and Complete Automotive
> Solutions Limited (registered number: 05302535). Each of these companies is
> registered in England and Wales with the registered office address of Central
> House, Leeds Road, Rothwell, Leeds LS26 0JE. The Manheim group of companies
> operates under various brand/trading names including Manheim Inspection
> Services, Manheim Auctions, Manheim Direct, Manheim De-fleet and Manheim
> Aftersales Solutions.
> Manage your subscription for the Freeipa-users mailing list:
> Go to http://freeipa.org for more info on the project
Simo Sorce * Red Hat, Inc * New York
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project