few user are able to login. ipa ad-trust setup.

==========================
Jan  6 10:48:36 ilt-gif-ipa02 sshd[22490]: reverse mapping checking
getaddrinfo for ilp-noatun.man.cosng.net [146.213.128.135] failed -
POSSIBLE BREAK-IN ATTEMPT!
Jan  6 10:48:48 ilt-gif-ipa02 sshd[22490]: Invalid user et33015 from x.x.x.x
Jan  6 10:48:48 ilt-gif-ipa02 sshd[22490]: input_userauth_request: invalid
user et33015 [preauth]
Jan  6 10:48:48 ilt-gif-ipa02 sshd[22490]: error: PAM: User not known to
the underlying authentication module for illegal user et33015 from x.x.x.x
Jan  6 10:48:48 ilt-gif-ipa02 sshd[22490]: Failed keyboard-interactive/pam
for invalid user et33015 from x.x.x.x port 51270 ssh2
Jan  6 10:48:56 ilt-gif-ipa02 sshd[22490]: Failed password for invalid user
et33015 from 146.213.128.135 port 51270 ssh2
Jan  6 10:49:00 ilt-gif-ipa02 sshd[22490]: Failed password for invalid user
et33015 from 146.213.128.135 port 51270 ssh2
Jan  6 10:49:02 ilt-gif-ipa02 sshd[22490]: Failed password for invalid user
et33015 from 146.213.128.135 port 51270 ssh2
Jan  6 10:49:32 ilt-gif-ipa02 sshd[22490]: Connection closed by x.x.x.x
[preauth]
============================

====================
(Fri Jan  6 10:48:48 2017) [sssd[be[ipa.preprod.local]]]
[get_server_status] (0x1000): Status of server
'ilt-gif-ipa01.ipa.preprod.local' is 'working'
(Fri Jan  6 10:48:48 2017) [sssd[be[ipa.preprod.local]]] [get_port_status]
(0x1000): Port status of port 0 for server 'ilt-gif-ipa01.ipa.preprod.local'
is 'not working'
(Fri Jan  6 10:48:48 2017) [sssd[be[ipa.preprod.local]]]
[fo_resolve_service_send] (0x0020): No available servers for service 'IPA'
(Fri Jan  6 10:48:48 2017) [sssd[be[ipa.preprod.local]]]
[be_resolve_server_done] (0x1000): Server resolution failed: [5]:
Input/output error
(Fri Jan  6 10:48:48 2017) [sssd[be[ipa.preprod.local]]]
[sdap_id_op_connect_done] (0x0020): Failed to connect, going offline (5
[Input/output error])
(Fri Jan  6 10:48:48 2017) [sssd[be[ipa.preprod.local]]] [be_mark_offline]
(0x2000): Going offline!
(Fri Jan  6 10:48:48 2017) [sssd[be[ipa.preprod.local]]] [be_mark_offline]
(0x2000): Initialize check_if_online_ptask.
(Fri Jan  6 10:48:48 2017) [sssd[be[ipa.preprod.local]]] [be_ptask_create]
(0x0400): Periodic task [Check if online (periodic)] was created
(Fri Jan  6 10:48:48 2017) [sssd[be[ipa.preprod.local]]]
[be_ptask_schedule] (0x0400): Task [Check if online (periodic)]: scheduling
task 72 seconds from now [1483696200]
(Fri Jan  6 10:48:48 2017) [sssd[be[ipa.preprod.local]]]
[be_run_offline_cb] (0x0080): Going offline. Running callbacks

=================

cat /etc/sssd/sssd.conf
[domain/ipa.preprod.local]

cache_credentials = True
krb5_store_password_if_offline = True
ipa_domain = ipa.preprod.local
id_provider = ipa
auth_provider = ipa
access_provider = ipa
ipa_hostname = ilt-gif-ipa02.ipa.preprod.local
chpass_provider = ipa
ipa_server = _srv_, ilt-gif-ipa01.ipa.preprod.local
ldap_tls_cacert = /etc/ipa/ca.crt
debug_level = 9


[sssd]
default_domain_suffix = corp.corpcommon.com
services = nss, sudo, pam, ssh
debug_level = 9


domains = ipa.preprod.local
[nss]
override_homedir = /home/%u
debug_level = 9



[pam]
debug_level = 9


[sudo]

[autofs]

[ssh]
debug_level = 9


[pac]

[ifp]
===============

i am able to getent and  kinit for all of the AD user. but most of the user
are not able to login via ssh /ad-password

getent passwd  et33015
et33...@corp.corpcommon.com:*:1007629326:1007629326:Th Sub:/home/et33015:

and

kinit et33...@corp.corpcommon.com <http://corp.corpcommon.com/>
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to