Hi,

 

Yesterday we migrated our dev servers to IPA – to help in the migration, I enabled the allow_all HBAC rule, but despite that, some users get this message:

 

Jul 29 15:56:23 el4966 sshd[98029]: Postponed keyboard-interactive for id094844 from 81.245.6.11 port 35552 ssh2 [preauth]

Jul 29 15:56:49 el4966 sshd[98034]: pam_sss(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=el1921.bc user=id094844

Jul 29 15:56:49 el4966 sshd[98034]: pam_sss(sshd:auth): received for user id094844: 6 (Permission denied)         < -----  This

Jul 29 15:56:52 el4966 sshd[98029]: error: PAM: Authentication failure for id094844 from el1921.bc

Jul 29 15:56:52 el4966 sshd[98029]: Failed keyboard-interactive/pam for id094844 from 81.245.6.11 port 35552 ssh2

Jul 29 15:56:58 el4966 sshd[98029]: Postponed keyboard-interactive for id094844 from 81.245.6.11 port 35552 ssh2 [preauth]

Jul 29 15:57:00 el4966 sshd[98029]: Connection closed by 81.245.6.11 port 35552 [preauth]

 

These are external (AD) users. Weird thing: not all users have this and not everywhere… I tried to remove the LDAP filter on the IPA server -> same thing… I’m running out of ideas…

 

Thanks for your help!

 

S. Toulmonde


Sensitivity: Internal Use Only

This e-mail cannot be used for other purposes than Proximus business use. See more on https://www.proximus.be/maildisclaimer