Re: [Freeipa-users] Not able to SSH with User Created in IPA Server

2015-03-27 Thread Yogesh Sharma
Hi Jakub, Please find the logs for the user test created in IPA. (Fri Mar 27 10:19:52 2015) [sssd[nss]] [nss_cmd_getbynam] (0x0100): Requesting info for [test] from [ALL] (Fri Mar 27 10:19:52 2015) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0100): Requesting info for [t...@sd.int] (Fri Mar 27

Re: [Freeipa-users] Not able to SSH with User Created in IPA Server

2015-03-27 Thread Yogesh Sharma
No. This is the second attempt after changing the password on first login. If you want I can re-send you the logs but this is the second login logs of this user. *Best Regards,__* *Yogesh Sharma* *Email: yks0...@gmail.com yks0...@gmail.com | Web:

Re: [Freeipa-users] Not able to SSH with User Created in IPA Server

2015-03-27 Thread Jakub Hrozek
On Fri, Mar 27, 2015 at 10:28:13AM +0530, Yogesh Sharma wrote: Hi Jakub, Please find the logs for the user test created in IPA. (Fri Mar 27 10:19:52 2015) [sssd[nss]] [nss_cmd_getbynam] (0x0100): Requesting info for [test] from [ALL] (Fri Mar 27 10:19:52 2015) [sssd[nss]]

Re: [Freeipa-users] Not able to SSH with User Created in IPA Server

2015-03-27 Thread Natxo Asenjo
On Fri, Mar 27, 2015 at 5:58 AM, Yogesh Sharma yks0...@gmail.com wrote: (Fri Mar 27 10:19:57 2015) [sssd[be[sd.int]]] [sss_krb5_cc_verify_ccache] (0x0020): 1078: [-1765328190][Credentials cache permissions incorrect] (Fri Mar 27 10:19:57 2015) [sssd[be[sd.int]]] [check_old_ccache] (0x0040):

Re: [Freeipa-users] Not able to SSH with User Created in IPA Server

2015-03-27 Thread Jakub Hrozek
On Fri, Mar 27, 2015 at 12:34:57PM +0530, Yogesh Sharma wrote: No. This is the second attempt after changing the password on first login. If you want I can re-send you the logs but this is the second login logs of this user. Then it would be most interesting to see the logs of the password

Re: [Freeipa-users] Not able to SSH with User Created in IPA Server

2015-03-26 Thread Rob Crittenden
Yogesh Sharma wrote: Hi, We are getting error while trying to ssh using users created in IPA server. root@yogesh-ubuntu-pc:~# ssh -vvv cm8158@52.74.84.94 You don't have a Kerberos ticket and you don't have ssh keys for this user. kinit cm8158 first or get the ssh keys. You'll need to use

Re: [Freeipa-users] Not able to SSH with User Created in IPA Server

2015-03-26 Thread Simo Sorce
On Thu, 2015-03-26 at 15:42 +0530, Yogesh Sharma wrote: Hi, We are getting error while trying to ssh using users created in IPA server. root@yogesh-ubuntu-pc:~# ssh -vvv cm8158@52.74.84.94 You should use the machine's fully qualified name if you want to login using GSSAPI/Krb5, an IP

Re: [Freeipa-users] Not able to SSH with User Created in IPA Server

2015-03-26 Thread Jakub Hrozek
On Thu, Mar 26, 2015 at 07:47:34PM +0530, Yogesh Sharma wrote: Once I manually initialize the user Ticket on IPA Server using kinit username, I am able to login with and without FQDN. It's expected that IPA users are created with expired password. But SSSD should have prompted you for a

Re: [Freeipa-users] Not able to SSH with User Created in IPA Server

2015-03-26 Thread Natxo Asenjo
On Thu, Mar 26, 2015 at 3:12 PM, Yogesh Sharma yks0...@gmail.com wrote: Thanks, but when I trying to use admin user (default user created by IPA), I am able to login. The issue is happening only with new users we are trying to create. (Thu Mar 26 19:30:52 2015) [[sssd[krb5_child[13625

Re: [Freeipa-users] Not able to SSH with User Created in IPA Server

2015-03-26 Thread Yogesh Sharma
Hi Jakub, SSSD prompted to change the password. After changing the password, when we try to ssh again using the new password, it failed. *Best Regards,__* *Yogesh Sharma* *Email: yks0...@gmail.com yks0...@gmail.com | Web: www.initd.in

Re: [Freeipa-users] Not able to SSH with User Created in IPA Server

2015-03-26 Thread Yogesh Sharma
This message is coming as user is trying to login for first time. IPA Admin has set a password and when user try to login it will prompt to change. sssd log it as password expired. *Best Regards,__* *Yogesh Sharma* *Email: yks0...@gmail.com

Re: [Freeipa-users] Not able to SSH with User Created in IPA Server

2015-03-26 Thread Jakub Hrozek
On Thu, Mar 26, 2015 at 08:05:03PM +0530, Yogesh Sharma wrote: Hi Jakub, SSSD prompted to change the password. After changing the password, when we try to ssh again using the new password, it failed. And what do the logs say then, with the new password? -- Manage your subscription for the

Re: [Freeipa-users] Not able to SSH with User Created in IPA Server

2015-03-26 Thread Yogesh Sharma
I have tried with FQDN of host also as registered, but error remain same: (Thu Mar 26 19:43:01 2015) [[sssd[krb5_child[13730 [unpack_buffer] (0x0100): cmd [241] uid [131284] gid [131284] validate [true] enterprise principal [false] offline [false] UPN [te...@sd.int] (Thu Mar 26

Re: [Freeipa-users] Not able to SSH with User Created in IPA Server

2015-03-26 Thread Yogesh Sharma
Thanks, but when I trying to use admin user (default user created by IPA), I am able to login. The issue is happening only with new users we are trying to create. === TEST user Login Logs: (Thu Mar 26 19:30:51 2015) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0100): Requesting info for