Hi,
Apologies for any naively stated questions but I am having trouble getting
SSSD, Active Directory and SSH to interact as I expect on an Ubuntu 14.04
server. To be quite honest; I am not even certain that SSSD is the problem
anymore since I seem to have successfully authenticated, it's just that my
SSH session is interrupted with :
johannes@laplnxjohannes:~$ ssh johannes@bifrost-test
Password:
Write failed: Broken pipe
Extract from /var/log/auth.log
------------------------------------------
Jul 3 14:49:58 bifrost-test sshd[10281]: pam_sss(sshd:auth):
authentication success; logname= uid=0 euid=0 tty=ssh ruser= rhost=lichen
user=johannes
Jul 3 14:49:58 bifrost-test sshd[10279]: Accepted keyboard-interactive/pam
for johannes from 192.168.120.12 port 35886 ssh2
Jul 3 14:49:58 bifrost-test sshd[10279]: fatal: PAM: pam_setcred():
Failure setting user credentials
My /etc/nsswitch.conf
--------------------------------
passwd: files sss
group: files sss
shadow: files sss
hosts: files dns
networks: files
protocols: db files
services: db files
ethers: db files
rpc: db files
netgroup: nis
sudoers: files
/etc/pam.d/common-session:
------------------------------------------
session [default=1] pam_permit.so
# here's the fallback if no module succeeds
session requisite pam_deny.so
# prime the stack with a positive return value if there isn't one already;
# this avoids us returning an error just because nothing sets a success code
# since the modules above will each just jump around
session required pam_permit.so
# The pam_umask module will set the umask according to the system default in
# /etc/login.defs and user settings, solving the problem of different
# umask settings with different shells, display managers, remote sessions
etc.
# See "man pam_umask".
session optional pam_umask.so
# and here are more per-package modules (the "Additional" block)
session required pam_unix.so
session optional pam_sss.so
# end of pam-auth-update config
root@bifrost-test:/var/log/sssd# apt-cache policy sssd
sssd:
Installed: 1.11.5-1ubuntu3
I have done my share of googling and only ended up with some very old -
seemingly, irrelevant to my problem - page hits.
So, I've turned to this mailing list in hope of finding someone who may
have encountered similar issues. Any ideas or suggestions?
Thanks and Best Regards,
Johannes