Check if your ssh client is configured with

GSSAPIAuthentikation=yes

(in /etc/ssh/ssh_config)

This is default in Ubuntu – you don’t write about your client

 

Best,

Longina

 

From: sssd-users-bounces@lists.fedorahosted.org [mailto:sssd-users-bounces@lists.fedorahosted.org] On Behalf Of Johannes Ramm-Ericson
Sent: 3. juli 2014 16:57
To: sssd-users@lists.fedorahosted.org
Subject: [SSSD-users] SSSD & SSH on Ubuntu 14.04 - login failure

 

Hi,

Apologies for any naively stated questions but I am having trouble getting SSSD, Active Directory and SSH to interact as I expect on an Ubuntu 14.04 server. To be quite honest; I am not even certain that SSSD is the problem anymore since I seem to have successfully authenticated, it's just that my SSH session is interrupted with :


johannes@laplnxjohannes:~$ ssh  johannes@bifrost-test
Password:
Write failed: Broken pipe


Extract from /var/log/auth.log
------------------------------------------
Jul  3 14:49:58 bifrost-test sshd[10281]: pam_sss(sshd:auth): authentication success; logname= uid=0 euid=0 tty=ssh ruser= rhost=lichen user=johannes
Jul  3 14:49:58 bifrost-test sshd[10279]: Accepted keyboard-interactive/pam for johannes from 192.168.120.12 port 35886 ssh2
Jul  3 14:49:58 bifrost-test sshd[10279]: fatal: PAM: pam_setcred(): Failure setting user credentials

My /etc/nsswitch.conf
--------------------------------
passwd:         files sss
group:          files sss
shadow:         files sss

hosts:          files dns
networks:       files

protocols:      db files
services:       db files
ethers:         db files
rpc:            db files

netgroup:       nis
sudoers:        files

 

/etc/pam.d/common-session:
------------------------------------------
session    [default=1]            pam_permit.so
# here's the fallback if no module succeeds
session    requisite            pam_deny.so
# prime the stack with a positive return value if there isn't one already;
# this avoids us returning an error just because nothing sets a success code
# since the modules above will each just jump around
session    required            pam_permit.so
# The pam_umask module will set the umask according to the system default in
# /etc/login.defs and user settings, solving the problem of different
# umask settings with different shells, display managers, remote sessions etc.
# See "man pam_umask".
session optional            pam_umask.so
# and here are more per-package modules (the "Additional" block)
session    required    pam_unix.so
session    optional            pam_sss.so
# end of pam-auth-update config

root@bifrost-test:/var/log/sssd# apt-cache policy sssd
sssd:
  Installed: 1.11.5-1ubuntu3

I have done my share of googling and only ended up with some very old - seemingly, irrelevant to my problem - page hits.

So, I've turned to this mailing list in hope of finding someone who may have encountered similar issues. Any ideas or suggestions?

Thanks and Best Regards,

Johannes