> Lukas Slebodnik <lslebodn@redhat.com> hat am 14. November 2016 um 11:36 geschrieben:
>
>
> On (14/11/16 11:34), Ronny Forberger wrote:
> >> Lukas Slebodnik <lslebodn@redhat.com> hat am 14. November 2016 um 10:04
> >> geschrieben:
> >>
> >>
> >> On (13/11/16 16:03), ronnyforberger@ronnyforberger.de wrote:
> >> >I found out, that /var/run/sss needed mode 0755.
> >> >
> >> >But I still cannot use passwords.
> >> >My /etc/pam.d/system looks like the following:
> >> >
> >> What do you meand by cannot use password?
> >> How do you authenticate ssh (or login on tty)
> >> Are you able to resolve user with "getent passwd" or "id"?
> >I cannot login using password or use sudo using password. Neigher by ssh, login
> >on tty.
> >
> >I can see the users through getent passwd and id.
> >
> >The debug log of pam_sssd.so says:
> >
> >
> >Nov 13 17:31:59 macy sudo: in openpam_dispatch(): /usr/local/lib/pam_sss.so:
> >pam_sm_authenticate(): authentication error
> >Nov 13 17:32:01 macy su: in openpam_dispatch(): calling pam_sm_setcred() in
> >/usr/local/lib/pam_sss.so
> >Nov 13 17:32:01 macy su: in pam_get_item(): entering: PAM_SERVICE
> >Nov 13 17:32:01 macy su: in pam_get_item(): returning PAM_SUCCESS
> >Nov 13 17:32:01 macy su: in pam_get_item(): entering: PAM_USER
> >Nov 13 17:32:01 macy su: in pam_get_item(): returning PAM_SUCCESS
> >Nov 13 17:32:01 macy su: in pam_get_item(): entering: PAM_TTY
> >Nov 13 17:32:01 macy su: in pam_get_item(): returning PAM_SUCCESS
> >Nov 13 17:32:01 macy su: in pam_get_item(): entering: PAM_RUSER
> >Nov 13 17:32:01 macy su: in pam_get_item(): returning PAM_SUCCESS
> >Nov 13 17:32:01 macy su: in pam_get_item(): entering: PAM_RHOST
> >Nov 13 17:32:01 macy su: in pam_get_item(): returning PAM_SUCCESS
> >Nov 13 17:32:01 macy su: in pam_get_item(): entering: PAM_AUTHTOK
> >Nov 13 17:32:01 macy su: in pam_get_item(): returning PAM_SUCCESS
> >Nov 13 17:32:01 macy su: in pam_get_item(): entering: PAM_OLDAUTHTOK
> >Nov 13 17:32:01 macy su: in pam_get_item(): returning PAM_SUCCESS
> >Nov 13 17:32:01 macy su: in pam_set_data(): entering: 'pam_sss:fd_destructor'
> >Nov 13 17:32:01 macy su: in pam_set_data(): returning PAM_SUCCESS
> >Nov 13 17:32:01 macy su: in openpam_dispatch(): /usr/local/lib/pam_sss.so:
> >pam_sm_setcred(): success
> >
> Those messages are from syslog.
> You need to find a problem in sssd logs.
