IPA user can not login after changing their uid and gid

Solution Verified - Updated -

Issue

  • Kerberos cache problem with IPA
  • One IPA server and a few other hosts acting as IPA clients in the same VLAN. Rebooted the one of the hosts and that is where the problem began. Can not log on with valid credentials to that one client IPA host. However, other client IPA hosts can log on (directly with Putty or from another box), including the IPA server as well. Able to access the IPA Identity Management web interface as well as admin privileges from browser. Can manipulate ID.
  • Can access the host in question from another host in the same IPA domain by just doing ssh. But not directly (Putty SSH login does not work).
  • We have several ipa deployments and now to standarize the uid and gid of ipa users across all of them. In this particular case, we have an ipa server running on RHEL 6.2, with ipa packages version ipa-server-2.1.3-9.el6.x86_64, and an IPA client also running RHEL 6.2 and with ipa package ipa-client-2.1.3-9.el6.x86_64.
  • We changed the ipa user uid and gid with the following command:
 ipa user-mod --uid=xxxxxxxx --gidnumber=xxxxxxxx xxxxxxx
  • After that we changed the owner of the home directory, but we are still not able to login. We are trying to login using ssh locally and these are the messages shown in /var/log/secure in the ipa client:
Jan 15 16:14:12  sshd[21731]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=localhost  user=xxxxxxx
Jan 15 16:14:12  sshd[21731]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=localhost  user=xxxxxxx
Jan 15 16:14:12  sshd[21731]: pam_sss(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=localhost user=xxxxxxx
Jan 15 16:14:12  sshd[21731]: pam_sss(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=localhost user=xxxxxxx
Jan 15 16:14:12  sshd[21731]: pam_sss(sshd:auth): received for user xxxxxxx: 4 (System error)
Jan 15 16:14:12  sshd[21731]: pam_sss(sshd:auth): received for user xxxxxxx: 4 (System error)
Jan 15 16:14:15  sshd[21731]: Failed password for xxxxxxx from 127.0.0.1 port 42506 ssh2
Jan 15 16:14:15  sshd[21731]: Failed password for xxxxxxx from 127.0.0.1 port 42506 ssh2

Environment

  • Red Hat Enterprise Linux 6

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content