Back to this thread; I stood up a new VM and used ipa-client-install to subscribe it to the new server. I can log on to it from both ssh and console, so the problem on my original workstation appears to be in switching from one server to another.


On 02/21/2018 10:29 AM, Bret Wortman wrote:
My only hbac rule is "allow_all", and it's enabled. I hadn't gotten around to setting up any additional ones yet.

On 02/21/2018 10:14 AM, Rob Crittenden wrote:
Bret Wortman via FreeIPA-users wrote:
Any ideas why I might be prevented from logging in on a system through
GDM and the console, but if I log in as root and:

# ssh bretw@localhost

I'm able to log in without issues? And it'll tell me about failed logins
for every time I try through GDM or the console.

This is on a brand new IPA server I'm setting up using data from our
older ones but it's not set up as a replica.
Check HBAC rules. Logging into console is a different pam service than ssh.


FreeIPA-users mailing list --
To unsubscribe send an email to

Reply via email to