I'm trying to connect my server to a LDAP server. I get a correct answer after using *id* and *ldapsearch* commands. However, i still not able to login with SSH.
I can see on sssd_LDAP.log file that the server has received the request to login with the user (myuser), but the request was rejected. tail -f /var/log/sssd/sssd_LDAP.log (Mon Dec 5 12:39:48 2016) [sssd[be[LDAP]]] [be_get_account_info] (0x0200): Got request for [0x1001][FAST BE_REQ_USER][1][name=omri_w] (Mon Dec 5 12:39:48 2016) [sssd[be[LDAP]]] [fo_resolve_service_send] (0x0100): Trying to resolve service 'LDAP' (Mon Dec 5 12:39:48 2016) [sssd[be[LDAP]]] [get_server_status] (0x0100): Hostname resolution expired, resetting the server status of 'ldap21v.walla.co.il' (Mon Dec 5 12:39:48 2016) [sssd[be[LDAP]]] [set_server_common_status] (0x0100): Marking server 'ldap21v.walla.co.il' as 'name not resolved' (Mon Dec 5 12:39:48 2016) [sssd[be[LDAP]]] [resolv_gethostbyname_files_send] (0x0100): Trying to resolve A record of 'ldap21v.walla.co.il' in files (Mon Dec 5 12:39:48 2016) [sssd[be[LDAP]]] [set_server_common_status] (0x0100): Marking server 'ldap21v.walla.co.il' as 'resolving name' (Mon Dec 5 12:39:48 2016) [sssd[be[LDAP]]] [resolv_gethostbyname_files_send] (0x0100): Trying to resolve AAAA record of 'ldap21v.walla.co.il' in files (Mon Dec 5 12:39:48 2016) [sssd[be[LDAP]]] [resolv_gethostbyname_next] (0x0200): No more address families to retry (Mon Dec 5 12:39:48 2016) [sssd[be[LDAP]]] [resolv_gethostbyname_dns_query] (0x0100): Trying to resolve A record of 'ldap21v.walla.co.il' in DNS (Mon Dec 5 12:39:48 2016) [sssd[be[LDAP]]] [set_server_common_status] (0x0100): Marking server 'ldap21v.walla.co.il' as 'name resolved' (Mon Dec 5 12:39:48 2016) [sssd[be[LDAP]]] [be_resolve_server_process] (0x0200): Found address for server ldap21v.walla.co.il: [192.168.50.21] TTL 600 (Mon Dec 5 12:39:48 2016) [sssd[be[LDAP]]] [sdap_get_server_opts_from_rootdse] (0x0020): ldap_rootdse_last_usn configured but not found in rootdse! (Mon Dec 5 12:39:48 2016) [sssd[be[LDAP]]] [sdap_cli_auth_step] (0x0100): expire timeout is 900 (Mon Dec 5 12:39:48 2016) [sssd[be[LDAP]]] [fo_set_port_status] (0x0100): Marking port 389 of server 'ldap21v.walla.co.il' as 'working' (Mon Dec 5 12:39:48 2016) [sssd[be[LDAP]]] [set_server_common_status] (0x0100): Marking server 'ldap21v.walla.co.il' as 'working' (Mon Dec 5 12:39:48 2016) [sssd[be[LDAP]]] [acctinfo_callback] (0x0100): Request processed. Returned 0,0,Success (Success) (Mon Dec 5 12:39:48 2016) [sssd[be[LDAP]]] [be_get_account_info] (0x0200): Got request for [0x1003][FAST BE_REQ_INITGROUPS][1][name=myuser] (Mon Dec 5 12:39:48 2016) [sssd[be[LDAP]]] [sdap_initgr_nested_send] (0x0100): User entry lacks original memberof ? (Mon Dec 5 12:39:48 2016) [sssd[be[LDAP]]] [acctinfo_callback] (0x0100): Request processed. Returned 0,0,Success (Success) (Mon Dec 5 12:39:48 2016) [sssd[be[LDAP]]] [be_get_account_info] (0x0200): Got request for [0x3][BE_REQ_INITGROUPS][1][name=myuser] (Mon Dec 5 12:39:48 2016) [sssd[be[LDAP]]] [sdap_initgr_nested_send] (0x0100): User entry lacks original memberof ? (Mon Dec 5 12:39:48 2016) [sssd[be[LDAP]]] [acctinfo_callback] (0x0100): Request processed. Returned 0,0,Success (Success) (Mon Dec 5 12:39:48 2016) [sssd[be[LDAP]]] [be_pam_handler] (0x0100): Got request with the following data (Mon Dec 5 12:39:48 2016) [sssd[be[LDAP]]] [pam_print_data] (0x0100): command: SSS_PAM_AUTHENTICATE (Mon Dec 5 12:39:48 2016) [sssd[be[LDAP]]] [pam_print_data] (0x0100): domain: LDAP (Mon Dec 5 12:39:48 2016) [sssd[be[LDAP]]] [pam_print_data] (0x0100): user: myuser (Mon Dec 5 12:39:48 2016) [sssd[be[LDAP]]] [pam_print_data] (0x0100): service: sshd (Mon Dec 5 12:39:48 2016) [sssd[be[LDAP]]] [pam_print_data] (0x0100): tty: ssh (Mon Dec 5 12:39:48 2016) [sssd[be[LDAP]]] [pam_print_data] (0x0100): ruser: (Mon Dec 5 12:39:48 2016) [sssd[be[LDAP]]] [pam_print_data] (0x0100): rhost: 192.118.68.5 (Mon Dec 5 12:39:48 2016) [sssd[be[LDAP]]] [pam_print_data] (0x0100): authtok type: 0 (Mon Dec 5 12:39:48 2016) [sssd[be[LDAP]]] [pam_print_data] (0x0100): newauthtok type: 0 (Mon Dec 5 12:39:48 2016) [sssd[be[LDAP]]] [pam_print_data] (0x0100): priv: 1 (Mon Dec 5 12:39:48 2016) [sssd[be[LDAP]]] [pam_print_data] (0x0100): cli_pid: 2208 (Mon Dec 5 12:39:48 2016) [sssd[be[LDAP]]] [pam_print_data] (0x0100): logon name: not set (Mon Dec 5 12:39:48 2016) [sssd[be[LDAP]]] [be_pam_handler_callback] (0x0100): Backend returned: (0, 7, <NULL>) [Success (Authentication failure)] (Mon Dec 5 12:39:48 2016) [sssd[be[LDAP]]] [be_pam_handler_callback] (0x0100): Sending result [7][LDAP] (Mon Dec 5 12:39:48 2016) [sssd[be[LDAP]]] [be_pam_handler_callback] (0x0100): Sent result [7][LDAP] Does anyone know what is the issue? _______________________________________________ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org