Hi, Do you need any other information ?
On Fri, Jan 6, 2017 at 12:51 PM, rajat gupta <[email protected]> wrote: > sssd.conf from the ilt-gif-ipa02 > > [root@ilt-gif-ipa02 ~]# cat /etc/sssd/sssd.conf > [domain/ipa.preprod.local] > > cache_credentials = True > krb5_store_password_if_offline = True > ipa_domain = ipa.preprod.local > id_provider = ipa > auth_provider = ipa > access_provider = ipa > ipa_hostname = ilt-gif-ipa02.ipa.preprod.local > chpass_provider = ipa > ipa_server = _srv_, ilt-gif-ipa01.ipa.preprod.local > ldap_tls_cacert = /etc/ipa/ca.crt > debug_level = 9 > > > [sssd] > default_domain_suffix = corp.corpcommon.com > services = nss, sudo, pam, ssh > debug_level = 9 > > > domains = ipa.preprod.local > [nss] > override_homedir = /home/%u > debug_level = 9 > > > > [pam] > debug_level = 9 > > > [sudo] > > [autofs] > > [ssh] > debug_level = 9 > > > [pac] > > [ifp] > > > On Fri, Jan 6, 2017 at 11:31 AM, rajat gupta <[email protected]> > wrote: > >> Hi, >> >> only few user are able to login. ipa ad-trust setup. >> >> ========================== >> Jan 6 10:48:36 ilt-gif-ipa02 sshd[22490]: reverse mapping checking >> getaddrinfo for ilp-noatun.man.cosng.net [146.213.128.135] failed - >> POSSIBLE BREAK-IN ATTEMPT! >> Jan 6 10:48:48 ilt-gif-ipa02 sshd[22490]: Invalid user et33015 from >> 146.213.128.135 >> Jan 6 10:48:48 ilt-gif-ipa02 sshd[22490]: input_userauth_request: >> invalid user et33015 [preauth] >> Jan 6 10:48:48 ilt-gif-ipa02 sshd[22490]: error: PAM: User not known to >> the underlying authentication module for illegal user et33015 from x.x.x.x >> Jan 6 10:48:48 ilt-gif-ipa02 sshd[22490]: Failed >> keyboard-interactive/pam for invalid user et33015 from x.x.x.x port 51270 >> ssh2 >> Jan 6 10:48:56 ilt-gif-ipa02 sshd[22490]: Failed password for invalid >> user et33015 from 146.213.128.135 port 51270 ssh2 >> Jan 6 10:49:00 ilt-gif-ipa02 sshd[22490]: Failed password for invalid >> user et33015 from 146.213.128.135 port 51270 ssh2 >> Jan 6 10:49:02 ilt-gif-ipa02 sshd[22490]: Failed password for invalid >> user et33015 from 146.213.128.135 port 51270 ssh2 >> Jan 6 10:49:32 ilt-gif-ipa02 sshd[22490]: Connection closed by x.x.x.x >> [preauth] >> ============================ >> >> ==================== >> (Fri Jan 6 10:48:48 2017) [sssd[be[ipa.preprod.local]]] >> [get_server_status] (0x1000): Status of server >> 'ilt-gif-ipa01.ipa.preprod.local' is 'working' >> (Fri Jan 6 10:48:48 2017) [sssd[be[ipa.preprod.local]]] >> [get_port_status] (0x1000): Port status of port 0 for server >> 'ilt-gif-ipa01.ipa.preprod.local' is 'not working' >> (Fri Jan 6 10:48:48 2017) [sssd[be[ipa.preprod.local]]] >> [fo_resolve_service_send] (0x0020): No available servers for service 'IPA' >> (Fri Jan 6 10:48:48 2017) [sssd[be[ipa.preprod.local]]] >> [be_resolve_server_done] (0x1000): Server resolution failed: [5]: >> Input/output error >> (Fri Jan 6 10:48:48 2017) [sssd[be[ipa.preprod.local]]] >> [sdap_id_op_connect_done] (0x0020): Failed to connect, going offline (5 >> [Input/output error]) >> (Fri Jan 6 10:48:48 2017) [sssd[be[ipa.preprod.local]]] >> [be_mark_offline] (0x2000): Going offline! >> (Fri Jan 6 10:48:48 2017) [sssd[be[ipa.preprod.local]]] >> [be_mark_offline] (0x2000): Initialize check_if_online_ptask. >> (Fri Jan 6 10:48:48 2017) [sssd[be[ipa.preprod.local]]] >> [be_ptask_create] (0x0400): Periodic task [Check if online (periodic)] was >> created >> (Fri Jan 6 10:48:48 2017) [sssd[be[ipa.preprod.local]]] >> [be_ptask_schedule] (0x0400): Task [Check if online (periodic)]: scheduling >> task 72 seconds from now [1483696200] >> (Fri Jan 6 10:48:48 2017) [sssd[be[ipa.preprod.local]]] >> [be_run_offline_cb] (0x0080): Going offline. Running callbacks >> >> i am able to getent and kinit for all of the AD user. but most of the >> user are not able to login via ssh /ad-password >> >> getent passwd et33015 >> [email protected]:*:1007629326:1007629326:Th Sub:/home/et33015: >> >> and >> >> kinit [email protected] >> >> >> >> -- >> >> *Rajat Gupta* >> > > > > -- > > *Rajat Gupta * > -- *Rajat Gupta *
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
