Sorry I thought I had pasted these previously: What other logs do I need to add (maybe from the IPA server)?
Client system's /var/log/secure: Sep 13 19:12:33 il10-app-xfs udcs: pam_unix(login:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=il10web Sep 13 19:12:33 il10-app-xfs udcs: pam_sss(login:auth): authentication success; logname= uid=0 euid=0 tty= ruser= rhost= user=il10web Sep 13 19:18:11 il10-app-xfs udcs: pam_unix(login:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=il10web Sep 13 19:18:11 il10-app-xfs udcs: pam_sss(login:auth): authentication success; logname= uid=0 euid=0 tty= ruser= rhost= user=il10web Sep 13 19:22:52 il10-app-xfs udcs: pam_unix(login:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=il10web Sep 13 19:22:53 il10-app-xfs udcs: pam_sss(login:auth): authentication success; logname= uid=0 euid=0 tty= ruser= rhost= user=il10web Sep 13 19:23:49 il10-app-xfs udcs: pam_unix(login:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=il10web Sep 13 19:23:49 il10-app-xfs udcs: pam_sss(login:auth): authentication success; logname= uid=0 euid=0 tty= ruser= rhost= user=il10web Sep 13 19:28:24 il10-app-xfs udcs: pam_unix(login:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=il10web Sep 13 19:28:24 il10-app-xfs udcs: pam_sss(login:auth): authentication success; logname= uid=0 euid=0 tty= ruser= rhost= user=il10web Sep 13 19:29:27 il10-app-xfs udcs: pam_unix(login:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=il10web Sep 13 19:29:27 il10-app-xfs udcs: pam_sss(login:auth): authentication success; logname= uid=0 euid=0 tty= ruser= rhost= user=il10web -----Original Message----- From: Rob Crittenden [mailto:rcrit...@redhat.com] Sent: Friday, September 16, 2016 1:39 PM To: Larry Rosen <larry.ro...@jdrsolutions.com>; freeipa-users@redhat.com Subject: Re: [Freeipa-users] login auth fails then success Larry Rosen wrote: > We have a web app that logs in using a service (automated login user, > non-expiring, non-failure count) account that leaves these log entries > all day long. This does not appear to cause any problems, it just make > my logs grow unnecessarily and creates a lot of "noise" in the log. > > Any ideas why it initially fails and then works?** Logs where? Can we see them? rob -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
