Re: [Freeipa-users] su: [ID 219349 auth.debug] pam_unix_auth: user craig not found (Solaris 10 IPA client)
Please try to initialize the client using the default DUA profile included with IPA: $ ldapclient -v init \ -a profileName=default \ ipaserver.example.com You can also take a look at these two request I've opened to update the Solaris 10 documentation, and including a default DUA config profile including more enhanced configuration of the client. https://bugzilla.redhat.com/show_bug.cgi?id=815533 https://bugzilla.redhat.com/show_bug.cgi?id=815515 If that does not help, pleaes to enable more debugging by touching file etc/pam_debug and enable debug to a file in syslog.conf. Attempt a login and please post the reults to the list. Rgds, Siggi ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] su: [ID 219349 auth.debug] pam_unix_auth: user craig not found (Solaris 10 IPA client)
On Mon, Jun 04, 2012 at 11:51:47PM -0400, Rob Crittenden wrote:
> free...@noboost.org wrote:
> >Hi All,
> >
> >I'm sooo close to getting my Solaris 10 (SPARC) client to work with IPA
> >
> >Server:
> >- Red Hat Enterprise Linux Server release 6.2
> >ipa-admintools-2.1.3-9.el6.x86_64
> >ipa-client-2.1.3-9.el6.x86_64
> >ipa-pki-ca-theme-9.0.3-7.el6.noarch
> >ipa-pki-common-theme-9.0.3-7.el6.noarch
> >ipa-python-2.1.3-9.el6.x86_64
> >ipa-server-2.1.3-9.el6.x86_64
> >ipa-server-selinux-2.1.3-9.el6.x86_64
> >
> >
> >Client:
> >Solaris 10 - Sparc
> >SunOS lyra 5.10 Generic_141414-02 sun4u sparc SUNW,Sun-Fire-V210
> >
> >
> >Issue:
> >On ssh login, /var/log/authlog reports "user not found"
> >
> >
> >FILE: /var/log/authlog
> >Jun 5 12:07:11 lyra sshd[1250]: [ID 525286 auth.debug] PAM-KRB5 (auth):
> >end: Success
> >Jun 5 12:07:11 lyra sshd[1250]: [ID 896952 auth.debug] pam_unix_auth:
> >entering pam_sm_authenticate()
> >Jun 5 12:07:11 lyra sshd[1250]: [ID 219349 auth.debug] pam_unix_auth:
> >user craig not found
> >Jun 5 12:07:11 lyra sshd[1250]: [ID 800047 auth.info]
> >Keyboard-interactive (PAM) userauth failed[13] while authenticating: No
> >account present for user
> >Jun 5 12:07:11 lyra sshd[1250]: [ID 800047 auth.notice] Failed
> >keyboard-interactive for craig from 192.168.0.103 port 48658 ssh2
> >
> >
> >- Additionally, I can log in via "su - craig" from a root account, but not
> >when auth is required.
> >
> >-bash-3.00$ su - craig
> >Password:
> >su: Unknown id: craig
> >
> >getent even works;
> ># getent passwd craig
> >craig:*:343:135:Craig:/home/craig:/bin/bash
> >
> >Plus kerberos works, when simply running `kinit craig`.
> >
> >
> >
> >Any tips??
>
> What have you done so far to configure the machine?
>
> rob
I've just done my best to follow the IPA manual;
=
# cat /var/ldap/ldap_client_file
#
# Do not edit this file manually; your changes will be lost.Please use
# ldapclient (1M) instead.
#
NS_LDAP_FILE_VERSION= 2.0
NS_LDAP_SERVERS= 192.168.0.214
NS_LDAP_SEARCH_BASEDN= dc=example,dc=com
NS_LDAP_AUTH= none
NS_LDAP_CACHETTL= 0
NS_LDAP_CREDENTIAL_LEVEL= anonymous
NS_LDAP_SERVICE_SEARCH_DESC=
passwd:cn=users,cn=accounts,dc=example,dc=com
NS_LDAP_SERVICE_SEARCH_DESC=
group:cn=groups,cn=accounts,dc=example,dc=com
NS_LDAP_ATTRIBUTEMAP= shadow:userpassword=userPassword
NS_LDAP_ATTRIBUTEMAP= passwd:loginshell=loginShell
NS_LDAP_ATTRIBUTEMAP= passwd:homedirectory=homeDirectory
NS_LDAP_ATTRIBUTEMAP= passwd:uidnumber=uidNumber
NS_LDAP_ATTRIBUTEMAP= passwd:gidnumber=gidNumber
NS_LDAP_ATTRIBUTEMAP= group:gidnumber=gidNumber
NS_LDAP_ATTRIBUTEMAP= group:memberuid=memberUid
NS_LDAP_OBJECTCLASSMAP= shadow:shadowAccount=posixaccount
NS_LDAP_OBJECTCLASSMAP= passwd:posixAccount=posixaccount
NS_LDAP_OBJECTCLASSMAP= group:posixGroup=posixgroup
--
# cat /etc/krb5/krb5.conf
[libdefaults]
default_realm = EXAMPLE.COM
verify_ap_req_nofail = false
[realms]
EXAMPLE.COM = {
kdc = sysvm-ipa.example.com
admin_server = sysvm-ipa.example.com
}
[domain_realm]
example.com = EXAMPLE.COM
.example.com = EXAMPLE.COM
[logging]
default = FILE:/var/krb5/kdc.log
kdc = FILE:/var/krb5/kdc.log
[appdefaults]
kinit = {
renewable = true
forwardable= true
}
--
bash-3.00# grep krb /etc/pam.conf
login auth sufficient pam_krb5.so.1 try_first_pass debug
other auth sufficient pam_krb5.so.1 debug
other account requiredpam_krb5.so.1 debug
other password sufficient pam_krb5.so.1 debug
--
=
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] su: [ID 219349 auth.debug] pam_unix_auth: user craig not found (Solaris 10 IPA client)
free...@noboost.org wrote: Hi All, I'm sooo close to getting my Solaris 10 (SPARC) client to work with IPA Server: - Red Hat Enterprise Linux Server release 6.2 ipa-admintools-2.1.3-9.el6.x86_64 ipa-client-2.1.3-9.el6.x86_64 ipa-pki-ca-theme-9.0.3-7.el6.noarch ipa-pki-common-theme-9.0.3-7.el6.noarch ipa-python-2.1.3-9.el6.x86_64 ipa-server-2.1.3-9.el6.x86_64 ipa-server-selinux-2.1.3-9.el6.x86_64 Client: Solaris 10 - Sparc SunOS lyra 5.10 Generic_141414-02 sun4u sparc SUNW,Sun-Fire-V210 Issue: On ssh login, /var/log/authlog reports "user not found" FILE: /var/log/authlog Jun 5 12:07:11 lyra sshd[1250]: [ID 525286 auth.debug] PAM-KRB5 (auth): end: Success Jun 5 12:07:11 lyra sshd[1250]: [ID 896952 auth.debug] pam_unix_auth: entering pam_sm_authenticate() Jun 5 12:07:11 lyra sshd[1250]: [ID 219349 auth.debug] pam_unix_auth: user craig not found Jun 5 12:07:11 lyra sshd[1250]: [ID 800047 auth.info] Keyboard-interactive (PAM) userauth failed[13] while authenticating: No account present for user Jun 5 12:07:11 lyra sshd[1250]: [ID 800047 auth.notice] Failed keyboard-interactive for craig from 192.168.0.103 port 48658 ssh2 - Additionally, I can log in via "su - craig" from a root account, but not when auth is required. -bash-3.00$ su - craig Password: su: Unknown id: craig getent even works; # getent passwd craig craig:*:343:135:Craig:/home/craig:/bin/bash Plus kerberos works, when simply running `kinit craig`. Any tips?? What have you done so far to configure the machine? rob ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
[Freeipa-users] su: [ID 219349 auth.debug] pam_unix_auth: user craig not found (Solaris 10 IPA client)
Hi All, I'm sooo close to getting my Solaris 10 (SPARC) client to work with IPA Server: - Red Hat Enterprise Linux Server release 6.2 ipa-admintools-2.1.3-9.el6.x86_64 ipa-client-2.1.3-9.el6.x86_64 ipa-pki-ca-theme-9.0.3-7.el6.noarch ipa-pki-common-theme-9.0.3-7.el6.noarch ipa-python-2.1.3-9.el6.x86_64 ipa-server-2.1.3-9.el6.x86_64 ipa-server-selinux-2.1.3-9.el6.x86_64 Client: Solaris 10 - Sparc SunOS lyra 5.10 Generic_141414-02 sun4u sparc SUNW,Sun-Fire-V210 Issue: On ssh login, /var/log/authlog reports "user not found" FILE: /var/log/authlog Jun 5 12:07:11 lyra sshd[1250]: [ID 525286 auth.debug] PAM-KRB5 (auth): end: Success Jun 5 12:07:11 lyra sshd[1250]: [ID 896952 auth.debug] pam_unix_auth: entering pam_sm_authenticate() Jun 5 12:07:11 lyra sshd[1250]: [ID 219349 auth.debug] pam_unix_auth: user craig not found Jun 5 12:07:11 lyra sshd[1250]: [ID 800047 auth.info] Keyboard-interactive (PAM) userauth failed[13] while authenticating: No account present for user Jun 5 12:07:11 lyra sshd[1250]: [ID 800047 auth.notice] Failed keyboard-interactive for craig from 192.168.0.103 port 48658 ssh2 - Additionally, I can log in via "su - craig" from a root account, but not when auth is required. -bash-3.00$ su - craig Password: su: Unknown id: craig getent even works; # getent passwd craig craig:*:343:135:Craig:/home/craig:/bin/bash Plus kerberos works, when simply running `kinit craig`. Any tips?? cya Craig ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
