On 03 Jul 2014, at 16:56, Johannes Ramm-Ericson <[email protected]> wrote:
> Hi, > > Apologies for any naively stated questions but I am having trouble getting > SSSD, Active Directory and SSH to interact as I expect on an Ubuntu 14.04 > server. To be quite honest; I am not even certain that SSSD is the problem > anymore since I seem to have successfully authenticated, it's just that my > SSH session is interrupted with : > > > johannes@laplnxjohannes:~$ ssh johannes@bifrost-test > Password: > Write failed: Broken pipe > > > Extract from /var/log/auth.log > ------------------------------------------ > Jul 3 14:49:58 bifrost-test sshd[10281]: pam_sss(sshd:auth): authentication > success; logname= uid=0 euid=0 tty=ssh ruser= rhost=lichen user=johannes Here it seems SSSD has done its job and returned authentication success to the PAM subsystem. > Jul 3 14:49:58 bifrost-test sshd[10279]: Accepted keyboard-interactive/pam > for johannes from 192.168.120.12 port 35886 ssh2 > Jul 3 14:49:58 bifrost-test sshd[10279]: fatal: PAM: pam_setcred(): Failure > setting user credentials This seems to be the problem. Did you try increasing the log level of the SSHD (not SSSD :-)) and checking out the logs? Is there anything in the syslog (which would be stored either in the journal or /var/log/messages on Fedora, I’m not so sure about Ubuntu) > > My /etc/nsswitch.conf > -------------------------------- > passwd: files sss > group: files sss > shadow: files sss > > hosts: files dns > networks: files > > protocols: db files > services: db files > ethers: db files > rpc: db files > > netgroup: nis > sudoers: files > > /etc/pam.d/common-session: > ------------------------------------------ > session [default=1] pam_permit.so > # here's the fallback if no module succeeds > session requisite pam_deny.so > # prime the stack with a positive return value if there isn't one already; > # this avoids us returning an error just because nothing sets a success code > # since the modules above will each just jump around > session required pam_permit.so > # The pam_umask module will set the umask according to the system default in > # /etc/login.defs and user settings, solving the problem of different > # umask settings with different shells, display managers, remote sessions etc. > # See "man pam_umask". > session optional pam_umask.so > # and here are more per-package modules (the "Additional" block) > session required pam_unix.so > session optional pam_sss.so > # end of pam-auth-update config > > root@bifrost-test:/var/log/sssd# apt-cache policy sssd > sssd: > Installed: 1.11.5-1ubuntu3 > > > I have done my share of googling and only ended up with some very old - > seemingly, irrelevant to my problem - page hits. > So, I've turned to this mailing list in hope of finding someone who may have > encountered similar issues. Any ideas or suggestions? > > Thanks and Best Regards, > Johannes > > _______________________________________________ > sssd-users mailing list > [email protected] > https://lists.fedorahosted.org/mailman/listinfo/sssd-users _______________________________________________ sssd-users mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/sssd-users
