Hi guys
I have a fresh re/deployment and users cannot ssh with
passwords.
Snippets of some logs.
...
(2021-03-12 23:16:00): [be[priv.my.dom.private]]
[remove_tree_with_ctx] (0x0020): Cannot open
/var/lib/sss/deskprofile/priv.my.dom.private/me: [2]: No
such file or directory
(2021-03-12 23:16:00): [be[priv.my.dom.private]]
[remove_tree_with_ctx] (0x0020): Cannot open
/var/lib/sss/deskprofile/priv.my.dom.private/me: [2]: No
such file or directory
(2021-03-12 23:18:33): [be[priv.my.dom.private]]
[krb5_auth_send] (0x0020): Illegal empty authtok for user
[me(a)priv.my.dom.private]
(2021-03-12 23:27:56): [be[priv.my.dom.private]]
[krb5_auth_send] (0x0020): Illegal empty authtok for user
[me(a)priv.my.dom.private]
(2021-03-13 3:10:50): [be[priv.my.dom.private]]
[sysdb_range_create] (0x0040): Invalid range, skipping.
Expected that either the secondary base RID or the SID of
the trusted domain is set, but not both or none of them.
(2021-03-13 7:10:50): [be[priv.my.dom.private]]
[sysdb_range_create] (0x0040): Invalid range, skipping.
Expected that either the secondary base RID or the SID of
the trusted domain is set, but not both or none of them.
(2021-03-13 9:08:25): [be[priv.my.dom.private]]
[krb5_auth_send] (0x0020): Illegal empty authtok for user
[me(a)priv.my.dom.private]
(2021-03-13 9:28:16): [be[priv.my.dom.private]]
[krb5_auth_send] (0x0020): Illegal empty authtok for user
[me(a)priv.my.dom.private]
..
of krb5_child.log
..
ailed]
(2021-03-13 9:27:42): [krb5_child[77868]] [map_krb5_error]
(0x0020): 1849: [-1765328353][Decrypt integrity check failed]
(2021-03-13 9:27:48): [krb5_child[77881]]
[get_and_save_tgt] (0x0020): 1720: [-1765328353][Decrypt
integrity check failed]
(2021-03-13 9:27:48): [krb5_child[77881]] [map_krb5_error]
(0x0020): 1849: [-1765328353][Decrypt integrity check failed]
(2021-03-13 9:29:07): [krb5_child[78072]]
[get_and_save_tgt] (0x0020): 1720: [-1765328353][Decrypt
integrity check failed]
(2021-03-13 9:29:07): [krb5_child[78072]] [map_krb5_error]
(0x0020): 1849: [-1765328353][Decrypt integrity check failed]
...
I'm on CentOS Stream with ipa-server-4.9.0.
"Funny" thing is that very first domain deployment worked
but I had 'idranges' created which I realized I needed
different. So I quickly 'uninstalled' and started new with
'--idstart'.
But since then I 'uninstalled' again and again installed
without '--idstart'. At this point I can re-install no
matter how and the problem persists, ssh with password does
not work.
many thanks, L.
Show replies by thread