LINUX.ORG.RU
ФорумAdmin

не возможно залогиниться

 ,


0

1

Астра заведена в домен.Командой id выдает инфу по пользователю но доменного пользователя не пускает в домен - задержка и пишет acccess denied

в логах:

 sshd[11320]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=*.*.*.*  user=user_ya
Apr 29 15:16:47 server1 sshd[11320]: Failed password for user_ya from *.*.*.* port 54974 ssh2


Последнее исправление: Dimez (всего исправлений: 7)
Ответ на: комментарий от bigbit
# /etc/pam.d/common-auth - authentication settings common to all services
#
# This file is included from other service-specific PAM config files,
# and should contain a list of the authentication modules that define
# the central authentication scheme for use on the system
# (e.g., /etc/shadow, LDAP, Kerberos, etc.).  The default is to use the
# traditional Unix authentication mechanisms.
#
# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
# To take advantage of this, it is recommended that you configure any
# local modules either before or after the default block, and use
# pam-auth-update to manage selection of other modules.  See
# pam-auth-update(8) for details.

# here are the per-package modules (the "Primary" block)
auth    [success=ignore default=2]      pam_localuser.so
auth    [success=1 default=ignore]      pam_succeed_if.so quiet user ingroup astra-admin
auth    [success=ignore default=die]    pam_tally.so per_user deny=8
auth    [success=2 default=ignore]      pam_unix.so nullok_secure try_first_pass
auth    [success=1 default=ignore]      pam_sss.so use_first_pass
# here's the fallback if no module succeeds
auth    requisite                       pam_deny.so
# prime the stack with a positive return value if there isn't one already;
# this avoids us returning an error just because nothing sets a success code
# since the modules above will each just jump around
auth    required                        pam_permit.so
# and here are more per-package modules (the "Additional" block)
# end of pam-auth-update config

вот так у меня настроено

NovenkiiYa
() автор топика
Ответ на: комментарий от bigbit

Извиняюсь

не успеваю ввести пароль а уже access denied Apr 29 17:13:20 server2 sshd[12076]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=... user=kruchin Apr 29 17:13:21 server2 sshd[12076]: pam_sss(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=... user=kruchin Apr 29 17:13:21 server2 sshd[12076]: pam_sss(sshd:auth): received for user kruchin: 4 (System error) Apr 29 17:13:23 server2 sshd[12076]: Failed password for kruchin from ... port 60552 ssh2
NovenkiiYa
() автор топика
Ответ на: комментарий от bigbit

пока что нашел там повторение:

(2025-04-29 16:39:15): [sssd] [sss_ptr_hash_delete] (0x0020): Unable to remove key ':1.3' from table
(2025-04-29 16:39:15): [sssd] [sss_ptr_hash_delete] (0x0020): Unable to remove key 'sssd.pam' from table
(2025-04-29 16:39:15): [sssd] [monitor_sbus_RegisterService] (0x0100): Received ID registration: (pam,1)
(2025-04-29 16:39:15): [sssd] [sss_ptr_hash_delete] (0x0020): Unable to remove key ':1.4' from table
(2025-04-29 16:39:15): [sssd] [sss_ptr_hash_delete] (0x0020): Unable to remove key 'sssd.nss' from table
(2025-04-29 16:39:15): [sssd] [monitor_sbus_RegisterService] (0x0100): Received ID registration: (nss,1)
(2025-04-29 17:13:21): [sssd] [sss_ptr_hash_delete] (0x0020): Unable to remove key ':1.5' from table
(2025-04-29 17:13:21): [sssd] [sss_ptr_hash_delete] (0x0020): Unable to remove key 'sssd.pac' from table
(2025-04-29 17:13:21): [sssd] [monitor_sbus_RegisterService] (0x0100): Received ID registration: (pac,1)
(2025-04-29 17:20:51): [sssd] [sss_ptr_hash_delete] (0x0020): Unable to remove key ':1.5' from table
(2025-04-29 17:23:31): [sssd] [sss_ptr_hash_delete] (0x0020): Unable to remove key ':1.6' from table
(2025-04-29 17:23:31): [sssd] [sss_ptr_hash_delete] (0x0020): Unable to remove key 'sssd.pac' from table
(2025-04-29 17:23:31): [sssd] [monitor_sbus_RegisterService] (0x0100): Received ID registration: (pac,1)
NovenkiiYa
() автор топика
2 июля 2025 г.
Ответ на: комментарий от NovenkiiYa

Вообщем сейчас ситуация такая: id пользователя проходит klist: No credentials cache found (filename: /tmp/krb5cc_0) если выполняю kinit то получает билет при попытке входа доменным пользователем : :Preauthentication failed Cannot find key for HTTP/ kvno 14 in keytab

NovenkiiYa
() автор топика