On Mon, Mar 31, 2014 at 11:05:18PM +, Todd Maugh wrote:
[root@black-62 sssd]# tail -f sssd_ops.boingo.com.log
(Mon Mar 31 22:58:01 2014) [sssd[be[ops.boingo.com]]]
[be_resolve_server_done] (4): Found address for server
idm-master-els.ops.boingo.com: [172.22.170.46] TTL 7200
(Mon Mar
I set my debug level to 5 and these were the messages I got. I checked the
sshd_config and it seems to be using gsapi what lines should be uncommented or
entered or set to true or yes for Pam. I tried the one pam line I saw to true.
But it made no difference
-Original Message-
From:
I am seeing this error in /var/log/secure
[r...@black-64.qa ~]# tail /var/log/secure
Apr 1 17:54:05 black-64 sshd[3649]: pam_sss(sshd:auth): authentication
failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.194.1.250 user=tmaugh
Apr 1 17:54:05 black-64 sshd[3649]: pam_sss(sshd:auth):
here is my sssd.conf
[r...@black-64.qa ~]# cat /etc/sssd/sssd.conf
[sssd]
config_file_version = 2
services = nss, pam
# SSSD will not start if you do not configure any domains.
# Add new domain configurations as [domain/NAME] sections, and
# then add the list of domains (in the order you want
On Tue, Apr 01, 2014 at 05:58:00PM +, Todd Maugh wrote:
I am seeing this error in /var/log/secure
[r...@black-64.qa ~]# tail /var/log/secure
Apr 1 17:54:05 black-64 sshd[3649]: pam_sss(sshd:auth): authentication
failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.194.1.250
/var/log/sssd/krb5_child.log is empty
here is the sssd domain logsssd_ops.boingo.com.log
97][1][name=tmp.UiK3X6]
(Tue Apr 1 19:28:01 2014) [sssd[be[ops.boingo.com]]] [acctinfo_callback] (4):
Request processed. Returned 0,0,Success
(Tue Apr 1 19:29:01 2014) [sssd[be[ops.boingo.com]]]
Ok so On 2 of the servers I found that UsePAM was not even in the sshd_conf
when I put that in I was fine
but 3 other servers that have it in the sshd_conf are exhibiting the password
not accepted error
then I went and cleared the sssd cache and IM back in business
thank you for the help
Todd Maugh wrote:
Hi,
I have a rhel5 client I had problems with my IPA environment and had to
rebuild
I’m on the latest version of IPA with a red hat 6 server
I successfully enrolled the client to the new server (same domain, same
realm) I had removed all old certs, sysrestores, and
HBAC rules are set to allow_all enabled
-Original Message-
From: Rob Crittenden [mailto:rcrit...@redhat.com]
Sent: Monday, March 31, 2014 3:44 PM
To: Todd Maugh; freeipa-users@redhat.com
Subject: Re: [Freeipa-users] uninstalled IPA client and reinstalled and
enrolled to new server cant
Todd Maugh wrote:
HBAC rules are set to allow_all enabled
Ok. I'd start with increasing the sssd log level and see what it says.
I gather that basic nss works since you can kinit as other users.
You may want to check for SELinux AVCs as well.
rob
-Original Message-
From: Rob
[root@black-62 sssd]# tail -f sssd_ops.boingo.com.log
(Mon Mar 31 22:58:01 2014) [sssd[be[ops.boingo.com]]] [be_resolve_server_done]
(4): Found address for server idm-master-els.ops.boingo.com: [172.22.170.46]
TTL 7200
(Mon Mar 31 22:58:01 2014) [sssd[be[ops.boingo.com]]] [sasl_bind_send] (4):
On 03/31/2014 07:05 PM, Todd Maugh wrote:
[root@black-62 sssd]# tail -f sssd_ops.boingo.com.log
(Mon Mar 31 22:58:01 2014) [sssd[be[ops.boingo.com]]] [be_resolve_server_done]
(4): Found address for server idm-master-els.ops.boingo.com: [172.22.170.46]
TTL 7200
(Mon Mar 31 22:58:01 2014)
12 matches
Mail list logo
