[CentOS] ldap host attribute is ignored
Ulrich Hiller
hiller at mpia-hd.mpg.de
Tue May 12 13:25:23 UTC 2015
>
> After that you'll probably have to turn up logging in sssd and check its
> logs to see what it's doing.
i have set logging in sssd to 9:
cache_credentials = true
debug_level = 9
I first tried a user with the correct host attribute, then a user
without the host attribute. The output in the logfiles are the same.
Note: USER ist not a local user. Without correct ldap password the user
cannot login.
User with correct host attribute
--------------------------------
(Tue May 12 13:16:36 2015) [sssd[be[default]]] [pam_print_data]
(0x0100): command: PAM_SETCRED
(Tue May 12 13:16:36 2015) [sssd[be[default]]] [pam_print_data]
(0x0100): domain: default
(Tue May 12 13:16:36 2015) [sssd[be[default]]] [pam_print_data]
(0x0100): user: USER
(Tue May 12 13:16:36 2015) [sssd[be[default]]] [pam_print_data]
(0x0100): service: sshd
(Tue May 12 13:16:36 2015) [sssd[be[default]]] [pam_print_data]
(0x0100): tty: ssh
(Tue May 12 13:16:36 2015) [sssd[be[default]]] [pam_print_data]
(0x0100): ruser:
(Tue May 12 13:16:36 2015) [sssd[be[default]]] [pam_print_data]
(0x0100): rhost: myhost.mydomain.com
(Tue May 12 13:16:36 2015) [sssd[be[default]]] [pam_print_data]
(0x0100): authtok type: 0
(Tue May 12 13:16:36 2015) [sssd[be[default]]] [pam_print_data]
(0x0100): newauthtok type: 0
(Tue May 12 13:16:36 2015) [sssd[be[default]]] [pam_print_data]
(0x0100): priv: 0
(Tue May 12 13:16:36 2015) [sssd[be[default]]] [pam_print_data]
(0x0100): cli_pid: 5921
(Tue May 12 13:16:36 2015) [sssd[be[default]]] [pam_print_data]
(0x0100): logon name: not set
journalctl:
May 12 13:16:36 localhost sshd[5917]: pam_unix(sshd:auth): unrecognized
ENCRYPT_METHOD value [DES]
May 12 13:16:36 localhost sshd[5917]: pam_unix(sshd:auth):
authentication failure; logname= uid=0 euid=0 tty=ssh ruser=
rhost=myhost.mydomain.com user=USER
May 12 13:16:36 localhost sshd[5917]: pam_sss(sshd:auth): authentication
success; logname= uid=0 euid=0 tty=ssh ruser= rhost=myhost.mydomain.com
user=USER
May 12 13:16:36 localhost sshd[5917]: pam_unix(sshd:account):
unrecognized ENCRYPT_METHOD value [DES]
May 12 13:16:36 localhost sshd[5917]: Accepted password for USER from
999.999.999.999 port 33399 ssh2
May 12 13:16:36 localhost systemd[1]: Starting user-501.slice.
May 12 13:16:36 localhost systemd[1]: Created slice user-501.slice.
May 12 13:16:36 localhost systemd[1]: Starting Session 24 of user USER.
May 12 13:16:36 localhost systemd[1]: Started Session 24 of user USER.
May 12 13:16:36 localhost systemd-logind[601]: New session 24 of user USER.
May 12 13:16:36 localhost sshd[5917]: pam_unix(sshd:session):
unrecognized ENCRYPT_METHOD value [DES]
May 12 13:16:36 localhost sshd[5917]: pam_unix(sshd:session): session
opened for user USER by (uid=0)
May 12 13:16:40 localhost sshd[5921]: Received disconnect from
999.999.999.999: 11: disconnected by user
May 12 13:16:40 localhost sshd[5917]: pam_unix(sshd:session):
unrecognized ENCRYPT_METHOD value [DES]
May 12 13:16:40 localhost sshd[5917]: pam_unix(sshd:session): session
closed for user USER
May 12 13:16:40 localhost systemd-logind[601]: Removed session 24.
User without host attribute:
----------------------------
sssd.log:
(Tue May 12 13:27:46 2015) [sssd[be[default]]] [pam_print_data]
(0x0100): command: PAM_CLOSE_SESSION
(Tue May 12 13:27:46 2015) [sssd[be[default]]] [pam_print_data]
(0x0100): domain: default
(Tue May 12 13:27:46 2015) [sssd[be[default]]] [pam_print_data]
(0x0100): user: USER
(Tue May 12 13:27:46 2015) [sssd[be[default]]] [pam_print_data]
(0x0100): service: sshd
(Tue May 12 13:27:46 2015) [sssd[be[default]]] [pam_print_data]
(0x0100): tty: ssh
(Tue May 12 13:27:46 2015) [sssd[be[default]]] [pam_print_data]
(0x0100): ruser:
(Tue May 12 13:27:46 2015) [sssd[be[default]]] [pam_print_data]
(0x0100): rhost: myhost.mydomain.com
(Tue May 12 13:27:46 2015) [sssd[be[default]]] [pam_print_data]
(0x0100): authtok type: 0
(Tue May 12 13:27:46 2015) [sssd[be[default]]] [pam_print_data]
(0x0100): newauthtok type: 0
(Tue May 12 13:27:46 2015) [sssd[be[default]]] [pam_print_data]
(0x0100): priv: 1
(Tue May 12 13:27:46 2015) [sssd[be[default]]] [pam_print_data]
(0x0100): cli_pid: 6051
(Tue May 12 13:27:46 2015) [sssd[be[default]]] [pam_print_data]
(0x0100): logon name: not set
journalctl:
May 12 13:27:44 localhost sshd[6051]: pam_unix(sshd:auth): unrecognized
ENCRYPT_METHOD value [DES]
May 12 13:27:44 localhost sshd[6051]: pam_unix(sshd:auth):
authentication failure; logname= uid=0 euid=0 tty=ssh ruser=
rhost=myhost.mydomain.com user=USER
May 12 13:27:44 localhost sshd[6051]: pam_sss(sshd:auth): authentication
success; logname= uid=0 euid=0 tty=ssh ruser= rhost=myhost.mydomain.com
user=USER
May 12 13:27:44 localhost sshd[6051]: pam_unix(sshd:account):
unrecognized ENCRYPT_METHOD value [DES]
May 12 13:27:44 localhost sshd[6051]: Accepted password for USER from
999.999.999.999 port 33417 ssh2
May 12 13:27:44 localhost systemd[1]: Created slice user-501.slice.
May 12 13:27:44 localhost systemd[1]: Starting Session 26 of user USER.
May 12 13:27:44 localhost systemd[1]: Started Session 26 of user USER.
May 12 13:27:44 localhost systemd-logind[601]: New session 26 of user USER.
May 12 13:27:44 localhost sshd[6051]: pam_unix(sshd:session):
unrecognized ENCRYPT_METHOD value [DES]
May 12 13:27:44 localhost sshd[6051]: pam_unix(sshd:session): session
opened for user USER by (uid=0)
May 12 13:27:46 localhost sshd[6053]: Received disconnect from
999.999.999.999: 11: disconnected by user
May 12 13:27:46 localhost sshd[6051]: pam_unix(sshd:session):
unrecognized ENCRYPT_METHOD value [DES]
May 12 13:27:46 localhost sshd[6051]: pam_unix(sshd:session): session
closed for user USER
May 12 13:27:46 localhost systemd-logind[601]: Removed session 26.
Does this give anyone a clue? Whereelse can i look into?
With kind regards, ulrich
More information about the CentOS
mailing list