> https://fedorahosted.org/sssd/wiki/Troubleshooting
Ok, here is the PAM log from sssd:

(Mon Nov 14 17:06:41 2016) [sssd[pam]] [pam_cmd_acct_mgmt] (0x0100): entering pam_cmd_acct_mgmt
(Mon Nov 14 17:06:41 2016) [sssd[pam]] [pam_print_data] (0x0100): command: PAM_ACCT_MGMT
(Mon Nov 14 17:06:41 2016) [sssd[pam]] [pam_print_data] (0x0100): domain: not set
(Mon Nov 14 17:06:41 2016) [sssd[pam]] [pam_print_data] (0x0100): user: rf
(Mon Nov 14 17:06:41 2016) [sssd[pam]] [pam_print_data] (0x0100): service: su
(Mon Nov 14 17:06:41 2016) [sssd[pam]] [pam_print_data] (0x0100): tty: /dev/pts/0
(Mon Nov 14 17:06:41 2016) [sssd[pam]] [pam_print_data] (0x0100): ruser: root
(Mon Nov 14 17:06:41 2016) [sssd[pam]] [pam_print_data] (0x0100): rhost: not set
(Mon Nov 14 17:06:41 2016) [sssd[pam]] [pam_print_data] (0x0100): authtok type: 0
(Mon Nov 14 17:06:41 2016) [sssd[pam]] [pam_print_data] (0x0100): newauthtok type: 0
(Mon Nov 14 17:06:41 2016) [sssd[pam]] [pam_print_data] (0x0100): priv: 1
(Mon Nov 14 17:06:41 2016) [sssd[pam]] [pam_print_data] (0x0100): cli_pid: 32816
(Mon Nov 14 17:06:41 2016) [sssd[pam]] [pam_check_user_search] (0x0100): Requesting info for [rf@ronnyforberger.de]
(Mon Nov 14 17:06:41 2016) [sssd[pam]] [pam_dp_send_req] (0x0100): Sending request with the following data:
(Mon Nov 14 17:06:41 2016) [sssd[pam]] [pam_print_data] (0x0100): command: PAM_ACCT_MGMT
(Mon Nov 14 17:06:41 2016) [sssd[pam]] [pam_print_data] (0x0100): domain: ronnyforberger.de
(Mon Nov 14 17:06:41 2016) [sssd[pam]] [pam_print_data] (0x0100): user: rf
(Mon Nov 14 17:06:41 2016) [sssd[pam]] [pam_print_data] (0x0100): service: su
(Mon Nov 14 17:06:41 2016) [sssd[pam]] [pam_print_data] (0x0100): tty: /dev/pts/0
(Mon Nov 14 17:06:41 2016) [sssd[pam]] [pam_print_data] (0x0100): ruser: root
(Mon Nov 14 17:06:41 2016) [sssd[pam]] [pam_print_data] (0x0100): rhost: not set
(Mon Nov 14 17:06:41 2016) [sssd[pam]] [pam_print_data] (0x0100): authtok type: 0
(Mon Nov 14 17:06:41 2016) [sssd[pam]] [pam_print_data] (0x0100): newauthtok type: 0
(Mon Nov 14 17:06:41 2016) [sssd[pam]] [pam_print_data] (0x0100): priv: 1
(Mon Nov 14 17:06:41 2016) [sssd[pam]] [pam_print_data] (0x0100): cli_pid: 32816
(Mon Nov 14 17:06:41 2016) [sssd[pam]] [pam_dom_forwarder] (0x0100): pam_dp_send_req returned 0
(Mon Nov 14 17:06:41 2016) [sssd[pam]] [pam_dp_process_reply] (0x0100): received: [0][ronnyforberger.de]
(Mon Nov 14 17:06:41 2016) [sssd[pam]] [pam_cmd_setcred] (0x0100): entering pam_cmd_setcred
(Mon Nov 14 17:06:41 2016) [sssd[pam]] [pam_print_data] (0x0100): command: PAM_SETCRED
(Mon Nov 14 17:06:41 2016) [sssd[pam]] [pam_print_data] (0x0100): domain: not set
(Mon Nov 14 17:06:41 2016) [sssd[pam]] [pam_print_data] (0x0100): user: rf
(Mon Nov 14 17:06:41 2016) [sssd[pam]] [pam_print_data] (0x0100): service: su
(Mon Nov 14 17:06:41 2016) [sssd[pam]] [pam_print_data] (0x0100): tty: /dev/pts/0
(Mon Nov 14 17:06:41 2016) [sssd[pam]] [pam_print_data] (0x0100): ruser: root
