Hi,

Do you need any other information ?

On Fri, Jan 6, 2017 at 12:51 PM, rajat gupta <rajat.li...@gmail.com> wrote:

> sssd.conf from the ilt-gif-ipa02
>
> [root@ilt-gif-ipa02 ~]# cat /etc/sssd/sssd.conf
> [domain/ipa.preprod.local]
>
> cache_credentials = True
> krb5_store_password_if_offline = True
> ipa_domain = ipa.preprod.local
> id_provider = ipa
> auth_provider = ipa
> access_provider = ipa
> ipa_hostname = ilt-gif-ipa02.ipa.preprod.local
> chpass_provider = ipa
> ipa_server = _srv_, ilt-gif-ipa01.ipa.preprod.local
> ldap_tls_cacert = /etc/ipa/ca.crt
> debug_level = 9
>
>
> [sssd]
> default_domain_suffix = corp.corpcommon.com
> services = nss, sudo, pam, ssh
> debug_level = 9
>
>
> domains = ipa.preprod.local
> [nss]
> override_homedir = /home/%u
> debug_level = 9
>
>
>
> [pam]
> debug_level = 9
>
>
> [sudo]
>
> [autofs]
>
> [ssh]
> debug_level = 9
>
>
> [pac]
>
> [ifp]
>
>
> On Fri, Jan 6, 2017 at 11:31 AM, rajat gupta <rajat.li...@gmail.com>
> wrote:
>
>> Hi,
>>
>> only few user are able to login. ipa ad-trust setup.
>>
>> ==========================
>> Jan  6 10:48:36 ilt-gif-ipa02 sshd[22490]: reverse mapping checking
>> getaddrinfo for ilp-noatun.man.cosng.net [146.213.128.135] failed -
>> POSSIBLE BREAK-IN ATTEMPT!
>> Jan  6 10:48:48 ilt-gif-ipa02 sshd[22490]: Invalid user et33015 from
>> 146.213.128.135
>> Jan  6 10:48:48 ilt-gif-ipa02 sshd[22490]: input_userauth_request:
>> invalid user et33015 [preauth]
>> Jan  6 10:48:48 ilt-gif-ipa02 sshd[22490]: error: PAM: User not known to
>> the underlying authentication module for illegal user et33015 from x.x.x.x
>> Jan  6 10:48:48 ilt-gif-ipa02 sshd[22490]: Failed
>> keyboard-interactive/pam for invalid user et33015 from x.x.x.x port 51270
>> ssh2
>> Jan  6 10:48:56 ilt-gif-ipa02 sshd[22490]: Failed password for invalid
>> user et33015 from 146.213.128.135 port 51270 ssh2
>> Jan  6 10:49:00 ilt-gif-ipa02 sshd[22490]: Failed password for invalid
>> user et33015 from 146.213.128.135 port 51270 ssh2
>> Jan  6 10:49:02 ilt-gif-ipa02 sshd[22490]: Failed password for invalid
>> user et33015 from 146.213.128.135 port 51270 ssh2
>> Jan  6 10:49:32 ilt-gif-ipa02 sshd[22490]: Connection closed by x.x.x.x
>> [preauth]
>> ============================
>>
>> ====================
>> (Fri Jan  6 10:48:48 2017) [sssd[be[ipa.preprod.local]]]
>> [get_server_status] (0x1000): Status of server
>> 'ilt-gif-ipa01.ipa.preprod.local' is 'working'
>> (Fri Jan  6 10:48:48 2017) [sssd[be[ipa.preprod.local]]]
>> [get_port_status] (0x1000): Port status of port 0 for server
>> 'ilt-gif-ipa01.ipa.preprod.local' is 'not working'
>> (Fri Jan  6 10:48:48 2017) [sssd[be[ipa.preprod.local]]]
>> [fo_resolve_service_send] (0x0020): No available servers for service 'IPA'
>> (Fri Jan  6 10:48:48 2017) [sssd[be[ipa.preprod.local]]]
>> [be_resolve_server_done] (0x1000): Server resolution failed: [5]:
>> Input/output error
>> (Fri Jan  6 10:48:48 2017) [sssd[be[ipa.preprod.local]]]
>> [sdap_id_op_connect_done] (0x0020): Failed to connect, going offline (5
>> [Input/output error])
>> (Fri Jan  6 10:48:48 2017) [sssd[be[ipa.preprod.local]]]
>> [be_mark_offline] (0x2000): Going offline!
>> (Fri Jan  6 10:48:48 2017) [sssd[be[ipa.preprod.local]]]
>> [be_mark_offline] (0x2000): Initialize check_if_online_ptask.
>> (Fri Jan  6 10:48:48 2017) [sssd[be[ipa.preprod.local]]]
>> [be_ptask_create] (0x0400): Periodic task [Check if online (periodic)] was
>> created
>> (Fri Jan  6 10:48:48 2017) [sssd[be[ipa.preprod.local]]]
>> [be_ptask_schedule] (0x0400): Task [Check if online (periodic)]: scheduling
>> task 72 seconds from now [1483696200]
>> (Fri Jan  6 10:48:48 2017) [sssd[be[ipa.preprod.local]]]
>> [be_run_offline_cb] (0x0080): Going offline. Running callbacks
>>
>> i am able to getent and  kinit for all of the AD user. but most of the
>> user are not able to login via ssh /ad-password
>>
>> getent passwd  et33015
>> et33...@corp.corpcommon.com:*:1007629326:1007629326:Th Sub:/home/et33015:
>>
>> and
>>
>> kinit et33...@corp.corpcommon.com
>>
>>
>>
>> --
>>
>> *Rajat Gupta*
>>
>
>
>
> --
>
> *Rajat Gupta *
>



-- 

*Rajat Gupta *
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to