What is interesting.. What I done: Remove the /etc/krb5.keytab file Stop the ntp server on Linux box Manually adjust the date from windows machine (ntpdate 192.168.144.143) and start the ntp server again.
And try to log-in: Now I see the following logs: Aug 14 19:16:19 ubu03 sshd[1681]: pam_krb5(sshd:auth): pam_sm_authenticate: entry (nonull) Aug 14 19:16:19 ubu03 sshd[1681]: pam_krb5(sshd:auth): (user testuser) attempting authentication as [email protected] Aug 14 19:16:22 ubu03 sshd[1681]: pam_krb5(sshd:auth): user testuser authenticated as [email protected] Aug 14 19:16:22 ubu03 sshd[1681]: pam_krb5(sshd:auth): pam_sm_authenticate: exit (success) Aug 14 19:16:22 ubu03 sshd[1681]: pam_krb5(sshd:account): pam_sm_acct_mgmt: entry Aug 14 19:16:22 ubu03 sshd[1681]: pam_krb5(sshd:account): (user testuser) retrieving principal from cache Aug 14 19:16:22 ubu03 sshd[1681]: pam_krb5(sshd:account): pam_sm_acct_mgmt: exit (success) Aug 14 19:16:22 ubu03 sshd[1679]: Accepted keyboard-interactive/pam for testuser from 192.168.147.102 port 31194 ssh2 Aug 14 19:16:22 ubu03 nslcd[999]: [200854] <group/member="testuser"> ldap_result() failed: No such object Aug 14 19:16:22 ubu03 sshd[1679]: pam_krb5(sshd:setcred): pam_sm_setcred: entry (establish) Aug 14 19:16:22 ubu03 sshd[1679]: pam_krb5(sshd:setcred): no context found, creating one Aug 14 19:16:22 ubu03 sshd[1679]: pam_krb5(sshd:setcred): (user testuser) found initial ticket cache at /var/tmp/krb5cc_pam_4Kw0LB Aug 14 19:16:22 ubu03 sshd[1679]: pam_krb5(sshd:setcred): (user testuser) initializing ticket cache /var/tmp/krb5cc_10001_wyCVAA Aug 14 19:16:22 ubu03 sshd[1679]: pam_krb5(sshd:setcred): pam_sm_setcred: exit (success) Aug 14 19:16:22 ubu03 nslcd[999]: [b127f8] <group=10000> ldap_result() failed: No such object Aug 14 19:16:22 ubu03 sshd[1679]: pam_krb5(sshd:session): pam_sm_open_session: entry Aug 14 19:16:22 ubu03 sshd[1679]: pam_krb5(sshd:session): pam_sm_open_session: exit (success) Aug 14 19:16:22 ubu03 sshd[1679]: pam_unix(sshd:session): session opened for user testuser by (uid=0) Aug 14 19:16:22 ubu03 sshd[1796]: pam_krb5(sshd:setcred): pam_sm_setcred: entry (establish) Aug 14 19:16:22 ubu03 sshd[1796]: pam_krb5(sshd:setcred): pam_sm_setcred: exit (success) Aug 14 19:16:23 ubu03 sshd[1679]: pam_krb5(sshd:session): pam_sm_close_session: entry (silent) Aug 14 19:16:23 ubu03 sshd[1679]: pam_krb5(sshd:session): pam_sm_close_session: exit (success) Aug 14 19:16:23 ubu03 sshd[1679]: pam_unix(sshd:session): session closed for user testuser Aug 14 19:16:24 ubu03 sshd[1679]: pam_krb5(sshd:setcred): pam_sm_setcred: entry (delete) Aug 14 19:16:24 ubu03 sshd[1679]: pam_krb5(sshd:setcred): pam_sm_setcred: exit (success) So it looks that the user is correctly authenticated.. Right? testuser@ubu03:~$ mkdir xx testuser@ubu03:~$ ls -l total 4 drwxr-xr-x 2 testuser 10000 4096 Aug 14 13:55 xx So I do not see the group associated with the user (SecureLDAP). Why? What is interesting too, is that I have also errors of nslcd deamon: Aug 14 19:12:56 ubu03 nslcd[999]: [45e146] <passwd="testuser"> ldap_search_ext() failed: Can't contact LDAP server Aug 14 19:12:56 ubu03 nslcd[999]: [45e146] <passwd="testuser"> no available LDAP server found, sleeping 1 seconds Aug 14 19:16:22 ubu03 nslcd[999]: [200854] <group/member="testuser"> ldap_result() failed: No such object Aug 14 19:16:22 ubu03 nslcd[999]: [b127f8] <group=10000> ldap_result() failed: No such object Aug 14 19:17:01 ubu03 nslcd[999]: [90cde7] <group/member="root"> ldap_result() failed: No such object ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
