Hello,
I am hoping somebody here can help me. I am trying to authenticate with kerberos. If I use kinit I get a valid ticket if I try
sssctl user-checks -a=auth robin
I get
user: robin@xxx.yyy.zzz
action: auth
service: system-auth
SSSD nss user lookup result:
- user name: robin
- user id: 5001
- group id: 5001
- gecos: robin
- home directory: /home/robin
- shell: /bin/bash
SSSD InfoPipe user lookup result:
- name: robin
- uidNumber: 5001
- gidNumber: 5001
- gecos: robin
- homeDirectory: /home/robin
- loginShell: /bin/bash
testing pam_authenticate
Password:
pam_authenticate for user [robin@xxx.yyyy.zzz]: Authentication failure
PAM Environment:
- KRB5CCNAME=KCM:
My configuration file fore sssd is the following
[sssd]
config_file_version = 2
domains = xxx.yyy.zzz
services = nss, pam
[domain/xxx.yyy.zzz]
debug_level = 5
id_provider = ldap
ldap_uri = ldap://server.xxx.yyy.zzz
ldap_search_base = dc=xxx,dc=yyy,dc=zzz
ldap_schema = rfc2307bis
auth_provider = krb5
krb5_server = server.xxx.yyyy.zzz:88
krb5_kpasswd = server.xxx.yyy.zzz
krb5_realm = XXX.YYY.ZZZ
krb5_map_user = robin:robin
chpass_provider = none
[kcm]
[secrets]
[nss]
filter_groups = root
filter_users = root
reconnection_retries = 3
entry_cache_timeout = 300
[pam]
reconnection_retries = 3
offline_credentials_expiration = 2
offline_failed_login_attempts = 3
offline_failed_login_delay = 5
Actual domain was replaced by xxx.yyy.zzz. I am using Fedora 32 and have no more ideas how to fix the problem and would appreciate any help and hints you can give me.
Thank you
Robin
). I need a kerberos ticket for the user for a nfs share and ssh.