On Thu, Sep 06, 2018 at 09:58:20AM +0200, Pieter Baele via FreeIPA-users wrote: > @Jakub: not planning to use full_name_format on IDM servers, only on the > (SAS Viya) CAS Worker Nodes (if this is the problem....) > Somehow I can no longer login directly using my AD user (which has an > override in IPA) - once the db/mc/cache is cleared. > > Sep 6 09:54:25 iictyibcls012 sshd[30884]: pam_sss(sshd:auth): > authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=x user=y > Sep 6 09:54:25 iictyibcls012 sshd[30884]: pam_sss(sshd:auth): received for > user x: 6 (Permission denied)
Hmm, this might be caused by a number of reasons, so I really need to see the logs from that machine. The most probably causes are that either sssd goes offline for one reason or another (sssctl domain-status is a good help in this respect) or that HBAC is kicking you out. _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
