Re: [Freeipa-users] Public Key Authentication Failing

2015-08-19 Thread Yogesh Sharma
Re-Enrolling the server has fixed it, but what has caused this, is still an
issue.

*Best Regards,*

*__*

*Yogesh Sharma*
*Email: yks0...@gmail.com yks0...@gmail.com | Web: www.initd.in
http://www.initd.in/ *

*RHCE, VCE-CIA, RACKSPACE CLOUD U Certified*

https://www.fb.com/yks   http://in.linkedin.com/in/yks
https://twitter.com/checkwithyogesh
http://google.com/+YogeshSharmaOnGooglePlus

On Wed, Aug 19, 2015 at 1:23 AM, Yogesh Sharma yks0...@gmail.com wrote:

 Majority of sssd logs are filled with below error:

 (Wed Aug 19 01:22:24 2015) [sssd[be[klikpay.int]]]
 [sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not parse
 domain SID from [(null)]
 (Wed Aug 19 01:22:24 2015) [sssd[be[klikpay.int]]]
 [sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not parse
 domain SID from [(null)]
 (Wed Aug 19 01:22:24 2015) [sssd[be[klikpay.int]]]
 [sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not parse
 domain SID from [(null)]


 *Best Regards,*

 *__*

 *Yogesh Sharma*
 *Email: yks0...@gmail.com yks0...@gmail.com | Web: www.initd.in
 http://www.initd.in/ *

 *RHCE, VCE-CIA, RACKSPACE CLOUD U Certified*

 https://www.fb.com/yks   http://in.linkedin.com/in/yks
 https://twitter.com/checkwithyogesh
 http://google.com/+YogeshSharmaOnGooglePlus

 On Wed, Aug 19, 2015 at 12:44 AM, Yogesh Sharma yks0...@gmail.com wrote:

 Team.

 We are using public key authentication instead of password. It was
 working fine but a day latter it has stopped working. The same key is
 working for if change the username.

 For eg:

 Initially we created a user - ipa1 with ssh public key, but after
 sometime it has stopped working, now the same key is working if we create
 ipa2 user but with ipa1 user it fail to accept the keys.



 Below are ssh logs of failed attempt:

 root@yogesh-ubuntu-pc:/home/yogesh# ssh -i /root/.ssh/id_rsa
 vg4381@172.16.32.24 -vv
 OpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014
 debug1: Reading configuration data /etc/ssh/ssh_config
 debug1: /etc/ssh/ssh_config line 19: Applying options for *
 debug2: ssh_connect: needpriv 0
 debug1: Connecting to 172.16.32.24 [172.16.32.24] port 22.
 debug1: Connection established.
 debug1: permanently_set_uid: 0/0
 debug1: identity file /root/.ssh/id_rsa type 1
 debug1: identity file /root/.ssh/id_rsa-cert type -1
 debug1: Enabling compatibility mode for protocol 2.0
 debug1: Local version string SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.2
 debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3
 debug1: match: OpenSSH_5.3 pat OpenSSH_5* compat 0x0c00
 debug2: fd 3 setting O_NONBLOCK
 debug1: SSH2_MSG_KEXINIT sent
 debug1: SSH2_MSG_KEXINIT received
 debug2: kex_parse_kexinit: curve25519-sha...@libssh.org
 ,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
 debug2: kex_parse_kexinit: ssh-rsa-cert-...@openssh.com,
 ssh-rsa-cert-...@openssh.com,ssh-rsa,
 ecdsa-sha2-nistp256-cert-...@openssh.com,
 ecdsa-sha2-nistp384-cert-...@openssh.com,
 ecdsa-sha2-nistp521-cert-...@openssh.com,ssh-ed25519-cert-...@openssh.com
 ,ssh-dss-cert-...@openssh.com,ssh-dss-cert-...@openssh.com
 ,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,ssh-dss
 debug2: kex_parse_kexinit:
 aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,
 aes128-...@openssh.com,aes256-...@openssh.com,
 chacha20-poly1...@openssh.com
 ,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,
 rijndael-...@lysator.liu.se
 debug2: kex_parse_kexinit:
 aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,
 aes128-...@openssh.com,aes256-...@openssh.com,
 chacha20-poly1...@openssh.com
 ,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,
 rijndael-...@lysator.liu.se
 debug2: kex_parse_kexinit: hmac-md5-...@openssh.com,
 hmac-sha1-...@openssh.com,umac-64-...@openssh.com,
 umac-128-...@openssh.com,hmac-sha2-256-...@openssh.com,
 hmac-sha2-512-...@openssh.com,hmac-ripemd160-...@openssh.com,
 hmac-sha1-96-...@openssh.com,hmac-md5-96-...@openssh.com
 ,hmac-md5,hmac-sha1,umac...@openssh.com,umac-...@openssh.com
 ,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd...@openssh.com
 ,hmac-sha1-96,hmac-md5-96
 debug2: kex_parse_kexinit: hmac-md5-...@openssh.com,
 hmac-sha1-...@openssh.com,umac-64-...@openssh.com,
 umac-128-...@openssh.com,hmac-sha2-256-...@openssh.com,
 hmac-sha2-512-...@openssh.com,hmac-ripemd160-...@openssh.com,
 hmac-sha1-96-...@openssh.com,hmac-md5-96-...@openssh.com
 ,hmac-md5,hmac-sha1,umac...@openssh.com,umac-...@openssh.com
 ,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd...@openssh.com
 ,hmac-sha1-96,hmac-md5-96
 debug2: kex_parse_kexinit: none,z...@openssh.com,zlib
 debug2: kex_parse_kexinit: none,z...@openssh.com,zlib
 debug2: kex_parse_kexinit:
 debug2: 