(Mon Nov 14 17:06:41 2016) [sssd[pam]] [pam_print_data] (0x0100): rhost: not set
(Mon Nov 14 17:06:41 2016) [sssd[pam]] [pam_print_data] (0x0100): authtok type: 0
(Mon Nov 14 17:06:41 2016) [sssd[pam]] [pam_print_data] (0x0100): newauthtok type: 0
(Mon Nov 14 17:06:41 2016) [sssd[pam]] [pam_print_data] (0x0100): priv: 0
(Mon Nov 14 17:06:41 2016) [sssd[pam]] [pam_print_data] (0x0100): cli_pid: 32816
(Mon Nov 14 17:06:41 2016) [sssd[pam]] [pam_check_user_search] (0x0100): Requesting info for [rf@ronnyforberger.de]
(Mon Nov 14 17:06:41 2016) [sssd[pam]] [pam_dp_send_req] (0x0100): Sending request with the following data:
(Mon Nov 14 17:06:41 2016) [sssd[pam]] [pam_print_data] (0x0100): command: PAM_SETCRED
(Mon Nov 14 17:06:41 2016) [sssd[pam]] [pam_print_data] (0x0100): domain: ronnyforberger.de
(Mon Nov 14 17:06:41 2016) [sssd[pam]] [pam_print_data] (0x0100): user: rf
(Mon Nov 14 17:06:41 2016) [sssd[pam]] [pam_print_data] (0x0100): service: su
(Mon Nov 14 17:06:41 2016) [sssd[pam]] [pam_print_data] (0x0100): tty: /dev/pts/0
(Mon Nov 14 17:06:41 2016) [sssd[pam]] [pam_print_data] (0x0100): ruser: root
(Mon Nov 14 17:06:41 2016) [sssd[pam]] [pam_print_data] (0x0100): rhost: not set
(Mon Nov 14 17:06:41 2016) [sssd[pam]] [pam_print_data] (0x0100): authtok type: 0
(Mon Nov 14 17:06:41 2016) [sssd[pam]] [pam_print_data] (0x0100): newauthtok type: 0
(Mon Nov 14 17:06:41 2016) [sssd[pam]] [pam_print_data] (0x0100): priv: 0
(Mon Nov 14 17:06:41 2016) [sssd[pam]] [pam_print_data] (0x0100): cli_pid: 32816
(Mon Nov 14 17:06:41 2016) [sssd[pam]] [pam_dom_forwarder] (0x0100): pam_dp_send_req returned 0
(Mon Nov 14 17:06:41 2016) [sssd[pam]] [pam_dp_process_reply] (0x0100): received: [0][ronnyforberger.de]
(Mon Nov 14 17:06:43 2016) [sssd[pam]] [pam_cmd_authenticate] (0x0100): entering pam_cmd_authenticate
(Mon Nov 14 17:06:43 2016) [sssd[pam]] [pam_print_data] (0x0100): command: PAM_AUTHENTICATE
(Mon Nov 14 17:06:43 2016) [sssd[pam]] [pam_print_data] (0x0100): domain: not set
(Mon Nov 14 17:06:43 2016) [sssd[pam]] [pam_print_data] (0x0100): user: rf
(Mon Nov 14 17:06:43 2016) [sssd[pam]] [pam_print_data] (0x0100): service: sudo
(Mon Nov 14 17:06:43 2016) [sssd[pam]] [pam_print_data] (0x0100): tty: /dev/pts/0
(Mon Nov 14 17:06:43 2016) [sssd[pam]] [pam_print_data] (0x0100): ruser: rf
(Mon Nov 14 17:06:43 2016) [sssd[pam]] [pam_print_data] (0x0100): rhost: not set
(Mon Nov 14 17:06:43 2016) [sssd[pam]] [pam_print_data] (0x0100): authtok type: 0
(Mon Nov 14 17:06:43 2016) [sssd[pam]] [pam_print_data] (0x0100): newauthtok type: 0
(Mon Nov 14 17:06:43 2016) [sssd[pam]] [pam_print_data] (0x0100): priv: 0
(Mon Nov 14 17:06:43 2016) [sssd[pam]] [pam_print_data] (0x0100): cli_pid: 32830
(Mon Nov 14 17:06:43 2016) [sssd[pam]] [pam_check_user_search] (0x0100): Requesting info for [rf@ronnyforberger.de]
(Mon Nov 14 17:06:43 2016) [sssd[pam]] [pam_dp_send_req] (0x0100): Sending request with the following data:
(Mon Nov 14 17:06:43 2016) [sssd[pam]] [pam_print_data] (0x0100): command: PAM_AUTHENTICATE
