Hi List,
I am running into problem with pam_sss. It is unable to authenticate user against AD via Kerberos.
Log files:
Sssd_default.log
(Thu Sep 24 14:14:16 2015) [sssd[be[default]]] [krb5_auth_send] (0x0100): No ccache file for user [ondrejv] found.
(Thu Sep 24 14:14:16 2015) [sssd[be[default]]] [krb5_auth_send] (0x4000): Ccache_file is [not set] and is not active and TGT is not valid.
Pam.log:
(Thu Sep 24 14:14:16 2015) [sssd[pam]] [pam_initgr_cache_set] (0x2000): [ondrejv] added to PAM initgroup cache
(Thu Sep 24 14:14:16 2015) [sssd[pam]] [pam_dp_send_req] (0x0100): Sending request with the following data:
(Thu Sep 24 14:14:16 2015) [sssd[pam]] [pam_print_data] (0x0100): command: PAM_AUTHENTICATE
(Thu Sep 24 14:14:16 2015) [sssd[pam]] [pam_print_data] (0x0100): domain: default
(Thu Sep 24 14:14:16 2015) [sssd[pam]] [pam_print_data] (0x0100): user: ondrejv
(Thu Sep 24 14:14:16 2015) [sssd[pam]] [pam_print_data] (0x0100): service: sshd
(Thu Sep 24 14:14:16 2015) [sssd[pam]] [pam_print_data] (0x0100): tty: ssh
(Thu Sep 24 14:14:16 2015) [sssd[pam]] [pam_print_data] (0x0100): ruser: not set
(Thu Sep 24 14:14:16 2015) [sssd[pam]] [pam_print_data] (0x0100): rhost: login03
(Thu Sep 24 14:14:16 2015) [sssd[pam]] [pam_print_data] (0x0100): authtok type: 1
(Thu Sep 24 14:14:16 2015) [sssd[pam]] [pam_print_data] (0x0100): newauthtok type: 0
(Thu Sep 24 14:14:16 2015) [sssd[pam]] [pam_print_data] (0x0100): priv: 1
(Thu Sep 24 14:14:16 2015) [sssd[pam]] [pam_print_data] (0x0100): cli_pid: 27660
(Thu Sep 24 14:14:16 2015) [sssd[pam]] [sbus_add_timeout] (0x2000): 0x22b2a10
(Thu Sep 24 14:14:16 2015) [sssd[pam]] [pam_dom_forwarder] (0x0100): pam_dp_send_req returned 0
(Thu Sep 24 14:14:16 2015) [sssd[pam]] [sss_dp_req_destructor] (0x0400): Deleting request: [0x417d60:3:ondrejv@default]
(Thu Sep 24 14:14:16 2015) [sssd[pam]] [sbus_remove_timeout] (0x2000): 0x22b2a10
(Thu Sep 24 14:14:16 2015) [sssd[pam]] [sbus_dispatch] (0x4000): dbus conn: 0x22b1f10
(Thu Sep 24 14:14:16 2015) [sssd[pam]] [sbus_dispatch] (0x4000): Dispatching.
(Thu Sep 24 14:14:16 2015) [sssd[pam]] [pam_dp_process_reply] (0x0100): received: [4][default]
(Thu Sep 24 14:14:16 2015) [sssd[pam]] [pam_reply] (0x0200): pam_reply called with result [4].
(Thu Sep 24 14:14:16 2015) [sssd[pam]] [pam_reply] (0x0200): blen: 68
(Thu Sep 24 14:14:16 2015) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x22bcec0][18]
(Thu Sep 24 14:14:21 2015) [sssd[pam]] [pam_initgr_cache_remove] (0x2000): [ondrejv] removed from PAM initgroup cache
/var/log/authlog:
ep 24 14:14:16 nitrogen sshd[27660]: pam_sss(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=login03 user=ondrejv
Sep 24 14:14:16 nitrogen sshd[27660]: pam_sss(sshd:auth): received for user ondrejv: 4 (System error)
I am bit lost here – neither friend Google helps. Does anyone know?
I can run ‘kinit <username>’ happily, so Kerberos library seems to be configured fine. System is Ubuntu 14.04.
Thanks,
Ondrej