When this command failed for me, it usually was a problem with SSSD on the
master. The service was down, offline or simply something wrong was with it.
On the master, I would try:
$ id admin
$ ssh admin@localhost # (with password)
If that works, try manual
$ ssh admin@ipa.master.server # with
@gmail.com, Janelle
janellenicol...@gmail.com
Cc: freeipa-users@redhat.com freeipa-users@redhat.com
Date: 03.08.2015 08:49
Subject:Re: [Freeipa-users] Admin password not accepted during replica
install
Sent by:freeipa-users-boun...@redhat.com
When
Hi Guys,
I'm doing a replica install there my admin password for the SSH check
to the master is not accepted.
The password is not expired, I can use it on the GUI and even changing
it in the GUI doesn't fix this.
What can I check ?
Cheers,
Matt
--
Manage your subscription for the
What is in the logs on the machine that is failing? Can you login to
admin from anywhere? Logs are you best friend.
Also, a simply ssh -vvv will help.
~J
On 8/1/15 12:51 PM, Matt . wrote:
Hi,
This didn't fix it yet.
I wonder if there are any checks I can do as in the very past I was
able
lastly -- on the master - do you get the same error if you kinit admin?
~J
On 8/1/15 1:05 PM, Matt . wrote:
This actually the most important part, and the GSS Failure concerns me:
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /root/.ssh/id_rsa ((nil)),
debug2: key: /root/.ssh/id_dsa
Hi,
This didn't fix it yet.
I wonder if there are any checks I can do as in the very past I was
able to do a simple replica without any issues.
Matt
2015-08-01 21:34 GMT+02:00 Janelle janellenicol...@gmail.com:
Double check you do not have AllowGroups set in your /etc/ssh/sshd_config
file.
kinit admin works perfectly, that is such strange.
2015-08-01 22:15 GMT+02:00 Janelle janellenicol...@gmail.com:
lastly -- on the master - do you get the same error if you kinit admin?
~J
On 8/1/15 1:05 PM, Matt . wrote:
This actually the most important part, and the GSS Failure concerns
which points to the configuration of sssd.conf and/or nsswitch.conf
It is in there. If you say there are no AllowGroups in sshd, it has to
be in one of those 2 places.
~J
On 8/1/15 1:26 PM, Matt . wrote:
kinit admin works perfectly, that is such strange.
2015-08-01 22:15 GMT+02:00 Janelle
I even checked working version (IPA clusters) and they don't even have
this AllowGroups.
Am I missing something ?
2015-08-01 22:52 GMT+02:00 Janelle janellenicol...@gmail.com:
which points to the configuration of sssd.conf and/or nsswitch.conf
It is in there. If you say there are no