Fedora 21 pam_sss authentication failure - permission denied

ldap fedora pam sssd
17,859

I found the solution to the problem. By running sssd -i -d 4 and trying to log in on a different console, I saw that START TLS was where the login failed. Apparently Red Hat and Fedora by default use TLS. The server does not have TLS (we don't have enough time right now). To disable TLS edit /etc/sysconfig/authconfig on the client machine and update FORCELEGACY=no to FORCELEGACY=yes.

Credit to http://www.linuxquestions.org/questions/linux-enterprise-47/rhel-6-ldap-now-requires-tls-843917/

(Thank you Andy for trying to help!)

Share:
17,859

Related videos on Youtube

Joel May
Author by

Joel May

Updated on September 18, 2022

Comments

  • Joel May
    Joel May almost 2 years

    We have configured a OpenLDAP server which is working fine. FreeBSD, Debian, and a WordPress plugin authenticate with no problems. We are configuring Fedora 21 with pam_sss, but we get the following error in /var/log/secure:

    Mar  1 00:15:00 www sshd[1176]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=199.100.16.39  user={REDACTED}
Mar  1 00:15:00 www sshd[1176]: pam_sss(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=199.100.16.39 user={REDACTED}
Mar  1 00:15:00 www sshd[1176]: pam_sss(sshd:auth): received for user {REDACTED}: 6 (Permission denied)

    getent passwd {REDACTED} returns

    {REDACTED}:*:1000:500:{REDACTED (full user name)}:/home/users/{REDACTED}:

    The command I ran the configure the client is

    authconfig --enableldap --enableldapauth --ldapserver='ldap://{REDACTED (IP)}:389/' --ldapbasedn='dc={REDACTED},dc={REDACTED},dc=com' --enablemkhomedir --enableshadow  --update

    We have searched online for information about this specific error (the combination of authentication failure and 6 (Permission denied)), but have not found any instances where it has been solved.

    • Andy
      Andy over 9 years
      Authconfig tries so hard to obfuscate a lot of disparate configs, and adds its own. Try instead of "--enableldap --enableldapauth" the unintuitive "--disableldap --disableldapauth --enablesssd --enablesssdauth" . Can you post your /etc/sssd/sssd.conf?

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

sssd vs nslcd for RHEL-5/6
PAM vs LDAP vs SSSD vs Kerberos
Is anyone using access.conf and netgroup authentication with sssd?
Where are passwords stored?
LDAP/Pam: No passwd entry for user while getent passwd shows all LDAP users
Why is sssd an unrecognized service, even though it is installed and can be restarted?
Allow AD Groups to SUDO
Restrict ssh login from LDAP to users who have a /home directory
How do I clear a user's cached Active Directory password on CentOS 7?
While trying to ssh, pam_ldap always sends the password "INCORRECT" causing bind to fail