On ti, 14 helmi 2017, Nuno Higgs wrote:
Hello Lucas,

No, the account is neither locked nor expired. That's the weird part.
On other Centos7 / RHEL7 I can login without any issues.


[root@ipa2 ~]# ipa user-status nuno
-----------------------
Account disabled: False
-----------------------
 Server: ipa1
 Failed logins: 0
 Last successful authentication: 20170214150453Z
 Last failed authentication: 20170213170252Z
 Time now: 2017-02-14T15:06:21Z

 Server: ipa2
 Failed logins: 0
 Last successful authentication: 20170214150047Z
 Last failed authentication: 20170214124638Z
 Time now: 2017-02-14T15:06:23Z
----------------------------
Number of entries returned 2
----------------------------

I've also enabled the sssd. There is no evidence of where the problem is:

(Tue Feb 14 15:11:54 2017) [sssd[pam]] [pam_print_data] (0x0100): command: 
SSS_PAM_AUTHENTICATE
(Tue Feb 14 15:11:54 2017) [sssd[pam]] [pam_print_data] (0x0100): domain: 
domain.com
(Tue Feb 14 15:11:54 2017) [sssd[pam]] [pam_print_data] (0x0100): user: 
n...@domain.com
(Tue Feb 14 15:11:54 2017) [sssd[pam]] [pam_print_data] (0x0100): service: sshd
(Tue Feb 14 15:11:54 2017) [sssd[pam]] [pam_print_data] (0x0100): tty: ssh
(Tue Feb 14 15:11:54 2017) [sssd[pam]] [pam_print_data] (0x0100): ruser: not set
(Tue Feb 14 15:11:54 2017) [sssd[pam]] [pam_print_data] (0x0100): rhost: 
172.16.0.10
(Tue Feb 14 15:11:54 2017) [sssd[pam]] [pam_print_data] (0x0100): authtok type: 
1
(Tue Feb 14 15:11:54 2017) [sssd[pam]] [pam_print_data] (0x0100): newauthtok 
type: 0
(Tue Feb 14 15:11:54 2017) [sssd[pam]] [pam_print_data] (0x0100): priv: 1
(Tue Feb 14 15:11:54 2017) [sssd[pam]] [pam_print_data] (0x0100): cli_pid: 9475
(Tue Feb 14 15:11:54 2017) [sssd[pam]] [pam_print_data] (0x0100): logon name: 
nuno
(Tue Feb 14 15:11:54 2017) [sssd[pam]] [pam_dom_forwarder] (0x0100): 
pam_dp_send_req returned 0
(Tue Feb 14 15:11:55 2017) [sssd[pam]] [pam_dp_process_reply] (0x0200): 
received: [0 (Success)][domain.com]
(Tue Feb 14 15:11:55 2017) [sssd[pam]] [pam_reply] (0x0200): pam_reply called 
with result [0]: Success.
(Tue Feb 14 15:11:55 2017) [sssd[pam]] [pam_reply] (0x0200): pam_reply called 
with result [0]: Success.
(Tue Feb 14 15:11:55 2017) [sssd[pam]] [pam_reply] (0x0200): blen: 68
(Tue Feb 14 15:11:55 2017) [sssd[pam]] [pam_cmd_acct_mgmt] (0x0100): entering 
pam_cmd_acct_mgmt
(Tue Feb 14 15:11:55 2017) [sssd[pam]] [sss_parse_name_for_domains] (0x0200): 
name 'nuno' matched without domain, user is nuno
(Tue Feb 14 15:11:55 2017) [sssd[pam]] [pam_print_data] (0x0100): command: 
SSS_PAM_ACCT_MGMT
(Tue Feb 14 15:11:55 2017) [sssd[pam]] [pam_print_data] (0x0100): domain: not 
set
(Tue Feb 14 15:11:55 2017) [sssd[pam]] [pam_print_data] (0x0100): user: nuno
