Hi List,

I am running into problem with pam_sss. It is unable to authenticate user against AD via Kerberos.

Log files:

Sssd_default.log

(Thu Sep 24 14:14:16 2015) [sssd[be[default]]] [krb5_auth_send] (0x0100): No ccache file for user [ondrejv] found.

(Thu Sep 24 14:14:16 2015) [sssd[be[default]]] [krb5_auth_send] (0x4000): Ccache_file is [not set] and is not active and TGT is not valid.

Pam.log:

(Thu Sep 24 14:14:16 2015) [sssd[pam]] [pam_initgr_cache_set] (0x2000): [ondrejv] added to PAM initgroup cache

(Thu Sep 24 14:14:16 2015) [sssd[pam]] [pam_dp_send_req] (0x0100): Sending request with the following data:

(Thu Sep 24 14:14:16 2015) [sssd[pam]] [pam_print_data] (0x0100): command: PAM_AUTHENTICATE

(Thu Sep 24 14:14:16 2015) [sssd[pam]] [pam_print_data] (0x0100): domain: default

(Thu Sep 24 14:14:16 2015) [sssd[pam]] [pam_print_data] (0x0100): user: ondrejv

(Thu Sep 24 14:14:16 2015) [sssd[pam]] [pam_print_data] (0x0100): service: sshd

(Thu Sep 24 14:14:16 2015) [sssd[pam]] [pam_print_data] (0x0100): tty: ssh

(Thu Sep 24 14:14:16 2015) [sssd[pam]] [pam_print_data] (0x0100): ruser: not set

(Thu Sep 24 14:14:16 2015) [sssd[pam]] [pam_print_data] (0x0100): rhost: login03

(Thu Sep 24 14:14:16 2015) [sssd[pam]] [pam_print_data] (0x0100): authtok type: 1

(Thu Sep 24 14:14:16 2015) [sssd[pam]] [pam_print_data] (0x0100): newauthtok type: 0

(Thu Sep 24 14:14:16 2015) [sssd[pam]] [pam_print_data] (0x0100): priv: 1

(Thu Sep 24 14:14:16 2015) [sssd[pam]] [pam_print_data] (0x0100): cli_pid: 27660

(Thu Sep 24 14:14:16 2015) [sssd[pam]] [sbus_add_timeout] (0x2000): 0x22b2a10

(Thu Sep 24 14:14:16 2015) [sssd[pam]] [pam_dom_forwarder] (0x0100): pam_dp_send_req returned 0

(Thu Sep 24 14:14:16 2015) [sssd[pam]] [sss_dp_req_destructor] (0x0400): Deleting request: [0x417d60:3:ondrejv@default]

(Thu Sep 24 14:14:16 2015) [sssd[pam]] [sbus_remove_timeout] (0x2000): 0x22b2a10

(Thu Sep 24 14:14:16 2015) [sssd[pam]] [sbus_dispatch] (0x4000): dbus conn: 0x22b1f10

(Thu Sep 24 14:14:16 2015) [sssd[pam]] [sbus_dispatch] (0x4000): Dispatching.

(Thu Sep 24 14:14:16 2015) [sssd[pam]] [pam_dp_process_reply] (0x0100): received: [4][default]

(Thu Sep 24 14:14:16 2015) [sssd[pam]] [pam_reply] (0x0200): pam_reply called with result [4].

(Thu Sep 24 14:14:16 2015) [sssd[pam]] [pam_reply] (0x0200): blen: 68

(Thu Sep 24 14:14:16 2015) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x22bcec0][18]

(Thu Sep 24 14:14:21 2015) [sssd[pam]] [pam_initgr_cache_remove] (0x2000): [ondrejv] removed from PAM initgroup cache

/var/log/authlog:

ep 24 14:14:16 nitrogen sshd[27660]: pam_sss(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=login03 user=ondrejv

Sep 24 14:14:16 nitrogen sshd[27660]: pam_sss(sshd:auth): received for user ondrejv: 4 (System error)

I am bit lost here – neither friend Google helps. Does anyone know?

I can run ‘kinit <username>’ happily, so Kerberos library seems to be configured fine. System is Ubuntu 14.04.

Thanks,

Ondrej