Hi guys.
This have puzzled my and left clueless.
It's a fresh new deployment and still only single master.
Very first & only user and I cannot 'ssh' with password -
but krb ticket I can obtain and 'ssh' with it successfully.
ssh logs:
..
pam_sss(sshd:auth): received for user bs58: 7
(Authentication failure)
..
with in: /etc/sssd/sssd.conf
[pam]
debug_level=9
only fail/error/warn in sssd_pam.log is:
..
(2022-01-16 12:20:18): [pam] [pam_print_data] (0x0100): [CID
#6] service: sshd
(2022-01-16 12:20:18): [pam] [pam_print_data] (0x0100): [CID
#6] tty: ssh
(2022-01-16 12:20:18): [pam] [pam_print_data] (0x0100): [CID
#6] ruser: not set
(2022-01-16 12:20:18): [pam] [pam_print_data] (0x0100): [CID
#6] rhost: 10.0.0.16
(2022-01-16 12:20:18): [pam] [pam_print_data] (0x0100): [CID
#6] authtok type: 1 (Password)
(2022-01-16 12:20:18): [pam] [pam_print_data] (0x0100): [CID
#6] newauthtok type: 0 (No authentication token available)
(2022-01-16 12:20:18): [pam] [pam_print_data] (0x0100): [CID
#6] priv: 1
(2022-01-16 12:20:18): [pam] [pam_print_data] (0x0100): [CID
#6] cli_pid: 25363
(2022-01-16 12:20:18): [pam] [pam_print_data] (0x0100): [CID
#6] logon name: bs583
(2022-01-16 12:20:18): [pam] [pam_print_data] (0x0100): [CID
#6] flags: 2
(2022-01-16 12:20:18): [pam] [pam_dom_forwarder] (0x0100):
pam_dp_send_req returned 0
(2022-01-16 12:20:18): [pam] [sbus_dispatch] (0x4000):
Dispatching.
(2022-01-16 12:20:18): [pam] [pam_dp_send_req_done]
(0x0200): received: [7 (Authentication
failure)][ccn.private.com][CID #6]
(2022-01-16 12:20:18): [pam] [pam_reply] (0x4000): pam_reply
initially called with result [7]: Authentication failure.
this result might be changed during processing
(2022-01-16 12:20:18): [pam] [pam_reply] (0x0200): blen: 43
(2022-01-16 12:20:18): [pam] [pam_reply] (0x0200): Returning
[7]: Authentication failure to the client [CID #6]
(2022-01-16 12:20:20): [pam] [client_recv] (0x0200): Client
disconnected!
...
It's on Centos 8 with:
ipa-server-4.9.6-10.module_el8.5.0+1055+c415bbe9.x86_64
sssd-ipa-2.5.2-2.el8_5.3.x86_64
krb5-libs-1.18.2-14.el8.x86_64
I've tried higher 'debug_level' for other bits in
'/etc/sssd/sssd.conf' but there it nothing 'abnormal' there
- or I've gone blind.
All & any suggestions on how to troubleshoot/fix this very
much appreciated.
many thanks, L.