(Tue Feb 14 15:11:55 2017) [sssd[pam]] [pam_print_data] (0x0100): service: sshd
(Tue Feb 14 15:11:55 2017) [sssd[pam]] [pam_print_data] (0x0100): tty: ssh
(Tue Feb 14 15:11:55 2017) [sssd[pam]] [pam_print_data] (0x0100): ruser: not set
(Tue Feb 14 15:11:55 2017) [sssd[pam]] [pam_print_data] (0x0100): rhost: 
172.16.0.10
(Tue Feb 14 15:11:55 2017) [sssd[pam]] [pam_print_data] (0x0100): authtok type: 0
(Tue Feb 14 15:11:55 2017) [sssd[pam]] [pam_print_data] (0x0100): newauthtok 
type: 0
(Tue Feb 14 15:11:55 2017) [sssd[pam]] [pam_print_data] (0x0100): priv: 1
(Tue Feb 14 15:11:55 2017) [sssd[pam]] [pam_print_data] (0x0100): cli_pid: 9475
(Tue Feb 14 15:11:55 2017) [sssd[pam]] [pam_print_data] (0x0100): logon name: 
nuno
(Tue Feb 14 15:11:55 2017) [sssd[pam]] [pam_check_user_search] (0x0100): 
Requesting info for [n...@domain.com]
(Tue Feb 14 15:11:55 2017) [sssd[pam]] [pam_check_user_search] (0x0400): 
Returning info for user [n...@domain.com@domain.com]
(Tue Feb 14 15:11:55 2017) [sssd[pam]] [pd_set_primary_name] (0x0400): User's 
primary name is n...@domain.com
(Tue Feb 14 15:11:55 2017) [sssd[pam]] [pam_dp_send_req] (0x0100): Sending 
request with the following data:
(Tue Feb 14 15:11:55 2017) [sssd[pam]] [pam_print_data] (0x0100): command: 
SSS_PAM_ACCT_MGMT
(Tue Feb 14 15:11:55 2017) [sssd[pam]] [pam_print_data] (0x0100): domain: 
domain.com
(Tue Feb 14 15:11:55 2017) [sssd[pam]] [pam_print_data] (0x0100): user: 
n...@domain.com
(Tue Feb 14 15:11:55 2017) [sssd[pam]] [pam_print_data] (0x0100): service: sshd
(Tue Feb 14 15:11:55 2017) [sssd[pam]] [pam_print_data] (0x0100): tty: ssh
(Tue Feb 14 15:11:55 2017) [sssd[pam]] [pam_print_data] (0x0100): ruser: not set
(Tue Feb 14 15:11:55 2017) [sssd[pam]] [pam_print_data] (0x0100): rhost: 
172.16.0.10
(Tue Feb 14 15:11:55 2017) [sssd[pam]] [pam_print_data] (0x0100): authtok type: 0
(Tue Feb 14 15:11:55 2017) [sssd[pam]] [pam_print_data] (0x0100): newauthtok 
type: 0
(Tue Feb 14 15:11:55 2017) [sssd[pam]] [pam_print_data] (0x0100): priv: 1
(Tue Feb 14 15:11:55 2017) [sssd[pam]] [pam_print_data] (0x0100): cli_pid: 9475
(Tue Feb 14 15:11:55 2017) [sssd[pam]] [pam_print_data] (0x0100): logon name: 
nuno
(Tue Feb 14 15:11:55 2017) [sssd[pam]] [pam_dom_forwarder] (0x0100): 
pam_dp_send_req returned 0
(Tue Feb 14 15:11:56 2017) [sssd[pam]] [pam_dp_process_reply] (0x0200): 
received: [4 (System error)][domain.com]
(Tue Feb 14 15:11:56 2017) [sssd[pam]] [pam_reply] (0x0200): pam_reply called 
with result [4]: System error.
Domain log will have details on what has happened at account PAM stage.
Please provide that log, correlated by time with pam log
(15:11:55-15:11:56).

--
/ Alexander Bokovoy

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to