Check if your ssh client is configured with
GSSAPIAuthentikation=yes
(in /etc/ssh/ssh_config)
This is default in Ubuntu – you don’t write about your client
Best,
Longina
From: sssd-users-bounces@lists.fedorahosted.org [mailto:sssd-users-bounces@lists.fedorahosted.org]
On Behalf Of Johannes Ramm-Ericson
Sent: 3. juli 2014 16:57
To: sssd-users@lists.fedorahosted.org
Subject: [SSSD-users] SSSD & SSH on Ubuntu 14.04 - login failure
Hi,
Apologies for any naively stated questions but I am having trouble getting SSSD, Active Directory and SSH to interact as I expect on an Ubuntu 14.04 server. To be quite honest; I am not even certain that SSSD
is the problem anymore since I seem to have successfully authenticated, it's just that my SSH session is interrupted with :
johannes@laplnxjohannes:~$ ssh johannes@bifrost-test
Password:
Write failed: Broken pipe
Extract from /var/log/auth.log
------------------------------------------
Jul 3 14:49:58 bifrost-test sshd[10281]: pam_sss(sshd:auth): authentication success; logname= uid=0 euid=0 tty=ssh ruser= rhost=lichen user=johannes
Jul 3 14:49:58 bifrost-test sshd[10279]: Accepted keyboard-interactive/pam for johannes from 192.168.120.12 port 35886 ssh2
Jul 3 14:49:58 bifrost-test sshd[10279]: fatal: PAM: pam_setcred(): Failure setting user credentials
My /etc/nsswitch.conf
--------------------------------
passwd: files sss
group: files sss
shadow: files sss
hosts: files dns
networks: files
protocols: db files
services: db files
ethers: db files
rpc: db files
netgroup: nis
sudoers: files
/etc/pam.d/common-session:
------------------------------------------
session [default=1] pam_permit.so
# here's the fallback if no module succeeds
session requisite pam_deny.so
# prime the stack with a positive return value if there isn't one already;
# this avoids us returning an error just because nothing sets a success code
# since the modules above will each just jump around
session required pam_permit.so
# The pam_umask module will set the umask according to the system default in
# /etc/login.defs and user settings, solving the problem of different
# umask settings with different shells, display managers, remote sessions etc.
# See "man pam_umask".
session optional pam_umask.so
# and here are more per-package modules (the "Additional" block)
session required pam_unix.so
session optional pam_sss.so
# end of pam-auth-update config
root@bifrost-test:/var/log/sssd# apt-cache policy sssd
sssd:
Installed: 1.11.5-1ubuntu3
I have done my share of googling and only ended up with some very old - seemingly, irrelevant to my problem - page hits.
So, I've turned to this mailing list in hope of finding someone who may have encountered similar issues. Any ideas or suggestions?
Thanks and Best Regards,
Johannes