This is also happening to me from time to time. But in my case, I added users through Qluman, as described in the docs. These are the last lines of the /var/log/auth.log file on the FE node, right after the login attempt.
...
sshd[9118]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.0.2.159 user=********* sshd[9118]: pam_sss(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.0.2.159 user=********* sshd[9118]: pam_sss(sshd:auth): received for user *********: 7 (Authentication failure) sshd[9118]: Failed password for ********* from 10.0.2.159 port 40398 ssh2
I've omitted the username and the timestamps and hostname columns from the lines above. Does anyone have any clue what might be going on? Do I need to show anything else?
--- Qlustar Version: *12* Head-Node Kernel Version: *5.13.19-051319-generic* QluMan Server Version: *12.0.7.5* Image (FE) Kernel Version: *5.4.209-ql-generic-12.0-19* Image (FE) Version: *Qlustar 12.0.1.0-b548f1441*
"B" == Beethoven Santos thovensantos@gmail.com writes:
Hi Santos,
B> This is also happening to me from time to time. But in my case, I B> added users through Qluman, as described in the docs. These are B> the last lines of the /var/log/auth.log file on the FE node, B> right after the login attempt.
B> ... sshd[9118]: pam_unix(sshd:auth): authentication failure; B> logname= uid=0 euid=0 tty=ssh ruser= rhost=10.0.2.159 B> user=********* sshd[9118]: pam_sss(sshd:auth): B> authentication failure; logname= uid=0 euid=0 tty=ssh ruser= B> rhost=10.0.2.159 user=********* sshd[9118]: B> pam_sss(sshd:auth): received for user *********: 7 B> (Authentication failure) sshd[9118]: Failed password for B> ********* from 10.0.2.159 port 40398 ssh2
B> I've omitted the username and the timestamps and hostname columns B> from the lines above. Does anyone have any clue what might be B> going on? Do I need to show anything else?
we have observed this recently as well. It is possibly connected to the LDAP password policy by which a number of false pwd attempts lead to a lockout. You can manually edit the relevant settings, using ldapvi (install per apt on the head-node).
$ ldapvi -Z -D cn=admin,$(awk '/BASE/ {print $2}' /etc/ldap/ldap.conf)
with the password written in /etc/qlustar/qluman/ldap.cf (adminpwd).
The relevant object is cn=ppolicy,ou=policies where you can redefine
pwdInHistory pwdMaxFailure pwdFailureCountInterval pwdLockoutDuration
You can check the general OpenLDAP docs for the meaning of these parameters.
Best,
Roland