[SSSD] Unable to login with SSH

supertwisters Mon, 05 Dec 2016 06:45:05 -0800

I'm trying to connect my server to a LDAP server. I get a correct answer after 
using *id* and *ldapsearch* commands. However, i still not able to login with 
SSH.


I can see on sssd_LDAP.log file that the server has received the request to 
login with the user (myuser), but the request was rejected. 

    tail -f /var/log/sssd/sssd_LDAP.log

(Mon Dec  5 12:39:48 2016) [sssd[be[LDAP]]] [be_get_account_info] (0x0200): Got 
request for [0x1001][FAST BE_REQ_USER][1][name=omri_w]
(Mon Dec  5 12:39:48 2016) [sssd[be[LDAP]]] [fo_resolve_service_send] (0x0100): 
Trying to resolve service 'LDAP'
(Mon Dec  5 12:39:48 2016) [sssd[be[LDAP]]] [get_server_status] (0x0100): 
Hostname resolution expired, resetting the server status of 
'ldap21v.walla.co.il'
(Mon Dec  5 12:39:48 2016) [sssd[be[LDAP]]] [set_server_common_status] 
(0x0100): Marking server 'ldap21v.walla.co.il' as 'name not resolved'
(Mon Dec  5 12:39:48 2016) [sssd[be[LDAP]]] [resolv_gethostbyname_files_send] 
(0x0100): Trying to resolve A record of 'ldap21v.walla.co.il' in files
(Mon Dec  5 12:39:48 2016) [sssd[be[LDAP]]] [set_server_common_status] 
(0x0100): Marking server 'ldap21v.walla.co.il' as 'resolving name'
(Mon Dec  5 12:39:48 2016) [sssd[be[LDAP]]] [resolv_gethostbyname_files_send] 
(0x0100): Trying to resolve AAAA record of 'ldap21v.walla.co.il' in files
(Mon Dec  5 12:39:48 2016) [sssd[be[LDAP]]] [resolv_gethostbyname_next] 
(0x0200): No more address families to retry
(Mon Dec  5 12:39:48 2016) [sssd[be[LDAP]]] [resolv_gethostbyname_dns_query] 
(0x0100): Trying to resolve A record of 'ldap21v.walla.co.il' in DNS
(Mon Dec  5 12:39:48 2016) [sssd[be[LDAP]]] [set_server_common_status] 
(0x0100): Marking server 'ldap21v.walla.co.il' as 'name resolved'
(Mon Dec  5 12:39:48 2016) [sssd[be[LDAP]]] [be_resolve_server_process] 
(0x0200): Found address for server ldap21v.walla.co.il: [192.168.50.21] TTL 600
(Mon Dec  5 12:39:48 2016) [sssd[be[LDAP]]] [sdap_get_server_opts_from_rootdse] 
(0x0020): ldap_rootdse_last_usn configured but not found in rootdse!
(Mon Dec  5 12:39:48 2016) [sssd[be[LDAP]]] [sdap_cli_auth_step] (0x0100): 
expire timeout is 900
(Mon Dec  5 12:39:48 2016) [sssd[be[LDAP]]] [fo_set_port_status] (0x0100): 
Marking port 389 of server 'ldap21v.walla.co.il' as 'working'
(Mon Dec  5 12:39:48 2016) [sssd[be[LDAP]]] [set_server_common_status] 
(0x0100): Marking server 'ldap21v.walla.co.il' as 'working'
(Mon Dec  5 12:39:48 2016) [sssd[be[LDAP]]] [acctinfo_callback] (0x0100): 
Request processed. Returned 0,0,Success (Success)
(Mon Dec  5 12:39:48 2016) [sssd[be[LDAP]]] [be_get_account_info] (0x0200): Got 
request for [0x1003][FAST BE_REQ_INITGROUPS][1][name=myuser]
(Mon Dec  5 12:39:48 2016) [sssd[be[LDAP]]] [sdap_initgr_nested_send] (0x0100): 
User entry lacks original memberof ?
(Mon Dec  5 12:39:48 2016) [sssd[be[LDAP]]] [acctinfo_callback] (0x0100): 
Request processed. Returned 0,0,Success (Success)
(Mon Dec  5 12:39:48 2016) [sssd[be[LDAP]]] [be_get_account_info] (0x0200): Got 
request for [0x3][BE_REQ_INITGROUPS][1][name=myuser]
(Mon Dec  5 12:39:48 2016) [sssd[be[LDAP]]] [sdap_initgr_nested_send] (0x0100): 
User entry lacks original memberof ?
(Mon Dec  5 12:39:48 2016) [sssd[be[LDAP]]] [acctinfo_callback] (0x0100): 
Request processed. Returned 0,0,Success (Success)
(Mon Dec  5 12:39:48 2016) [sssd[be[LDAP]]] [be_pam_handler] (0x0100): Got 
request with the following data
(Mon Dec  5 12:39:48 2016) [sssd[be[LDAP]]] [pam_print_data] (0x0100): command: 
SSS_PAM_AUTHENTICATE
(Mon Dec  5 12:39:48 2016) [sssd[be[LDAP]]] [pam_print_data] (0x0100): domain: 
LDAP
(Mon Dec  5 12:39:48 2016) [sssd[be[LDAP]]] [pam_print_data] (0x0100): user: 
myuser
(Mon Dec  5 12:39:48 2016) [sssd[be[LDAP]]] [pam_print_data] (0x0100): service: 
sshd
(Mon Dec  5 12:39:48 2016) [sssd[be[LDAP]]] [pam_print_data] (0x0100): tty: ssh
(Mon Dec  5 12:39:48 2016) [sssd[be[LDAP]]] [pam_print_data] (0x0100): ruser: 
(Mon Dec  5 12:39:48 2016) [sssd[be[LDAP]]] [pam_print_data] (0x0100): rhost: 
192.118.68.5
(Mon Dec  5 12:39:48 2016) [sssd[be[LDAP]]] [pam_print_data] (0x0100): authtok 
type: 0
(Mon Dec  5 12:39:48 2016) [sssd[be[LDAP]]] [pam_print_data] (0x0100): 
newauthtok type: 0
(Mon Dec  5 12:39:48 2016) [sssd[be[LDAP]]] [pam_print_data] (0x0100): priv: 1
(Mon Dec  5 12:39:48 2016) [sssd[be[LDAP]]] [pam_print_data] (0x0100): cli_pid: 
2208
(Mon Dec  5 12:39:48 2016) [sssd[be[LDAP]]] [pam_print_data] (0x0100): logon 
name: not set
(Mon Dec  5 12:39:48 2016) [sssd[be[LDAP]]] [be_pam_handler_callback] (0x0100): 
Backend returned: (0, 7, <NULL>) [Success (Authentication failure)]
(Mon Dec  5 12:39:48 2016) [sssd[be[LDAP]]] [be_pam_handler_callback] (0x0100): 
Sending result [7][LDAP]
(Mon Dec  5 12:39:48 2016) [sssd[be[LDAP]]] [be_pam_handler_callback] (0x0100): 
Sent result [7][LDAP]

Does anyone know what is the issue?
_______________________________________________
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] Unable to login with SSH

Reply via email to