I am now getting this....
regards Steven Jones Technical Specialist - Linux RHCE Victoria University, Wellington, NZ 0064 4 463 6272 ________________________________ From: Joe Linoff [[email protected]] Sent: Tuesday, 24 July 2012 10:04 a.m. To: Steven Jones Cc: [email protected]; Joe Linoff Subject: Re: [Freeipa-users] User can't login via ssh from external Hi Steve: Thank you for your suggestions. > In the gui you can do a hbac test of the rule. I ran the hbactest rule testing from the command line using “ipa hbactest …”. It showed that the rules were correct. Do you think that the GUI might provide a different result? > Also what are the UIDS? IPA provided 32bit ones? or your own? The UID’s were provided by IPA. Actually during testing I also provided my own at one point but reverted back when that didn’t seem to make a difference. Can you explain why that might cause the problem? For example, would duplicates break the system or are there ranges of UIDs that are not legal? > I'd suggest re-setting that user's password and get them to login and reset > the password, that > works for me, it was a sign of bad/failed replication in my system I think > (now fixed). I tried that using kpasswd and “ipa passwd” to change the password but neither solved the problem. In both cases I was able to run “kinit new-user” and set the credentials using the new password but new-user could not ssh in. It was a really strange problem. It looks like something got out of sync but I could not (and cannot) figure out where. It is doubly difficult because removing and re-adding the user worked. In addition, adding other users worked. Regards, Joe
_______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
