On ke, 07 marras 2018, Alfredo De Luca via FreeIPA-users wrote:
Hi all. I wonder who and how this is been resolved?
I have centos 7 where an sftp server is running. Authentication is with
freeIPA 4.5.4.
all the users connect to the sftp server normally but when there are
multiple connections randomly I got this error
Nov 7 08:30:09 sftp sshd[23487]: pam_sss(sshd:account): Access denied for
user nifi_sftp: 4 (System error)
Not sure why. The same user doesn't have any issue connecting manually but
when different connections from 3 nodes (running a open source sftp client
called NIFI from
apache.org) I got that error.
I have to say that I tried to reproduce with a script running multiple
connections at the same time and I get the same errors. If I use
controlmaster mechanism on ssh client I dont' get the error at all.
Any idea?
Use sssd debugging to demonstrate why pam_sss is denying access.
https://docs.pagure.org/SSSD.sssd/users/troubleshooting.html
You'd need logs from the sssd_<domain>.log and sssd_pam.log related to
the time when there is an attempt to connect with NIFI. Use
debug_level=9 in domain and pam sections to show all logs and provide
them somewhere we can look up.
--
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland