Hello Guys, I have problems FreeIPA-client configuration. I have following errors in my /var/log/messages, when I try login by freeipa account:
Dec 2 18:21:24 linux-l3wy sshd[12481]: Invalid user admin from 192.168.0.159
Dec 2 18:21:24 linux-l3wy sshd[12481]: input_userauth_request: invalid user admin [preauth]
Dec 2 18:21:24 linux-l3wy sssd_be: No worthy mechs found
Dec 2 18:21:24 linux-l3wy sshd[12481]: Postponed keyboard-interactive for invalid user admin from 192.168.0.159 port 38175 ssh2 [preauth]
Dec 2 18:21:41 linux-l3wy sshd[12484]: pam_sss(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.0.159 user=admin
Dec 2 18:21:41 linux-l3wy sshd[12484]: pam_sss(sshd:auth): received for user admin: 10 (User not known to the underlying authentication module)
Dec 2 18:21:41 linux-l3wy sshd[12481]: error: PAM: User not known to the underlying authentication module for illegal user admin from 192.168.0.159
Dec 2 18:21:41 linux-l3wy sshd[12481]: Failed keyboard-interactive/pam for invalid user admin from 192.168.0.159 port 38175 ssh2
Dec 2 18:21:41 linux-l3wy sshd[12481]: Postponed keyboard-interactive for invalid user admin from 192.168.0.159 port 38175 ssh2 [preauth]
Dec 2 18:21:50 linux-l3wy sshd[12481]: Connection closed by 192.168.0.159 [preauth]
My installed packages
sssd-ldap-1.11.2-110.6.x86_64
sssd-ipa-1.11.2-110.6.x86_64
sssd-1.11.2-110.6.x86_64
sssd-tools-1.11.2-110.6.x86_64
sssd-krb5-common-1.11.2-110.6.x86_64
My config files
/etc/sssd/sssd.conf
debug_level=9
[domain/example.com]
cache_credentials = True
krb5_store_password_if_offline = True
ipa_domain = example.com
id_provider = ipa
auth_provider = ipa
access_provider = ipa
ipa_hostname = client1.example.com
chpass_provider = ipa
ipa_server = _srv_, ipa.example.com
ldap_tls_cacert = /etc/ipa/ca.crt
[sssd]
services = nss, pam, ssh
config_file_version = 2
domains = example.com
[nss]
[pam]
[sudo]
[autofs]
[ssh]
[pac]
/etc/krb5.conf
[libdefaults]
default_realm = EXAMPLE.COM
#dns_lookup_realm = false
#dns_lookup_kdc = false
dns_lookup_realm = true
dns_lookup_kdc = true
rdns = false
ticket_lifetime = 24h
forwardable = yes
#allow_weak_crypto = true
[realms]
example.COM = {
pkinit_anchors = FILE:/etc/ipa/ca.crt
#kdc = ipa.example.com:88
#admin_server = ipa.example.com:749
#default_domain = example.com
}
[domain_realm]
.example.com = example.COM
example.com = example.COM
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
/etc/openldap/ldap.conf
URI ldaps://ipa.example.com
BASE dc=example,dc=com
TLS_CACERT /etc/ipa/ca.crt
/etc/nsswitch.conf
passwd: compat sss
shadow: compat sss
group: compat sss
hosts: files dns
networks: files dns
services: files
protocols: files
rpc: files
ethers: files
netmasks: files
netgroup: files sss
publickey: files
bootparams: files
automount: files nis
aliases: files
grep sss /etc/pam.d/*
/etc/pam.d/common-account:account required pam_sss.so use_first_pass
/etc/pam.d/common-account-pc:account required pam_sss.so use_first_pass
/etc/pam.d/common-auth:auth required pam_sss.so use_first_pass
/etc/pam.d/common-auth-pc:auth required pam_sss.so use_first_pass
/etc/pam.d/common-password:password required pam_sss.so use_authtok
/etc/pam.d/common-password-pc:password required pam_sss.so use_authtok
/etc/pam.d/common-session:session optional pam_sss.so
/etc/pam.d/common-session-pc:session optional pam_sss.so
Could you help me fix it please?
PS. Excuse me for my english.