Thanks, Rob. SSSD does not seem to be the source of the glitch. The sssd_nss.log says that it successfully finds the user.
All the error in /var/log/auth.log contain "pam_unix", so I tried adding "debug" to the end of every instance of "pam_unix/pam_unix.so" in /etc/pam.d, but it told me nothing new. Any other suggestions ? ______________________________________________________________________________________________ Daniel E. White [email protected]<mailto:[email protected]> NICS Linux Engineer NASA Goddard Space Flight Center 8800 Greenbelt Road Building 14, Room E175 Greenbelt, MD 20771 Office: (301) 286-6919 Mobile: (240) 513-5290 From: Rob Crittenden <[email protected]> Date: Tuesday, March 3, 2020 at 08:10 To: FreeIPA <[email protected]> Cc: Daniel White <[email protected]> Subject: [EXTERNAL] Re: [Freeipa-users] A Debian Head-Scratcher White, Daniel E. (GSFC-770.0)[NICS] via FreeIPA-users wrote: Server: RHEL 7 IdM, ipa-server-4.6.5-11.el7_7.4.x86_64 Client: Debian 10, freeipa-client 4.7.2-3 amd64 Is this version difference a show stopper ? It sorta-kinda-mostly works. I created a test user to test the HBAC rules, and I cannot ssh into this Debian server as this test user. I can ssh in as me, but my login has admin permissions. I can ssh into a CentOS 7 and a RHEL 7 client as "test_user" I tried "su - test_user" and got "sh: Authentication failure" Any suggestions ? I am a novice at Debian. Most of my experience is with Red Hat/CentOS I'd start here: https://urldefense.proofpoint.com/v2/url?u=https-3A__docs.pagure.org_SSSD.sssd_users_troubleshooting.html&d=DwIFaQ&c=ApwzowJNAKKw3xye91w7BE1XMRKi2LN9kiMk5Csz9Zk&r=ef_FKlWa7jWGmQqTrjkcoDY1VuVtcI_10ClISjA3_V8&m=R5hZeDSBF1X5dulGom29xfQp1KeEqge9pQVD_lyA1UA&s=D8quhaMPurwTbD9B97CbJRpz5iuda7ZdvtZylnrutq4&e= rob
_______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
