[root@freeipa ~]# ipa hbactest --user=myuser --host=my.fqdn. --service=sshd -------------------- Access granted: True -------------------- Matched rules: allow_all [root@freeipa ~]#
└─> ssh [email protected] -i /home/user/.ssh/key Connection closed by 54x.x.x.x (client server logs) Apr 10 13:59:04 ip-10-152-174-17 sshd[22868]: pam_sss(sshd:account): Access denied for user myuser: 4 (System error) Apr 10 13:59:04 ip-10-152-174-17 sshd[22872]: fatal: Access denied for user client by PAM account configuration (client ipa versions) ipa-admintools-3.0.0-26.el6_4.2.x86_64 ipa-client-3.0.0-26.el6_4.2.x86_64 ipa-python-3.0.0-26.el6_4.2.x86_64 (master ipa versions) [root@freeipa ~]# rpm -qa |grep ipa- ipa-pki-common-theme-9.0.3-7.el6.noarch ipa-pki-ca-theme-9.0.3-7.el6.noarch ipa-client-3.0.0-26.el6_4.2.x86_64 ipa-python-3.0.0-26.el6_4.2.x86_64 ipa-admintools-3.0.0-26.el6_4.2.x86_64 ipa-server-selinux-3.0.0-26.el6_4.2.x86_64 ipa-server-3.0.0-26.el6_4.2.x86_64 [root@freeipa ~]# On Thu, Apr 4, 2013 at 5:06 PM, KodaK <[email protected]> wrote: > Run an hbactest: > > ipa hbactest --user=youruser --host=fqdn.of.host --service=sshd > > Make sure that works, if it does, then you can move on to troubleshooting > the host itself. > > > On Thu, Apr 4, 2013 at 2:27 PM, Shawn <[email protected]> wrote: > >> Hi, >> >> I have configured a ipa-server, replica and client. >> >> In the GUI I can see that all hosts are in the "hosts" list.. I have >> created a single user as well and attached that user to the client. >> >> When trying to login as the user to the client, I see this in the >> secure.log. >> >> fatal: Access denied for user <username> by PAM account configuration. >> >> any suggestions on steps to troubleshoot this? >> >> Thanks >> >> >> -- >> *- Shawn Taaj* >> >> _______________________________________________ >> Freeipa-users mailing list >> [email protected] >> https://www.redhat.com/mailman/listinfo/freeipa-users >> > > > > -- > The government is going to read our mail anyway, might as well make it > tough for them. GPG Public key ID: B6A1A7C6 > -- *- Shawn Taaj*
_______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
