On (25/08/16 16:35), [email protected] wrote: >I'm using sssd 1.11.7 in a jail on freebsd 10.2. and seeing an odd failure. >sssd is configured for nss, and pam both against an openldap server. Nss seems >to work as evidenced by various getent calls. > > >When I ssh to the jail as an ldap user the authentication fails with return >code 9: > >(Thu Aug 25 10:55:52 2016) [sssd[pam]] [pam_print_data] (0x0100): command: >PAM_AUTHENTICATE >(Thu Aug 25 10:55:52 2016) [sssd[pam]] [pam_print_data] (0x0100): domain: >default >(Thu Aug 25 10:55:52 2016) [sssd[pam]] [pam_print_data] (0x0100): user: myuser >(Thu Aug 25 10:55:52 2016) [sssd[pam]] [pam_print_data] (0x0100): service: sshd >(Thu Aug 25 10:55:52 2016) [sssd[pam]] [pam_print_data] (0x0100): tty: not set >(Thu Aug 25 10:55:52 2016) [sssd[pam]] [pam_print_data] (0x0100): ruser: not >set >(Thu Aug 25 10:55:52 2016) [sssd[pam]] [pam_print_data] (0x0100): rhost: >host.edu >(Thu Aug 25 10:55:52 2016) [sssd[pam]] [pam_print_data] (0x0100): authtok >type: 1 >(Thu Aug 25 10:55:52 2016) [sssd[pam]] [pam_print_data] (0x0100): newauthtok >type: 0 >(Thu Aug 25 10:55:52 2016) [sssd[pam]] [pam_print_data] (0x0100): priv: 1 >(Thu Aug 25 10:55:52 2016) [sssd[pam]] [pam_print_data] (0x0100): cli_pid: >65873 >(Thu Aug 25 10:55:52 2016) [sssd[pam]] [pam_dom_forwarder] (0x0100): >pam_dp_send_req returned 0 >(Thu Aug 25 10:55:52 2016) [sssd[pam]] [pam_dp_process_reply] (0x0100): >received: [9][default] >(Thu Aug 25 10:55:52 2016) [sssd[pam]] [pam_reply] (0x0200): pam_reply called >with result [9]. >(Thu Aug 25 10:55:52 2016) [sssd[pam]] [pam_reply] (0x0200): blen: 24 >(Thu Aug 25 10:55:52 2016) [sssd[pam]] [client_recv] (0x0200): Client >disconnected! > pam error code 9 is PAM_AUTH_ERROR. Which does not say a lot.
Could you provide a ssds log file from domain (and not just from pam responder) Please use full debug level "0xfff0" in domain section of sssd.conf LS _______________________________________________ sssd-users mailing list [email protected] https://lists.fedorahosted.org/admin/lists/[email protected]