Re: [Freeipa-users] Public Key Authentication Failing + Failed to Authenticate New User with Public Key

2015-08-19 Thread Yogesh Sharma
Any suggestion please.

*Best Regards,*

*__*

*Yogesh Sharma*
*Email: yks0...@gmail.com yks0...@gmail.com | Web: www.initd.in
http://www.initd.in/ *

*RHCE, VCE-CIA, RACKSPACE CLOUD U Certified*

https://www.fb.com/yks   http://in.linkedin.com/in/yks
https://twitter.com/checkwithyogesh
http://google.com/+YogeshSharmaOnGooglePlus

On Wed, Aug 19, 2015 at 1:37 PM, Yogesh Sharma yks0...@gmail.com wrote:

 Re-Enrolling the server has fixed it, but what has caused this, is still
 an issue.

 *Best Regards,*

 *__*

 *Yogesh Sharma*
 *Email: yks0...@gmail.com yks0...@gmail.com | Web: www.initd.in
 http://www.initd.in/ *

 *RHCE, VCE-CIA, RACKSPACE CLOUD U Certified*

 https://www.fb.com/yks   http://in.linkedin.com/in/yks
 https://twitter.com/checkwithyogesh
 http://google.com/+YogeshSharmaOnGooglePlus

 On Wed, Aug 19, 2015 at 1:23 AM, Yogesh Sharma yks0...@gmail.com wrote:

 Majority of sssd logs are filled with below error:

 (Wed Aug 19 01:22:24 2015) [sssd[be[klikpay.int]]]
 [sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not parse
 domain SID from [(null)]
 (Wed Aug 19 01:22:24 2015) [sssd[be[klikpay.int]]]
 [sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not parse
 domain SID from [(null)]
 (Wed Aug 19 01:22:24 2015) [sssd[be[klikpay.int]]]
 [sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not parse
 domain SID from [(null)]


 *Best Regards,*

 *__*

 *Yogesh Sharma*
 *Email: yks0...@gmail.com yks0...@gmail.com | Web: www.initd.in
 http://www.initd.in/ *

 *RHCE, VCE-CIA, RACKSPACE CLOUD U Certified*

 https://www.fb.com/yks   http://in.linkedin.com/in/yks
 https://twitter.com/checkwithyogesh
 http://google.com/+YogeshSharmaOnGooglePlus

 On Wed, Aug 19, 2015 at 12:44 AM, Yogesh Sharma yks0...@gmail.com
 wrote:

 Team.

 We are using public key authentication instead of password. It was
 working fine but a day latter it has stopped working. The same key is
 working for if change the username.

