Back to this thread; I stood up a new VM and used ipa-client-install to subscribe it to the new server. I can log on to it from both ssh and console, so the problem on my original workstation appears to be in switching from one server to another.

Thoughts?


On 02/21/2018 10:29 AM, Bret Wortman wrote:
My only hbac rule is "allow_all", and it's enabled. I hadn't gotten around to setting up any additional ones yet.


On 02/21/2018 10:14 AM, Rob Crittenden wrote:
Bret Wortman via FreeIPA-users wrote:
Any ideas why I might be prevented from logging in on a system through
GDM and the console, but if I log in as root and:

# ssh bretw@localhost

I'm able to log in without issues? And it'll tell me about failed logins
for every time I try through GDM or the console.

This is on a brand new IPA server I'm setting up using data from our
older ones but it's not set up as a replica.
Check HBAC rules. Logging into console is a different pam service than ssh.

rob

_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to