On Thu, Sep 14, 2017 at 06:28:50PM -0000, Louis Abel via FreeIPA-users wrote: > Jakub, you might be onto something. > > Sep 14 18:11:08 pentl01.ipa.example.com ns-slapd: pam_sss(system-auth:auth): > authentication failure; logname= uid=389 euid=389 tty= ruser= rhost= > [email protected] > Sep 14 18:11:08 pentl01.ipa.example.com ns-slapd: pam_sss(system-auth:auth): > received for user [email protected]: 7 (Authentication failure) > > Would this mean that I need an HBAC policy allowing specific/all users > system-auth against the IPA servers? Or what would you suggest? It does seem > a little overkill if I did that. Unless there's a better way.
Well, yes and no. If it was the HBAC access control that was kicking you out, I would have expected the error code to be different (6 is typically returned for access denied). So I would also suggest to increase the sssd debug log on the server and try the login attempt again, then check out sssd logs. _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected]
