[Freeipa-users] Password failing for sudo-ldap authentication only from one host
David Sastre
d.sastre.medina at gmail.com
Thu Sep 27 06:18:21 UTC 2012
On Wed, Sep 26, 2012 at 11:08 PM, David Sastre Medina <
d.sastre.medina at gmail.com> wrote:
> On Wed, Sep 26, 2012 at 03:06:40PM -0400, Rob Crittenden wrote:
> > David Sastre wrote:
> > > [big snip]
> > Does sssd work on this machine otherwise? getent passwd <foo>, you
> > can log into the console as the user, or perhaps kinit to the user?
>
It looks like sssd is operating correctly
$ getent passwd dsastrem
dsastrem:*:1543400001:1543400001:David Sastre
Medina:/home/dsastrem:/bin/rbash
I can also kinit w/o problems:
$ klist
klist: No credentials cache found (ticket cache FILE:/tmp/krb5cc_500)
$ kinit dsastrem
Password for dsastrem at SOME.DOMAIN.COM:
$ klist
Ticket cache: FILE:/tmp/krb5cc_500
Default principal: dsastrem at SOME.DOMAIN.COM
I can log in using ssh, and the log shows:
debug1: Authentication succeeded (gssapi-with-mic).
Valid starting Expires Service principal
09/27/12 07:59:36 09/28/12 07:59:36 krbtgt/SOME.DOMAIN.COM at SOME.DOMAIN.COM
renew until 09/28/12 08:01:20
Yet, sudo fails to authenticate me:
dsastrem at obelix ~
$ sudo ip addr show
[sudo] password for dsastrem:
Sorry, try again.
[sudo] password for dsastrem:
Sorry, try again.
[sudo] password for dsastrem:
sudo: 2 incorrect password attempts
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20120927/34400b01/attachment.htm>
More information about the Freeipa-users
mailing list