 For eg:

 Initially we created a user - ipa1 with ssh public key, but after
 sometime it has stopped working, now the same key is working if we create
 ipa2 user but with ipa1 user it fail to accept the keys.



 Below are ssh logs of failed attempt:

 root@yogesh-ubuntu-pc:/home/yogesh# ssh -i /root/.ssh/id_rsa
 vg4381@172.16.32.24 -vv
 OpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014
 debug1: Reading configuration data /etc/ssh/ssh_config
 debug1: /etc/ssh/ssh_config line 19: Applying options for *
 debug2: ssh_connect: needpriv 0
 debug1: Connecting to 172.16.32.24 [172.16.32.24] port 22.
 debug1: Connection established.
 debug1: permanently_set_uid: 0/0
 debug1: identity file /root/.ssh/id_rsa type 1
 debug1: identity file /root/.ssh/id_rsa-cert type -1
 debug1: Enabling compatibility mode for protocol 2.0
 debug1: Local version string SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.2
 debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3
 debug1: match: OpenSSH_5.3 pat OpenSSH_5* compat 0x0c00
 debug2: fd 3 setting O_NONBLOCK
 debug1: SSH2_MSG_KEXINIT sent
 debug1: SSH2_MSG_KEXINIT received
 debug2: kex_parse_kexinit: curve25519-sha...@libssh.org
 ,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
 debug2: kex_parse_kexinit: ssh-rsa-cert-...@openssh.com,
 ssh-rsa-cert-...@openssh.com,ssh-rsa,
 ecdsa-sha2-nistp256-cert-...@openssh.com,
 ecdsa-sha2-nistp384-cert-...@openssh.com,
 ecdsa-sha2-nistp521-cert-...@openssh.com,
 ssh-ed25519-cert-...@openssh.com,ssh-dss-cert-...@openssh.com,
 ssh-dss-cert-...@openssh.com
 ,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,ssh-dss
 debug2: kex_parse_kexinit:
 aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,
 aes128-...@openssh.com,aes256-...@openssh.com,
 chacha20-poly1...@openssh.com
 ,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,
 rijndael-...@lysator.liu.se
 debug2: kex_parse_kexinit:
 aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,
 aes128-...@openssh.com,aes256-...@openssh.com,
 chacha20-poly1...@openssh.com
 ,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,
 rijndael-...@lysator.liu.se
 debug2: kex_parse_kexinit: hmac-md5-...@openssh.com,
 hmac-sha1-...@openssh.com,umac-64-...@openssh.com,
 umac-128-...@openssh.com,hmac-sha2-256-...@openssh.com,
 hmac-sha2-512-...@openssh.com,hmac-ripemd160-...@openssh.com,
 hmac-sha1-96-...@openssh.com,hmac-md5-96-...@openssh.com
 ,hmac-md5,hmac-sha1,umac...@openssh.com,umac-...@openssh.com
 ,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd...@openssh.com
 ,hmac-sha1-96,hmac-md5-96
 debug2: kex_parse_kexinit: hmac-md5-...@openssh.com,
 hmac-sha1-...@openssh.com,umac-64-...@openssh.com,
 

Re: [Freeipa-users] Public Key Authentication Failing

2015-08-18 Thread Yogesh Sharma
Majority of sssd logs are filled with below error:

(Wed Aug 19 01:22:24 2015) [sssd[be[klikpay.int]]]
[sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not parse
domain SID from [(null)]
(Wed Aug 19 01:22:24 2015) [sssd[be[klikpay.int]]]
[sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not parse
domain SID from [(null)]
(Wed Aug 19 01:22:24 2015) [sssd[be[klikpay.int]]]
[sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not parse
domain SID from [(null)]


*Best Regards,*

*__*

*Yogesh Sharma*
*Email: yks0...@gmail.com yks0...@gmail.com | Web: www.initd.in
http://www.initd.in/ *

*RHCE, VCE-CIA, RACKSPACE CLOUD U Certified*

https://www.fb.com/yks   http://in.linkedin.com/in/yks
https://twitter.com/checkwithyogesh
http://google.com/+YogeshSharmaOnGooglePlus

On Wed, Aug 19, 2015 at 12:44 AM, Yogesh Sharma yks0...@gmail.com wrote:

 Team.

