I ran that and the sshd service shows access granted True even though ssh-ing in doesn't work. Does the user have to have both login and sshd to login via ssh? Other users that have the same permissions are able to get in OK which is why this is so confusing.
On Tue, