Hi,

when I try to login to an IPA client with my AD user it works perfectly when I already have a kerberos ticket for my user. When I do not and I try a password-based login it fails:


Password-based:
(Thu Apr 6 10:39:12 2017) [sssd[pam]] [pam_check_user_search] (0x0400): Returning info for user [myu...@xyz.mydomain.at@xyz.mydomain.at] (Thu Apr 6 10:39:12 2017) [sssd[pam]] [pd_set_primary_name] (0x0400): User's primary name is myu...@xyz.mydomain.at (Thu Apr 6 10:39:12 2017) [sssd[pam]] [pam_dp_send_req] (0x0100): Sending request with the following data: (Thu Apr 6 10:39:12 2017) [sssd[pam]] [pam_print_data] (0x0100): command: SSS_PAM_PREAUTH (Thu Apr 6 10:39:12 2017) [sssd[pam]] [pam_print_data] (0x0100): domain: XYZ (Thu Apr 6 10:39:12 2017) [sssd[pam]] [pam_print_data] (0x0100): user: myu...@xyz.mydomain.at (Thu Apr 6 10:39:12 2017) [sssd[pam]] [pam_print_data] (0x0100): service: sshd
(Thu Apr  6 10:39:12 2017) [sssd[pam]] [pam_print_data] (0x0100): tty: ssh
(Thu Apr 6 10:39:12 2017) [sssd[pam]] [pam_print_data] (0x0100): ruser: not set (Thu Apr 6 10:39:12 2017) [sssd[pam]] [pam_print_data] (0x0100): rhost: chupacabra.ipa.mydomain.at (Thu Apr 6 10:39:12 2017) [sssd[pam]] [pam_print_data] (0x0100): authtok type: 0 (Thu Apr 6 10:39:12 2017) [sssd[pam]] [pam_print_data] (0x0100): newauthtok type: 0
(Thu Apr  6 10:39:12 2017) [sssd[pam]] [pam_print_data] (0x0100): priv: 1
(Thu Apr 6 10:39:12 2017) [sssd[pam]] [pam_print_data] (0x0100): cli_pid: 31816 (Thu Apr 6 10:39:12 2017) [sssd[pam]] [pam_print_data] (0x0100): logon name: myuser (Thu Apr 6 10:39:12 2017) [sssd[pam]] [sbus_add_timeout] (0x2000): 0x7f4c122ed450 (Thu Apr 6 10:39:12 2017) [sssd[pam]] [pam_dom_forwarder] (0x0100): pam_dp_send_req returned 0 (Thu Apr 6 10:39:12 2017) [sssd[pam]] [sbus_remove_timeout] (0x2000): 0x7f4c122ed450 (Thu Apr 6 10:39:12 2017) [sssd[pam]] [sbus_dispatch] (0x4000): dbus conn: 0x7f4c122e59c0 (Thu Apr 6 10:39:12 2017) [sssd[pam]] [sbus_dispatch] (0x4000): Dispatching. (Thu Apr 6 10:39:12 2017) [sssd[pam]] [pam_dp_process_reply] (0x0200): received: [4 (System error)][XYZ] (Thu Apr 6 10:39:12 2017) [sssd[pam]] [pam_reply] (0x0200): pam_reply called with result [4]: System error.
(Thu Apr  6 10:39:12 2017) [sssd[pam]] [pam_reply] (0x0200): blen: 20
(Thu Apr 6 10:39:12 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7f4c122f4640][21]

When I have a Kerberos ticket:
(Thu Apr 6 10:41:00 2017) [sssd[pam]] [pam_check_user_search] (0x0400): Returning info for user [myu...@xyz.mydomain.at@xyz.mydomain.at] (Thu Apr 6 10:41:00 2017) [sssd[pam]] [pd_set_primary_name] (0x0400): User's primary name is myu...@xyz.mydomain.at (Thu Apr 6 10:41:00 2017) [sssd[pam]] [pam_dp_send_req] (0x0100): Sending request with the following data: (Thu Apr 6 10:41:00 2017) [sssd[pam]] [pam_print_data] (0x0100): command: SSS_PAM_OPEN_SESSION (Thu Apr 6 10:41:00 2017) [sssd[pam]] [pam_print_data] (0x0100): domain: XYZ (Thu Apr 6 10:41:00 2017) [sssd[pam]] [pam_print_data] (0x0100): user: myu...@xyz.mydomain.at (Thu Apr 6 10:41:00 2017) [sssd[pam]] [pam_print_data] (0x0100): service: sshd
(Thu Apr  6 10:41:00 2017) [sssd[pam]] [pam_print_data] (0x0100): tty: ssh
(Thu Apr 6 10:41:00 2017) [sssd[pam]] [pam_print_data] (0x0100): ruser: not set (Thu Apr 6 10:41:00 2017) [sssd[pam]] [pam_print_data] (0x0100): rhost: chupacabra.ipa.mydomain.at (Thu Apr 6 10:41:00 2017) [sssd[pam]] [pam_print_data] (0x0100): authtok type: 0 (Thu Apr 6 10:41:00 2017) [sssd[pam]] [pam_print_data] (0x0100): newauthtok type: 0
(Thu Apr  6 10:41:00 2017) [sssd[pam]] [pam_print_data] (0x0100): priv: 1
(Thu Apr 6 10:41:00 2017) [sssd[pam]] [pam_print_data] (0x0100): cli_pid: 31841 (Thu Apr 6 10:41:00 2017) [sssd[pam]] [pam_print_data] (0x0100): logon name: myuser (Thu Apr 6 10:41:00 2017) [sssd[pam]] [sbus_add_timeout] (0x2000): 0x7f4c122ec4a0 (Thu Apr 6 10:41:00 2017) [sssd[pam]] [pam_dom_forwarder] (0x0100): pam_dp_send_req returned 0 (Thu Apr 6 10:41:00 2017) [sssd[pam]] [sbus_remove_timeout] (0x2000): 0x7f4c122ec4a0 (Thu Apr 6 10:41:00 2017) [sssd[pam]] [sbus_dispatch] (0x4000): dbus conn: 0x7f4c122e59c0 (Thu Apr 6 10:41:00 2017) [sssd[pam]] [sbus_dispatch] (0x4000): Dispatching. (Thu Apr 6 10:41:00 2017) [sssd[pam]] [pam_dp_process_reply] (0x0200): received: [0 (Success)][XYZ] (Thu Apr 6 10:41:00 2017) [sssd[pam]] [pam_reply] (0x0200): pam_reply called with result [0]: Success.
(Thu Apr  6 10:41:00 2017) [sssd[pam]] [pam_reply] (0x0200): blen: 20
(Thu Apr 6 10:41:00 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7f4c122f4640][21]

My question is why?

Regards,
Ronald

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to