On (24/09/15 18:04), Sumit Bose wrote:
On Thu, Sep 24, 2015 at 01:58:34PM +0000, Ondrej Valousek wrote:
Hi List,
I am running into problem with pam_sss. It is unable to authenticate user against AD via Kerberos. Log files:
Sssd_default.log (Thu Sep 24 14:14:16 2015) [sssd[be[default]]] [krb5_auth_send] (0x0100): No ccache file for user [ondrejv] found. (Thu Sep 24 14:14:16 2015) [sssd[be[default]]] [krb5_auth_send] (0x4000): Ccache_file is [not set] and is not active and TGT is not valid.
Those messages are expected info messages, they do not indicate an error. Do you have any content in the krb5_child.log ? Feel free to forward the full logs to me directly.
bye, Sumit
Pam.log:
(Thu Sep 24 14:14:16 2015) [sssd[pam]] [pam_initgr_cache_set] (0x2000): [ondrejv] added to PAM initgroup cache (Thu Sep 24 14:14:16 2015) [sssd[pam]] [pam_dp_send_req] (0x0100): Sending request with the following data: (Thu Sep 24 14:14:16 2015) [sssd[pam]] [pam_print_data] (0x0100): command: PAM_AUTHENTICATE (Thu Sep 24 14:14:16 2015) [sssd[pam]] [pam_print_data] (0x0100): domain: default (Thu Sep 24 14:14:16 2015) [sssd[pam]] [pam_print_data] (0x0100): user: ondrejv (Thu Sep 24 14:14:16 2015) [sssd[pam]] [pam_print_data] (0x0100): service: sshd (Thu Sep 24 14:14:16 2015) [sssd[pam]] [pam_print_data] (0x0100): tty: ssh (Thu Sep 24 14:14:16 2015) [sssd[pam]] [pam_print_data] (0x0100): ruser: not set (Thu Sep 24 14:14:16 2015) [sssd[pam]] [pam_print_data] (0x0100): rhost: login03 (Thu Sep 24 14:14:16 2015) [sssd[pam]] [pam_print_data] (0x0100): authtok type: 1 (Thu Sep 24 14:14:16 2015) [sssd[pam]] [pam_print_data] (0x0100): newauthtok type: 0 (Thu Sep 24 14:14:16 2015) [sssd[pam]] [pam_print_data] (0x0100): priv: 1 (Thu Sep 24 14:14:16 2015) [sssd[pam]] [pam_print_data] (0x0100): cli_pid: 27660 (Thu Sep 24 14:14:16 2015) [sssd[pam]] [sbus_add_timeout] (0x2000): 0x22b2a10 (Thu Sep 24 14:14:16 2015) [sssd[pam]] [pam_dom_forwarder] (0x0100): pam_dp_send_req returned 0 (Thu Sep 24 14:14:16 2015) [sssd[pam]] [sss_dp_req_destructor] (0x0400): Deleting request: [0x417d60:3:ondrejv@default] (Thu Sep 24 14:14:16 2015) [sssd[pam]] [sbus_remove_timeout] (0x2000): 0x22b2a10 (Thu Sep 24 14:14:16 2015) [sssd[pam]] [sbus_dispatch] (0x4000): dbus conn: 0x22b1f10 (Thu Sep 24 14:14:16 2015) [sssd[pam]] [sbus_dispatch] (0x4000): Dispatching. (Thu Sep 24 14:14:16 2015) [sssd[pam]] [pam_dp_process_reply] (0x0100): received: [4][default] (Thu Sep 24 14:14:16 2015) [sssd[pam]] [pam_reply] (0x0200): pam_reply called with result [4].
^^ pam responder received PAM_SYSTEM_ERR from default domain
The debug mesasge is improved in newer sssd.
Which version of sssd do you use? I agree with Sumit. We will need to see the krb5_child.log (log file from default domain might be useful as well)
LS