(Mon Nov 14 17:06:43 2016) [sssd[pam]] [pam_print_data] (0x0100): domain: ronnyforberger.de
(Mon Nov 14 17:06:43 2016) [sssd[pam]] [pam_print_data] (0x0100): user: rf
(Mon Nov 14 17:06:43 2016) [sssd[pam]] [pam_print_data] (0x0100): service: sudo
(Mon Nov 14 17:06:43 2016) [sssd[pam]] [pam_print_data] (0x0100): tty: /dev/pts/0
(Mon Nov 14 17:06:43 2016) [sssd[pam]] [pam_print_data] (0x0100): ruser: rf
(Mon Nov 14 17:06:43 2016) [sssd[pam]] [pam_print_data] (0x0100): rhost: not set
(Mon Nov 14 17:06:43 2016) [sssd[pam]] [pam_print_data] (0x0100): authtok type: 0
(Mon Nov 14 17:06:43 2016) [sssd[pam]] [pam_print_data] (0x0100): newauthtok type: 0
(Mon Nov 14 17:06:43 2016) [sssd[pam]] [pam_print_data] (0x0100): priv: 0
(Mon Nov 14 17:06:43 2016) [sssd[pam]] [pam_print_data] (0x0100): cli_pid: 32830
(Mon Nov 14 17:06:43 2016) [sssd[pam]] [pam_dom_forwarder] (0x0100): pam_dp_send_req returned 0
(Mon Nov 14 17:06:43 2016) [sssd[pam]] [pam_dp_process_reply] (0x0100): received: [9][ronnyforberger.de]
(Mon Nov 14 17:06:46 2016) [sssd[pam]] [pam_cmd_authenticate] (0x0100): entering pam_cmd_authenticate
(Mon Nov 14 17:06:46 2016) [sssd[pam]] [pam_print_data] (0x0100): command: PAM_AUTHENTICATE
(Mon Nov 14 17:06:46 2016) [sssd[pam]] [pam_print_data] (0x0100): domain: not set
(Mon Nov 14 17:06:46 2016) [sssd[pam]] [pam_print_data] (0x0100): user: rf
(Mon Nov 14 17:06:46 2016) [sssd[pam]] [pam_print_data] (0x0100): service: sudo
(Mon Nov 14 17:06:46 2016) [sssd[pam]] [pam_print_data] (0x0100): tty: /dev/pts/0
(Mon Nov 14 17:06:46 2016) [sssd[pam]] [pam_print_data] (0x0100): ruser: rf
(Mon Nov 14 17:06:46 2016) [sssd[pam]] [pam_print_data] (0x0100): rhost: not set
(Mon Nov 14 17:06:46 2016) [sssd[pam]] [pam_print_data] (0x0100): authtok type: 0
(Mon Nov 14 17:06:46 2016) [sssd[pam]] [pam_print_data] (0x0100): newauthtok type: 0
(Mon Nov 14 17:06:46 2016) [sssd[pam]] [pam_print_data] (0x0100): priv: 0
(Mon Nov 14 17:06:46 2016) [sssd[pam]] [pam_print_data] (0x0100): cli_pid: 32830
(Mon Nov 14 17:06:46 2016) [sssd[pam]] [pam_check_user_search] (0x0100): Requesting info for [rf@ronnyforberger.de]
(Mon Nov 14 17:06:46 2016) [sssd[pam]] [pam_dp_send_req] (0x0100): Sending request with the following data:
(Mon Nov 14 17:06:46 2016) [sssd[pam]] [pam_print_data] (0x0100): command: PAM_AUTHENTICATE
(Mon Nov 14 17:06:46 2016) [sssd[pam]] [pam_print_data] (0x0100): domain: ronnyforberger.de
(Mon Nov 14 17:06:46 2016) [sssd[pam]] [pam_print_data] (0x0100): user: rf
(Mon Nov 14 17:06:46 2016) [sssd[pam]] [pam_print_data] (0x0100): service: sudo
(Mon Nov 14 17:06:46 2016) [sssd[pam]] [pam_print_data] (0x0100): tty: /dev/pts/0
(Mon Nov 14 17:06:46 2016) [sssd[pam]] [pam_print_data] (0x0100): ruser: rf
(Mon Nov 14 17:06:46 2016) [sssd[pam]] [pam_print_data] (0x0100): rhost: not set
(Mon Nov 14 17:06:46 2016) [sssd[pam]] [pam_print_data] (0x0100): authtok type: 0
(Mon Nov 14 17:06:46 2016) [sssd[pam]] [pam_print_data] (0x0100): newauthtok type: 0
