CentOS requires entering password twice for sudo, login

password authentication login centos ldap

Solution 1:

I don't have enough rep to comment it seems, so this is a bit of a shot in the dark attempt at an answer.

pam_ldap: ldap_starttls_s: Operations error

I have to wonder if this part of your log is indicating the culprit. My suspicion is that your ldap config is mishandling tls in some way that causes the connection to fail.

Notice the responses from each module:

pam_ldap: ldap_starttls_s: Operations error
pam_sss(sshd:account): Access denied for user matt: 10 (User not known to the underlying authentication module)
pam_unix(sshd:session): session opened for user matt by (uid=0)

So what we have here is ldap saying it failed due to error, sss saying it doesn't know who you are, and local auth saying successful.

Directions to consider:

  1. Are there any errors in the ldap server logs?
  2. If possible, can you disable TLS and see if that works?
  3. Does ldapsearch work?

Related

Why is a windows file share not accessible intermittently?
Odd performance fluctation with php-fpm and nginx
GPO startup script not being ran
Slab usage extremely high?
I can't upload server certificate on AWS IAM
Configuring Synology NAS as freeIPA client
Windows updates fail (KB2992611) - "The stub received bad data"
Windows Server 2012 time keeps setting itself 12 minutes ahead
Windows File Sharing not working
Open .xml attachments in "default program" instead of Internet Explorer
How to "bounce" or proxy XMPP accounts?
Berksfile source doesn't recognize self-hosted Chef server