[Freeipa-users] error install replication
Dmitri Pal
dpal at redhat.com
Mon Feb 9 14:31:57 UTC 2015
On 02/09/2015 08:34 AM, alireza baghery wrote:
> yes try "ssh admin at hostname" but do not work
> ====log secure-====
>
> Feb 9 15:42:20 ipasrv sshd[13414]: pam_unix(sshd:auth):
> authentication failure; logname= uid=0 euid=0 tty=ssh ruser=
> rhost=10.30.160.20 user=admin
> Feb 9 15:42:20 ipasrv sshd[13414]: pam_sss(sshd:auth): authentication
> success; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.30.160.20
> user=admin
> Feb 9 15:42:20 ipasrv sshd[13414]: pam_sss(sshd:account): Access
> denied for user admin: 6 (Permission denied)
> Feb 9 15:42:20 ipasrv sshd[13414]: Failed password for admin from
> 10.30.160.20 port 52123 ssh2
> Feb 9 15:42:20 ipasrv sshd[13415]: fatal: Access denied for user
> admin by PAM account configuration
>
Do you have HBAC rules? Does admin have the rights to log via SSH?
If you changed the default rules it might be that admin is not allowed
to log via ssh.
>
> On Mon, Feb 9, 2015 at 3:20 PM, Martin Kosek <mkosek at redhat.com
> <mailto:mkosek at redhat.com>> wrote:
>
> Did you try the "ssh admin@`hostname`" command? It should show if
> ssh to admin
> via SSSD&FreeIPA really works.
>
> On 02/09/2015 11:18 AM, alireza baghery wrote:
> > account admin recognize and show uid gid and groups
> > On Feb 9, 2015 1:42 PM, "Martin Kosek" <mkosek at redhat.com
> <mailto:mkosek at redhat.com>> wrote:
> >
> >> Ok. When on the server, does
> >>
> >> # id admin
> >>
> >> or "ssh admin@`hostname`" work? Maybe it does not recognize the
> admin
> >> user.
> >>
> >> On 02/09/2015 09:29 AM, alireza baghery wrote:
> >>> ipasrv# Service SSSD status
> >>> sssd is runing
> >>> nevertheless i restart service sssd
> >>> but problem do not solved
> >>>
> >>> On Mon, Feb 9, 2015 at 11:19 AM, Martin Kosek
> <mkosek at redhat.com <mailto:mkosek at redhat.com>> wrote:
> >>>
> >>>> On 02/09/2015 07:42 AM, alireza baghery wrote:
> >>>>> i check on both server ssh each other's name and ssh
> successful and
> >>>> resolve
> >>>>> name was also correct on each server
> >>>>> but i can not login with user admin from ipareplica via ssh
> >>>> (root at ipareplica]#
> >>>>> ssh admin at ipasrv ===> failed)
> >>>>>
> >>>>> [root at ipareplica ~]# ssh ipasrv
> >>>>> root at ipasrv's password:
> >>>>> Last login: Mon Feb 9 09:49:54 2015 from 10.30.160.20
> >>>>> =====log /var/secure====
> >>>>> Feb 9 09:50:29 ipasrv sshd[12076]: Accepted password for
> root from
> >>>>> 10.30.160.20 port 52110 ssh2
> >>>>> Feb 9 09:50:29 ipasrv sshd[12076]: pam_unix(sshd:session):
> session
> >>>> opened
> >>>>> for user root by (uid=0)
> >>>>> =====
> >>>>> [root at ipasrv ~]# ssh ipareplica
> >>>>> root at ipareplica's password:
> >>>>> Last login: Mon Feb 9 09:50:20 2015 from 10.30.160.19
> >>>>>
> >>>>> ======
> >>>>> [root at ipareplica ~]# nslookup ipasrv
> >>>>> Server: 10.30.160.19
> >>>>> Address: 10.30.160.19#53
> >>>>>
> >>>>> Name: ipasrv
> >>>>> Address: 10.30.160.19
> >>>>>
> >>>>> ========
> >>>>> [root at ipasrv ~]# nslookup ipareplica
> >>>>> Server: 127.0.0.1
> >>>>> Address: 127.0.0.1#53
> >>>>>
> >>>>> Name: ipareplica
> >>>>> Address: 10.30.160.20
> >>>>> =========
> >>>>
> >>>> Ok, so ssh is running, you can log in with root. I think that
> by 99%
> >>>> chance,
> >>>> your SSSD service is not running on the IPA server. Please
> check if this
> >>>> is the
> >>>> case and if yes, please try to (re)start it. If that helped,
> it would be
> >>>> also
> >>>> useful to see *why* the SSSD is not running (crash,
> misconfiguration,
> >> ...)
> >>>>
> >>>> Martin
> >>>>
> >>>
> >>>
> >>>
> >>
> >>
> >
>
>
>
>
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150209/93f3d71d/attachment.htm>
More information about the Freeipa-users
mailing list