(Mon Nov 14 17:06:46 2016) [sssd[pam]] [pam_print_data] (0x0100): priv: 0
(Mon Nov 14 17:06:46 2016) [sssd[pam]] [pam_print_data] (0x0100): cli_pid: 32830
(Mon Nov 14 17:06:46 2016) [sssd[pam]] [pam_dom_forwarder] (0x0100): pam_dp_send_req returned 0
(Mon Nov 14 17:06:46 2016) [sssd[pam]] [pam_dp_process_reply] (0x0100): received: [9][ronnyforberger.de]
(Mon Nov 14 17:06:49 2016) [sssd[pam]] [pam_cmd_setcred] (0x0100): entering pam_cmd_setcred
(Mon Nov 14 17:06:49 2016) [sssd[pam]] [pam_print_data] (0x0100): command: PAM_SETCRED
(Mon Nov 14 17:06:49 2016) [sssd[pam]] [pam_print_data] (0x0100): domain: not set
(Mon Nov 14 17:06:49 2016) [sssd[pam]] [pam_print_data] (0x0100): user: rf
(Mon Nov 14 17:06:49 2016) [sssd[pam]] [pam_print_data] (0x0100): service: su
(Mon Nov 14 17:06:49 2016) [sssd[pam]] [pam_print_data] (0x0100): tty: /dev/pts/0
(Mon Nov 14 17:06:49 2016) [sssd[pam]] [pam_print_data] (0x0100): ruser: root
(Mon Nov 14 17:06:49 2016) [sssd[pam]] [pam_print_data] (0x0100): rhost: not set
(Mon Nov 14 17:06:49 2016) [sssd[pam]] [pam_print_data] (0x0100): authtok type: 0
(Mon Nov 14 17:06:49 2016) [sssd[pam]] [pam_print_data] (0x0100): newauthtok type: 0
(Mon Nov 14 17:06:49 2016) [sssd[pam]] [pam_print_data] (0x0100): priv: 0
(Mon Nov 14 17:06:49 2016) [sssd[pam]] [pam_print_data] (0x0100): cli_pid: 32816
(Mon Nov 14 17:06:49 2016) [sssd[pam]] [pam_check_user_search] (0x0100): Requesting info for [rf@ronnyforberger.de]
(Mon Nov 14 17:06:49 2016) [sssd[pam]] [pam_dp_send_req] (0x0100): Sending request with the following data:
(Mon Nov 14 17:06:49 2016) [sssd[pam]] [pam_print_data] (0x0100): command: PAM_SETCRED
(Mon Nov 14 17:06:49 2016) [sssd[pam]] [pam_print_data] (0x0100): domain: ronnyforberger.de
(Mon Nov 14 17:06:49 2016) [sssd[pam]] [pam_print_data] (0x0100): user: rf
(Mon Nov 14 17:06:49 2016) [sssd[pam]] [pam_print_data] (0x0100): service: su
(Mon Nov 14 17:06:49 2016) [sssd[pam]] [pam_print_data] (0x0100): tty: /dev/pts/0
(Mon Nov 14 17:06:49 2016) [sssd[pam]] [pam_print_data] (0x0100): ruser: root
(Mon Nov 14 17:06:49 2016) [sssd[pam]] [pam_print_data] (0x0100): rhost: not set
(Mon Nov 14 17:06:49 2016) [sssd[pam]] [pam_print_data] (0x0100): authtok type: 0
(Mon Nov 14 17:06:49 2016) [sssd[pam]] [pam_print_data] (0x0100): newauthtok type: 0
(Mon Nov 14 17:06:49 2016) [sssd[pam]] [pam_print_data] (0x0100): priv: 0
(Mon Nov 14 17:06:49 2016) [sssd[pam]] [pam_print_data] (0x0100): cli_pid: 32816
(Mon Nov 14 17:06:49 2016) [sssd[pam]] [pam_dom_forwarder] (0x0100): pam_dp_send_req returned 0
(Mon Nov 14 17:06:49 2016) [sssd[pam]] [pam_dp_process_reply] (0x0100): received: [0][ronnyforberger.de]

Best regards,

Ronny


>
> LS
> _______________________________________________
> sssd-users mailing list -- sssd-users@lists.fedorahosted.org
> To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org
___________________________________
Ronny Forberger
ronnyforberger at ronnyforberger.de
PGP: http://www.ronnyforberger.de/pgp/email-encryption.html