 We are using public key authentication instead of password. It was working
 fine but a day latter it has stopped working. The same key is working for
 if change the username.

 For eg:

 Initially we created a user - ipa1 with ssh public key, but after sometime
 it has stopped working, now the same key is working if we create ipa2 user
 but with ipa1 user it fail to accept the keys.



 Below are ssh logs of failed attempt:

 root@yogesh-ubuntu-pc:/home/yogesh# ssh -i /root/.ssh/id_rsa
 vg4381@172.16.32.24 -vv
 OpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014
 debug1: Reading configuration data /etc/ssh/ssh_config
 debug1: /etc/ssh/ssh_config line 19: Applying options for *
 debug2: ssh_connect: needpriv 0
 debug1: Connecting to 172.16.32.24 [172.16.32.24] port 22.
 debug1: Connection established.
 debug1: permanently_set_uid: 0/0
 debug1: identity file /root/.ssh/id_rsa type 1
 debug1: identity file /root/.ssh/id_rsa-cert type -1
 debug1: Enabling compatibility mode for protocol 2.0
 debug1: Local version string SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.2
 debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3
 debug1: match: OpenSSH_5.3 pat OpenSSH_5* compat 0x0c00
 debug2: fd 3 setting O_NONBLOCK
 debug1: SSH2_MSG_KEXINIT sent
 debug1: SSH2_MSG_KEXINIT received
 debug2: kex_parse_kexinit: curve25519-sha...@libssh.org
 ,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
 debug2: kex_parse_kexinit: ssh-rsa-cert-...@openssh.com,
 ssh-rsa-cert-...@openssh.com,ssh-rsa,
 ecdsa-sha2-nistp256-cert-...@openssh.com,
 ecdsa-sha2-nistp384-cert-...@openssh.com,
 ecdsa-sha2-nistp521-cert-...@openssh.com,ssh-ed25519-cert-...@openssh.com,
 ssh-dss-cert-...@openssh.com,ssh-dss-cert-...@openssh.com
 ,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,ssh-dss
 debug2: kex_parse_kexinit:
 aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,
 aes128-...@openssh.com,aes256-...@openssh.com,
 chacha20-poly1...@openssh.com
 ,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,
 rijndael-...@lysator.liu.se
 debug2: kex_parse_kexinit:
 aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,
 aes128-...@openssh.com,aes256-...@openssh.com,
 chacha20-poly1...@openssh.com
 ,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,
 rijndael-...@lysator.liu.se
 debug2: kex_parse_kexinit: hmac-md5-...@openssh.com,
 hmac-sha1-...@openssh.com,umac-64-...@openssh.com,umac-128-...@openssh.com
 ,hmac-sha2-256-...@openssh.com,hmac-sha2-512-...@openssh.com,
 hmac-ripemd160-...@openssh.com,hmac-sha1-96-...@openssh.com,
 hmac-md5-96-...@openssh.com,hmac-md5,hmac-sha1,umac...@openssh.com,
 umac-...@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,
 hmac-ripemd...@openssh.com,hmac-sha1-96,hmac-md5-96
 debug2: kex_parse_kexinit: hmac-md5-...@openssh.com,
 hmac-sha1-...@openssh.com,umac-64-...@openssh.com,umac-128-...@openssh.com
 ,hmac-sha2-256-...@openssh.com,hmac-sha2-512-...@openssh.com,
 hmac-ripemd160-...@openssh.com,hmac-sha1-96-...@openssh.com,
 hmac-md5-96-...@openssh.com,hmac-md5,hmac-sha1,umac...@openssh.com,
 umac-...@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,
 hmac-ripemd...@openssh.com,hmac-sha1-96,hmac-md5-96
 debug2: kex_parse_kexinit: none,z...@openssh.com,zlib
 debug2: kex_parse_kexinit: none,z...@openssh.com,zlib
 debug2: kex_parse_kexinit:
 debug2: kex_parse_kexinit:
 debug2: kex_parse_kexinit: first_kex_follows 0
 debug2: kex_parse_kexinit: reserved 0
 debug2: kex_parse_kexinit:
 diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
 debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
 debug2: kex_parse_kexinit:
 aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,
 rijndael-...@lysator.liu.se
 debug2: kex_parse_kexinit: