On (24/09/15 18:04), Sumit Bose wrote:
On Thu, Sep 24, 2015 at 01:58:34PM +0000, Ondrej Valousek wrote:
> Hi List,
>
> I am running into problem with pam_sss. It is unable to authenticate user against AD
via Kerberos.
> Log files:
>
> Sssd_default.log
> (Thu Sep 24 14:14:16 2015) [sssd[be[default]]] [krb5_auth_send] (0x0100): No ccache
file for user [ondrejv] found.
> (Thu Sep 24 14:14:16 2015) [sssd[be[default]]] [krb5_auth_send] (0x4000): Ccache_file
is [not set] and is not active and TGT is not valid.
Those messages are expected info messages, they do not indicate an
error. Do you have any content in the krb5_child.log ? Feel free to
forward the full logs to me directly.
bye,
Sumit
>
> Pam.log:
>
> (Thu Sep 24 14:14:16 2015) [sssd[pam]] [pam_initgr_cache_set] (0x2000): [ondrejv]
added to PAM initgroup cache
> (Thu Sep 24 14:14:16 2015) [sssd[pam]] [pam_dp_send_req] (0x0100): Sending request
with the following data:
> (Thu Sep 24 14:14:16 2015) [sssd[pam]] [pam_print_data] (0x0100): command:
PAM_AUTHENTICATE
> (Thu Sep 24 14:14:16 2015) [sssd[pam]] [pam_print_data] (0x0100): domain: default
> (Thu Sep 24 14:14:16 2015) [sssd[pam]] [pam_print_data] (0x0100): user: ondrejv
> (Thu Sep 24 14:14:16 2015) [sssd[pam]] [pam_print_data] (0x0100): service: sshd
> (Thu Sep 24 14:14:16 2015) [sssd[pam]] [pam_print_data] (0x0100): tty: ssh
> (Thu Sep 24 14:14:16 2015) [sssd[pam]] [pam_print_data] (0x0100): ruser: not set
> (Thu Sep 24 14:14:16 2015) [sssd[pam]] [pam_print_data] (0x0100): rhost: login03
> (Thu Sep 24 14:14:16 2015) [sssd[pam]] [pam_print_data] (0x0100): authtok type: 1
> (Thu Sep 24 14:14:16 2015) [sssd[pam]] [pam_print_data] (0x0100): newauthtok type: 0
> (Thu Sep 24 14:14:16 2015) [sssd[pam]] [pam_print_data] (0x0100): priv: 1
> (Thu Sep 24 14:14:16 2015) [sssd[pam]] [pam_print_data] (0x0100): cli_pid: 27660
> (Thu Sep 24 14:14:16 2015) [sssd[pam]] [sbus_add_timeout] (0x2000): 0x22b2a10
> (Thu Sep 24 14:14:16 2015) [sssd[pam]] [pam_dom_forwarder] (0x0100): pam_dp_send_req
returned 0
> (Thu Sep 24 14:14:16 2015) [sssd[pam]] [sss_dp_req_destructor] (0x0400): Deleting
request: [0x417d60:3:ondrejv@default]
> (Thu Sep 24 14:14:16 2015) [sssd[pam]] [sbus_remove_timeout] (0x2000): 0x22b2a10
> (Thu Sep 24 14:14:16 2015) [sssd[pam]] [sbus_dispatch] (0x4000): dbus conn:
0x22b1f10
> (Thu Sep 24 14:14:16 2015) [sssd[pam]] [sbus_dispatch] (0x4000): Dispatching.
> (Thu Sep 24 14:14:16 2015) [sssd[pam]]
> [pam_dp_process_reply] (0x0100): received: [4][default]
> (Thu Sep 24 14:14:16 2015) [sssd[pam]]
> [pam_reply] (0x0200): pam_reply called with result [4].
^^
pam responder received
PAM_SYSTEM_ERR from default domain
The debug mesasge is improved in newer sssd.
Which version of sssd do you use?
I agree with Sumit. We will need to see the krb5_child.log
(log file from default domain might be useful as well)
LS