Re: [Freeipa-users] su: [ID 219349 auth.debug] pam_unix_auth: user craig not found (Solaris 10 IPA client)
Please try to initialize the client using the default DUA profile included with IPA: $ ldapclient -v init \ -a profileName=default \ ipaserver.example.com You can also take a look at these two request I've opened to update the Solaris 10 documentation, and including a default DUA config profile including more enhanced configuration of the client. https://bugzilla.redhat.com/show_bug.cgi?id=815533 https://bugzilla.redhat.com/show_bug.cgi?id=815515 If that does not help, pleaes to enable more debugging by touching file etc/pam_debug and enable debug to a file in syslog.conf. Attempt a login and please post the reults to the list. Rgds, Siggi ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] su: [ID 219349 auth.debug] pam_unix_auth: user craig not found (Solaris 10 IPA client)
On Mon, Jun 04, 2012 at 11:51:47PM -0400, Rob Crittenden wrote: > free...@noboost.org wrote: > >Hi All, > > > >I'm sooo close to getting my Solaris 10 (SPARC) client to work with IPA > > > >Server: > >- Red Hat Enterprise Linux Server release 6.2 > >ipa-admintools-2.1.3-9.el6.x86_64 > >ipa-client-2.1.3-9.el6.x86_64 > >ipa-pki-ca-theme-9.0.3-7.el6.noarch > >ipa-pki-common-theme-9.0.3-7.el6.noarch > >ipa-python-2.1.3-9.el6.x86_64 > >ipa-server-2.1.3-9.el6.x86_64 > >ipa-server-selinux-2.1.3-9.el6.x86_64 > > > > > >Client: > >Solaris 10 - Sparc > >SunOS lyra 5.10 Generic_141414-02 sun4u sparc SUNW,Sun-Fire-V210 > > > > > >Issue: > >On ssh login, /var/log/authlog reports "user not found" > > > > > >FILE: /var/log/authlog > >Jun 5 12:07:11 lyra sshd[1250]: [ID 525286 auth.debug] PAM-KRB5 (auth): > >end: Success > >Jun 5 12:07:11 lyra sshd[1250]: [ID 896952 auth.debug] pam_unix_auth: > >entering pam_sm_authenticate() > >Jun 5 12:07:11 lyra sshd[1250]: [ID 219349 auth.debug] pam_unix_auth: > >user craig not found > >Jun 5 12:07:11 lyra sshd[1250]: [ID 800047 auth.info] > >Keyboard-interactive (PAM) userauth failed[13] while authenticating: No > >account present for user > >Jun 5 12:07:11 lyra sshd[1250]: [ID 800047 auth.notice] Failed > >keyboard-interactive for craig from 192.168.0.103 port 48658 ssh2 > > > > > >- Additionally, I can log in via "su - craig" from a root account, but not > >when auth is required. > > > >-bash-3.00$ su - craig > >Password: > >su: Unknown id: craig > > > >getent even works; > ># getent passwd craig > >craig:*:343:135:Craig:/home/craig:/bin/bash > > > >Plus kerberos works, when simply running `kinit craig`. > > > > > > > >Any tips?? > > What have you done so far to configure the machine? > > rob I've just done my best to follow the IPA manual; = # cat /var/ldap/ldap_client_file # # Do not edit this file manually; your changes will be lost.Please use # ldapclient (1M) instead. # NS_LDAP_FILE_VERSION= 2.0 NS_LDAP_SERVERS= 192.168.0.214 NS_LDAP_SEARCH_BASEDN= dc=example,dc=com NS_LDAP_AUTH= none NS_LDAP_CACHETTL= 0 NS_LDAP_CREDENTIAL_LEVEL= anonymous NS_LDAP_SERVICE_SEARCH_DESC= passwd:cn=users,cn=accounts,dc=example,dc=com NS_LDAP_SERVICE_SEARCH_DESC= group:cn=groups,cn=accounts,dc=example,dc=com NS_LDAP_ATTRIBUTEMAP= shadow:userpassword=userPassword NS_LDAP_ATTRIBUTEMAP= passwd:loginshell=loginShell NS_LDAP_ATTRIBUTEMAP= passwd:homedirectory=homeDirectory NS_LDAP_ATTRIBUTEMAP= passwd:uidnumber=uidNumber NS_LDAP_ATTRIBUTEMAP= passwd:gidnumber=gidNumber NS_LDAP_ATTRIBUTEMAP= group:gidnumber=gidNumber NS_LDAP_ATTRIBUTEMAP= group:memberuid=memberUid NS_LDAP_OBJECTCLASSMAP= shadow:shadowAccount=posixaccount NS_LDAP_OBJECTCLASSMAP= passwd:posixAccount=posixaccount NS_LDAP_OBJECTCLASSMAP= group:posixGroup=posixgroup -- # cat /etc/krb5/krb5.conf [libdefaults] default_realm = EXAMPLE.COM verify_ap_req_nofail = false [realms] EXAMPLE.COM = { kdc = sysvm-ipa.example.com admin_server = sysvm-ipa.example.com } [domain_realm] example.com = EXAMPLE.COM .example.com = EXAMPLE.COM [logging] default = FILE:/var/krb5/kdc.log kdc = FILE:/var/krb5/kdc.log [appdefaults] kinit = { renewable = true forwardable= true } -- bash-3.00# grep krb /etc/pam.conf login auth sufficient pam_krb5.so.1 try_first_pass debug other auth sufficient pam_krb5.so.1 debug other account requiredpam_krb5.so.1 debug other password sufficient pam_krb5.so.1 debug -- = ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] su: [ID 219349 auth.debug] pam_unix_auth: user craig not found (Solaris 10 IPA client)
free...@noboost.org wrote: Hi All, I'm sooo close to getting my Solaris 10 (SPARC) client to work with IPA Server: - Red Hat Enterprise Linux Server release 6.2 ipa-admintools-2.1.3-9.el6.x86_64 ipa-client-2.1.3-9.el6.x86_64 ipa-pki-ca-theme-9.0.3-7.el6.noarch ipa-pki-common-theme-9.0.3-7.el6.noarch ipa-python-2.1.3-9.el6.x86_64 ipa-server-2.1.3-9.el6.x86_64 ipa-server-selinux-2.1.3-9.el6.x86_64 Client: Solaris 10 - Sparc SunOS lyra 5.10 Generic_141414-02 sun4u sparc SUNW,Sun-Fire-V210 Issue: On ssh login, /var/log/authlog reports "user not found" FILE: /var/log/authlog Jun 5 12:07:11 lyra sshd[1250]: [ID 525286 auth.debug] PAM-KRB5 (auth): end: Success Jun 5 12:07:11 lyra sshd[1250]: [ID 896952 auth.debug] pam_unix_auth: entering pam_sm_authenticate() Jun 5 12:07:11 lyra sshd[1250]: [ID 219349 auth.debug] pam_unix_auth: user craig not found Jun 5 12:07:11 lyra sshd[1250]: [ID 800047 auth.info] Keyboard-interactive (PAM) userauth failed[13] while authenticating: No account present for user Jun 5 12:07:11 lyra sshd[1250]: [ID 800047 auth.notice] Failed keyboard-interactive for craig from 192.168.0.103 port 48658 ssh2 - Additionally, I can log in via "su - craig" from a root account, but not when auth is required. -bash-3.00$ su - craig Password: su: Unknown id: craig getent even works; # getent passwd craig craig:*:343:135:Craig:/home/craig:/bin/bash Plus kerberos works, when simply running `kinit craig`. Any tips?? What have you done so far to configure the machine? rob ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
[Freeipa-users] su: [ID 219349 auth.debug] pam_unix_auth: user craig not found (Solaris 10 IPA client)
Hi All, I'm sooo close to getting my Solaris 10 (SPARC) client to work with IPA Server: - Red Hat Enterprise Linux Server release 6.2 ipa-admintools-2.1.3-9.el6.x86_64 ipa-client-2.1.3-9.el6.x86_64 ipa-pki-ca-theme-9.0.3-7.el6.noarch ipa-pki-common-theme-9.0.3-7.el6.noarch ipa-python-2.1.3-9.el6.x86_64 ipa-server-2.1.3-9.el6.x86_64 ipa-server-selinux-2.1.3-9.el6.x86_64 Client: Solaris 10 - Sparc SunOS lyra 5.10 Generic_141414-02 sun4u sparc SUNW,Sun-Fire-V210 Issue: On ssh login, /var/log/authlog reports "user not found" FILE: /var/log/authlog Jun 5 12:07:11 lyra sshd[1250]: [ID 525286 auth.debug] PAM-KRB5 (auth): end: Success Jun 5 12:07:11 lyra sshd[1250]: [ID 896952 auth.debug] pam_unix_auth: entering pam_sm_authenticate() Jun 5 12:07:11 lyra sshd[1250]: [ID 219349 auth.debug] pam_unix_auth: user craig not found Jun 5 12:07:11 lyra sshd[1250]: [ID 800047 auth.info] Keyboard-interactive (PAM) userauth failed[13] while authenticating: No account present for user Jun 5 12:07:11 lyra sshd[1250]: [ID 800047 auth.notice] Failed keyboard-interactive for craig from 192.168.0.103 port 48658 ssh2 - Additionally, I can log in via "su - craig" from a root account, but not when auth is required. -bash-3.00$ su - craig Password: su: Unknown id: craig getent even works; # getent passwd craig craig:*:343:135:Craig:/home/craig:/bin/bash Plus kerberos works, when simply running `kinit craig`. Any tips?? cya Craig ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users