id works, cannot auth though

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

I am no expert in LDAP, I have attached my system-auth file. It may help you as it is working with my 389 server.

For SSSD setup http://www.couyon.net/1/post/2012/04/enabling-ldap-usergroup-support-and-authentication-in-centos-6.html could help you.


Thanks
Chandan

On Wednesday, January 9, 2013, Doug Tucker wrote:
I still can't seem to figure out how to import my groups to 389 from openldap, but the users transferred fine.  However moving forward, I created a group manually in 389 and added my username to the group. Now from my client, if I do: id tuckerd, i get the results I'm looking for:

# id tuckerd
uid=4011(tuckerd) gid=500(seasadm) groups=500(seasadm)

However, attempts to log in at the console with tuckerd it fails authentication.  On this clients in secure.log I get this:


Jan  9 13:06:18 asteriskvm sshd[4546]: pam_sss(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.16.76.1 user=tuckerd
Jan  9 13:06:18 asteriskvm sshd[4546]: pam_sss(sshd:auth): received for user tuckerd: 4 (System error)
Jan  9 13:06:19 asteriskvm sshd[4546]: Failed password for tuckerd from 172.16.76.1 port 57093 ssh2
Jan  9 13:06:33 asteriskvm sshd[4546]: pam_sss(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.16.76.1 user=tuckerd
Jan  9 13:06:33 asteriskvm sshd[4546]: pam_sss(sshd:auth): received for user tuckerd: 9 (Authentication service cannot retrieve authentication info)
Jan  9 13:06:35 asteriskvm sshd[4546]: Failed password for tuckerd from 172.16.76.1 port 57093 ssh2
Jan  9 13:06:36 asteriskvm sshd[4547]: Connection closed by 172.16.76.1
Jan  9 13:06:36 asteriskvm sshd[4546]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.16.76.1 user=tuckerd

I have changed the password in 389 for tuckerd and am confident it is being typed correctly.

[09/Jan/2013:13:10:48 -0600] conn=2458 fd=64 slot=64 connection from 129.119.103.59 to 129.119.113.231
[09/Jan/2013:13:10:48 -0600] conn=2458 op=0 SRCH base="" scope=0 filter="(objectClass=*)" attrs="* altServer namingContexts supportedControl supportedExtension supportedFeatures supportedLDAPVersion supportedSASLMechanisms defaultnamingcontext lastusn highestcommittedusn aci"
[09/Jan/2013:13:10:48 -0600] conn=2458 op=0 RESULT err=0 tag=101 nentries=1 etime=0
[09/Jan/2013:13:10:48 -0600] conn=2458 op=1 BIND dn="" method=128 version=3
[09/Jan/2013:13:10:48 -0600] conn=2458 op=1 RESULT err=0 tag=97 nentries=0 etime=0 dn=""
[09/Jan/2013:13:10:48 -0600] conn=2458 op=2 SRCH base="dc=engr,dc=smu,dc=edu" scope=2 filter="(&(uid=tuckerd)(objectClass=posixAccount))" attrs="objectClass uid userPassword uidNumber gidNumber gecos homeDirectory loginShell krbprincipalname cn modifyTimestamp modifyTimestamp shadowLastChange shadowMin shadowMax shadowWarning shadowInactive shadowExpire shadowFlag krblastpwdchange krbpasswordexpiration pwdAttribute authorizedService accountexpires useraccountcontrol nsAccountLock host logindisabled loginexpirationtime loginallowedtimemap"
[09/Jan/2013:13:10:48 -0600] conn=2458 op=2 RESULT err=0 tag=101 nentries=1 etime=0
[09/Jan/2013:13:10:48 -0600] conn=2458 op=3 SRCH base="dc=engr,dc=smu,dc=edu" scope=2 filter="(&(memberUid=tuckerd)(objectClass=posixGroup)(cn=*)(&(gidNumber=*)(!(gidNumber=0))))" attrs="objectClass cn userPassword gidNumber memberUid modifyTimestamp modifyTimestamp"
[09/Jan/2013:13:10:48 -0600] conn=2458 op=3 RESULT err=0 tag=101 nentries=1 etime=0 notes=U,P
[09/Jan/2013:13:10:48 -0600] conn=2459 fd=65 slot=65 connection from 129.119.103.59 to 129.119.113.231
[09/Jan/2013:13:10:48 -0600] conn=2459 op=0 EXT oid="1.3.6.1.4.1.1466.20037"
[09/Jan/2013:13:10:48 -0600] conn=2459 op=0 RESULT err=2 tag=120 nentries=0 etime=0
[09/Jan/2013:13:10:48 -0600] conn=2459 op=-1 fd=65 closed error 34 (Numerical result out of range) - B2

Which has to be the most cryptic error logging I've ever seen :). Can anyone help me make sense of this and what it means?

--
Sincerely,

Doug Tucker

--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users


--

--
http://about.me/chandank

--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users
[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux