hi Lukas
the debugging tips is really helpfule trouble shooting, i got a lot error "pam_sss(sshd:auth): received for user nick: 9 (Authentication service cannot retrieve authentication info)" it turned out that i used ldap (without SSL) that sssd not support any more http://www.linuxquestions.org/questions/linux-enterprise-47/rhel-6-ldap-now-requires-tls-843917/#post4521478 for secure reason. after enable ssl for my openldap server, thinks work now
thanks very much
Thanks & Best Regards!
/// (. .) --------ooO--(_)--Ooo-------- | Nick Tan | ------------------------------------
On Sat, Jun 28, 2014 at 1:33 AM, Lukas Slebodnik lslebodn@redhat.com wrote:
On (28/06/14 00:03), XuQing Tan wrote:
Hi folks
i setup sssd 1.9.2 on centos 6 x64 i can get the user info via 'id <user>' i can su to that user as root (no password prompt since i'm root)
[root@nick-ldap ~]# su - nick -sh-4.1$ exit logout
root can swith to another user without any prompting password. (pam_sss was not involved) It is default behaviour. I am not pam expert, but it should be caused by next line in /etc/pam.d/su
account sufficient pam_succeed_if.so uid = 0 use_uid quiet
but i can't su to this user as non-root (with password prompt but get incorrect password error) [root@nick-ldap ~]# su - demo [demo@nick-ldap ~]$ su - nick Password: su: incorrect password
There are two explanation: a) you used wrong password. b) there is some problem with sssd configuration.
In second case, put "debug_level = 7" into pam and domain section in sssd.conf; restarts sssd; reproduce problem; and try to analyse log files in /var/log/sssd If you don't find root of problem please send sanitised log fail to the mailing list.
LS _______________________________________________ sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users