few user are able to login. ipa ad-trust setup. ========================== Jan 6 10:48:36 ilt-gif-ipa02 sshd[22490]: reverse mapping checking getaddrinfo for ilp-noatun.man.cosng.net [146.213.128.135] failed - POSSIBLE BREAK-IN ATTEMPT! Jan 6 10:48:48 ilt-gif-ipa02 sshd[22490]: Invalid user et33015 from x.x.x.x Jan 6 10:48:48 ilt-gif-ipa02 sshd[22490]: input_userauth_request: invalid user et33015 [preauth] Jan 6 10:48:48 ilt-gif-ipa02 sshd[22490]: error: PAM: User not known to the underlying authentication module for illegal user et33015 from x.x.x.x Jan 6 10:48:48 ilt-gif-ipa02 sshd[22490]: Failed keyboard-interactive/pam for invalid user et33015 from x.x.x.x port 51270 ssh2 Jan 6 10:48:56 ilt-gif-ipa02 sshd[22490]: Failed password for invalid user et33015 from 146.213.128.135 port 51270 ssh2 Jan 6 10:49:00 ilt-gif-ipa02 sshd[22490]: Failed password for invalid user et33015 from 146.213.128.135 port 51270 ssh2 Jan 6 10:49:02 ilt-gif-ipa02 sshd[22490]: Failed password for invalid user et33015 from 146.213.128.135 port 51270 ssh2 Jan 6 10:49:32 ilt-gif-ipa02 sshd[22490]: Connection closed by x.x.x.x [preauth] ============================
==================== (Fri Jan 6 10:48:48 2017) [sssd[be[ipa.preprod.local]]] [get_server_status] (0x1000): Status of server 'ilt-gif-ipa01.ipa.preprod.local' is 'working' (Fri Jan 6 10:48:48 2017) [sssd[be[ipa.preprod.local]]] [get_port_status] (0x1000): Port status of port 0 for server 'ilt-gif-ipa01.ipa.preprod.local' is 'not working' (Fri Jan 6 10:48:48 2017) [sssd[be[ipa.preprod.local]]] [fo_resolve_service_send] (0x0020): No available servers for service 'IPA' (Fri Jan 6 10:48:48 2017) [sssd[be[ipa.preprod.local]]] [be_resolve_server_done] (0x1000): Server resolution failed: [5]: Input/output error (Fri Jan 6 10:48:48 2017) [sssd[be[ipa.preprod.local]]] [sdap_id_op_connect_done] (0x0020): Failed to connect, going offline (5 [Input/output error]) (Fri Jan 6 10:48:48 2017) [sssd[be[ipa.preprod.local]]] [be_mark_offline] (0x2000): Going offline! (Fri Jan 6 10:48:48 2017) [sssd[be[ipa.preprod.local]]] [be_mark_offline] (0x2000): Initialize check_if_online_ptask. (Fri Jan 6 10:48:48 2017) [sssd[be[ipa.preprod.local]]] [be_ptask_create] (0x0400): Periodic task [Check if online (periodic)] was created (Fri Jan 6 10:48:48 2017) [sssd[be[ipa.preprod.local]]] [be_ptask_schedule] (0x0400): Task [Check if online (periodic)]: scheduling task 72 seconds from now [1483696200] (Fri Jan 6 10:48:48 2017) [sssd[be[ipa.preprod.local]]] [be_run_offline_cb] (0x0080): Going offline. Running callbacks ================= cat /etc/sssd/sssd.conf [domain/ipa.preprod.local] cache_credentials = True krb5_store_password_if_offline = True ipa_domain = ipa.preprod.local id_provider = ipa auth_provider = ipa access_provider = ipa ipa_hostname = ilt-gif-ipa02.ipa.preprod.local chpass_provider = ipa ipa_server = _srv_, ilt-gif-ipa01.ipa.preprod.local ldap_tls_cacert = /etc/ipa/ca.crt debug_level = 9 [sssd] default_domain_suffix = corp.corpcommon.com services = nss, sudo, pam, ssh debug_level = 9 domains = ipa.preprod.local [nss] override_homedir = /home/%u debug_level = 9 [pam] debug_level = 9 [sudo] [autofs] [ssh] debug_level = 9 [pac] [ifp] =============== i am able to getent and kinit for all of the AD user. but most of the user are not able to login via ssh /ad-password getent passwd et33015 [email protected]:*:1007629326:1007629326:Th Sub:/home/et33015: and kinit [email protected] <http://corp.corpcommon.com/>
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
