Hello Guys, I have problems FreeIPA-client configuration. I have following errors in my /var/log/messages, when I try login by freeipa account:


Code:
Dec  2 18:21:24 linux-l3wy sshd[12481]: Invalid user admin from 192.168.0.159
Dec  2 18:21:24 linux-l3wy sshd[12481]: input_userauth_request: invalid user admin [preauth]
Dec  2 18:21:24 linux-l3wy sssd_be: No worthy mechs found
Dec  2 18:21:24 linux-l3wy sshd[12481]: Postponed keyboard-interactive for invalid user admin from 192.168.0.159 port 38175 ssh2 [preauth]




Dec  2 18:21:41 linux-l3wy sshd[12484]: pam_sss(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.0.159 user=admin
Dec  2 18:21:41 linux-l3wy sshd[12484]: pam_sss(sshd:auth): received for user admin: 10 (User not known to the underlying authentication module)
Dec  2 18:21:41 linux-l3wy sshd[12481]: error: PAM: User not known to the underlying authentication module for illegal user admin from 192.168.0.159
Dec  2 18:21:41 linux-l3wy sshd[12481]: Failed keyboard-interactive/pam for invalid user admin from 192.168.0.159 port 38175 ssh2
Dec  2 18:21:41 linux-l3wy sshd[12481]: Postponed keyboard-interactive for invalid user admin from 192.168.0.159 port 38175 ssh2 [preauth]




Dec  2 18:21:50 linux-l3wy sshd[12481]: Connection closed by 192.168.0.159 [preauth]

My installed packages
sssd-ldap-1.11.2-110.6.x86_64
sssd-ipa-1.11.2-110.6.x86_64
sssd-1.11.2-110.6.x86_64
sssd-tools-1.11.2-110.6.x86_64
sssd-krb5-common-1.11.2-110.6.x86_64


My config files
/etc/sssd/sssd.conf
Code:
debug_level=9
[domain/example.com]


cache_credentials = True
krb5_store_password_if_offline = True
ipa_domain = example.com
id_provider = ipa
auth_provider = ipa
access_provider = ipa
ipa_hostname = client1.example.com
chpass_provider = ipa
ipa_server = _srv_, ipa.example.com
ldap_tls_cacert = /etc/ipa/ca.crt
[sssd]
services = nss, pam, ssh
config_file_version = 2


domains = example.com
[nss]


[pam]


[sudo]


[autofs]


[ssh]


[pac]
/etc/krb5.conf
Code:
[libdefaults]
  default_realm = EXAMPLE.COM
  #dns_lookup_realm = false
  #dns_lookup_kdc = false
  dns_lookup_realm = true
  dns_lookup_kdc = true
  rdns = false
  ticket_lifetime = 24h
  forwardable = yes
  #allow_weak_crypto = true


[realms]
  example.COM = {
    pkinit_anchors = FILE:/etc/ipa/ca.crt
    #kdc = ipa.example.com:88
    #admin_server = ipa.example.com:749
    #default_domain = example.com
  }


[domain_realm]
  .example.com = example.COM
  example.com = example.COM


[logging]
  default = FILE:/var/log/krb5libs.log
  kdc = FILE:/var/log/krb5kdc.log
  admin_server = FILE:/var/log/kadmind.log
/etc/openldap/ldap.conf
Code:
URI ldaps://ipa.example.com
BASE dc=example,dc=com
TLS_CACERT /etc/ipa/ca.crt
/etc/nsswitch.conf
Code:
passwd:    compat sss
shadow:    compat sss
group:    compat sss


hosts:    files dns
networks:    files dns


services:    files
protocols:    files
rpc:    files
ethers:    files
netmasks:    files
netgroup:    files sss
publickey:    files


bootparams:    files
automount:    files nis
aliases:    files
grep sss /etc/pam.d/*
Code:
/etc/pam.d/common-account:account    required    pam_sss.so    use_first_pass    
/etc/pam.d/common-account-pc:account    required    pam_sss.so    use_first_pass    
/etc/pam.d/common-auth:auth    required    pam_sss.so    use_first_pass    
/etc/pam.d/common-auth-pc:auth    required    pam_sss.so    use_first_pass    
/etc/pam.d/common-password:password    required    pam_sss.so    use_authtok
/etc/pam.d/common-password-pc:password    required    pam_sss.so    use_authtok
/etc/pam.d/common-session:session    optional    pam_sss.so    
/etc/pam.d/common-session-pc:session    optional    pam_sss.so

Could you help me fix it please?


PS. Excuse me for my english.