Its a newly installed IPA Server, haven't added any Rules. The relevant output from /var/log/secure :
Jan 2 13:36:24 ipaserver sshd[4864]: Invalid user from 192.168.227.100 Jan 2 13:36:24 ipaserver sshd[4865]: input_userauth_request: invalid user Jan 2 13:36:26 ipaserver sshd[4865]: Connection closed by 192.168.227.100 Jan 2 13:36:35 ipaserver sshd[4868]: Invalid user [email protected] 192.168.227.100 Jan 2 13:36:35 ipaserver sshd[4869]: input_userauth_request: invalid user [email protected] Jan 2 13:36:44 ipaserver sshd[4868]: pam_unix(sshd:auth): check pass; user unknown Jan 2 13:36:44 ipaserver sshd[4868]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.227.100 Jan 2 13:36:44 ipaserver sshd[4868]: pam_succeed_if(sshd:auth): error retrieving information about user [email protected] Jan 2 13:36:46 ipaserver sshd[4868]: Failed password for invalid user [email protected] from 192.168.227.100 port 62484 ssh2 2014/1/2 Rob Crittenden <[email protected]> > Genadi Postrilko wrote: > >> Hi all. >> >> I have a running IPA Server (3.0.0-37) on RHEL 6.2. >> I'm trying to create Trust between IPA server and AD (In different DNS >> domains). I followed the red hat guide >> https://access.redhat.com/site/documentation/en-US/Red_ >> Hat_Enterprise_Linux/6/pdf/Identity_Management_Guide/Red_ >> Hat_Enterprise_Linux-6-Identity_Management_Guide-en-US.pdf. >> >> When i completed the needed step to create the trust and retrieved a krb >> ticket from the AD server: >> >> [root@ipaserver ~]# kinit [email protected] >> <mailto:[email protected]> >> Password for [email protected] <mailto:[email protected]>: >> >> [root@ipaserver ~]# klist >> Ticket cache: FILE:/tmp/krb5cc_0 >> Default principal: [email protected] <mailto:[email protected]> >> >> >> Valid starting Expires Service principal >> 01/02/14 12:20:30 01/02/14 22:20:34 krbtgt/[email protected] >> <mailto:[email protected]> >> >> renew until 01/03/14 12:20:30 >> >> But when i try to connect to the IPA server via SHH (Putty) i get >> "Access denied" message: >> >> login as: [email protected] <mailto:[email protected]> >> [email protected]@192.168.227.128 <http://192.168.227.128>'s >> password: >> >> Access denied >> >> Any ideas on what i could have done wrong in the process of creating the >> trust? >> > > I'd check the sssd logs and /var/log/secure. > > Do you have any HBAC rules? > > rob >
_______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
