Hi guys.
This have puzzled my and left clueless. It's a fresh new deployment and still only single master. Very first & only user and I cannot 'ssh' with password - but krb ticket I can obtain and 'ssh' with it successfully.
ssh logs: .. pam_sss(sshd:auth): received for user bs58: 7 (Authentication failure) ..
with in: /etc/sssd/sssd.conf [pam] debug_level=9
only fail/error/warn in sssd_pam.log is: .. (2022-01-16 12:20:18): [pam] [pam_print_data] (0x0100): [CID #6] service: sshd (2022-01-16 12:20:18): [pam] [pam_print_data] (0x0100): [CID #6] tty: ssh (2022-01-16 12:20:18): [pam] [pam_print_data] (0x0100): [CID #6] ruser: not set (2022-01-16 12:20:18): [pam] [pam_print_data] (0x0100): [CID #6] rhost: 10.0.0.16 (2022-01-16 12:20:18): [pam] [pam_print_data] (0x0100): [CID #6] authtok type: 1 (Password) (2022-01-16 12:20:18): [pam] [pam_print_data] (0x0100): [CID #6] newauthtok type: 0 (No authentication token available) (2022-01-16 12:20:18): [pam] [pam_print_data] (0x0100): [CID #6] priv: 1 (2022-01-16 12:20:18): [pam] [pam_print_data] (0x0100): [CID #6] cli_pid: 25363 (2022-01-16 12:20:18): [pam] [pam_print_data] (0x0100): [CID #6] logon name: bs583 (2022-01-16 12:20:18): [pam] [pam_print_data] (0x0100): [CID #6] flags: 2 (2022-01-16 12:20:18): [pam] [pam_dom_forwarder] (0x0100): pam_dp_send_req returned 0 (2022-01-16 12:20:18): [pam] [sbus_dispatch] (0x4000): Dispatching. (2022-01-16 12:20:18): [pam] [pam_dp_send_req_done] (0x0200): received: [7 (Authentication failure)][ccn.private.com][CID #6] (2022-01-16 12:20:18): [pam] [pam_reply] (0x4000): pam_reply initially called with result [7]: Authentication failure. this result might be changed during processing (2022-01-16 12:20:18): [pam] [pam_reply] (0x0200): blen: 43 (2022-01-16 12:20:18): [pam] [pam_reply] (0x0200): Returning [7]: Authentication failure to the client [CID #6] (2022-01-16 12:20:20): [pam] [client_recv] (0x0200): Client disconnected! ...
It's on Centos 8 with: ipa-server-4.9.6-10.module_el8.5.0+1055+c415bbe9.x86_64 sssd-ipa-2.5.2-2.el8_5.3.x86_64 krb5-libs-1.18.2-14.el8.x86_64
I've tried higher 'debug_level' for other bits in '/etc/sssd/sssd.conf' but there it nothing 'abnormal' there - or I've gone blind.
All & any suggestions on how to troubleshoot/fix this very much appreciated. many thanks, L.
Am Sun, Jan 16, 2022 at 12:50:28PM +0000 schrieb lejeczek via FreeIPA-users:
Hi guys.
This have puzzled my and left clueless. It's a fresh new deployment and still only single master. Very first & only user and I cannot 'ssh' with password - but krb ticket I can obtain and 'ssh' with it successfully.
ssh logs: .. pam_sss(sshd:auth): received for user bs58: 7 (Authentication failure) ..
with in: /etc/sssd/sssd.conf [pam] debug_level=9
only fail/error/warn in sssd_pam.log is: .. (2022-01-16 12:20:18): [pam] [pam_print_data] (0x0100): [CID #6] service: sshd (2022-01-16 12:20:18): [pam] [pam_print_data] (0x0100): [CID #6] tty: ssh (2022-01-16 12:20:18): [pam] [pam_print_data] (0x0100): [CID #6] ruser: not set (2022-01-16 12:20:18): [pam] [pam_print_data] (0x0100): [CID #6] rhost: 10.0.0.16 (2022-01-16 12:20:18): [pam] [pam_print_data] (0x0100): [CID #6] authtok type: 1 (Password) (2022-01-16 12:20:18): [pam] [pam_print_data] (0x0100): [CID #6] newauthtok type: 0 (No authentication token available) (2022-01-16 12:20:18): [pam] [pam_print_data] (0x0100): [CID #6] priv: 1 (2022-01-16 12:20:18): [pam] [pam_print_data] (0x0100): [CID #6] cli_pid: 25363 (2022-01-16 12:20:18): [pam] [pam_print_data] (0x0100): [CID #6] logon name: bs583 (2022-01-16 12:20:18): [pam] [pam_print_data] (0x0100): [CID #6] flags: 2 (2022-01-16 12:20:18): [pam] [pam_dom_forwarder] (0x0100): pam_dp_send_req returned 0 (2022-01-16 12:20:18): [pam] [sbus_dispatch] (0x4000): Dispatching. (2022-01-16 12:20:18): [pam] [pam_dp_send_req_done] (0x0200): received: [7 (Authentication failure)][ccn.private.com][CID #6] (2022-01-16 12:20:18): [pam] [pam_reply] (0x4000): pam_reply initially called with result [7]: Authentication failure. this result might be changed during processing
Hi,
the above error is coming from the SSSD backend, please add 'debug_level=9' to the [domain/...] section in sssd.conf as well, restart SSSD and check the domain log file and krb5_child.log.
HTH
bye, Sumit
(2022-01-16 12:20:18): [pam] [pam_reply] (0x0200): blen: 43 (2022-01-16 12:20:18): [pam] [pam_reply] (0x0200): Returning [7]: Authentication failure to the client [CID #6] (2022-01-16 12:20:20): [pam] [client_recv] (0x0200): Client disconnected! ...
It's on Centos 8 with: ipa-server-4.9.6-10.module_el8.5.0+1055+c415bbe9.x86_64 sssd-ipa-2.5.2-2.el8_5.3.x86_64 krb5-libs-1.18.2-14.el8.x86_64
I've tried higher 'debug_level' for other bits in '/etc/sssd/sssd.conf' but there it nothing 'abnormal' there - or I've gone blind.
All & any suggestions on how to troubleshoot/fix this very much appreciated. many thanks, L. _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste... Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
freeipa-users@lists.fedorahosted.org
-
lejeczek -
Sumit Bose