This is what I get in sssd_pam.log:

[pam_dp_process_reply] (0x0200): received: [6 (Permission denied)][
ad.example.com]
[pam_reply] (0x0200): pam_reply called with result [6]: Permission denied.

I don't think the bug you listed applies.  We have the service set to 'any'
and hbactest says the user should be able to login.

Any idea what to try next or what logs to look at?


On Sat, Aug 12, 2017 at 7:37 AM, Lukas Slebodnik <lsleb...@redhat.com>
wrote:

> On (11/08/17 14:17), Steve Weeks via FreeIPA-users wrote:
> >We are running FreeIPA 4.4
> >
> >I just upgraded a system from fedora 25 to fedora 26 using dnf.
> >
> >The first problem is that the mkhomedir option is lost.  I've reinstated
> it
> >with:
> >
> >authconfig --enablemkhomedir --update
> >
> >The second problem is that AD users still can't login.  This is a server
> >system with a tty style login.  The response from login is "Login
> >incorrect".  When I look in the logs, I see "Permission denied".  hbactest
> >says that the users should have access.
> >
> Which pam service was denied?
>
> @see also https://bugzilla.redhat.com/show_bug.cgi?id=1474899#c8
>
> LS
>
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to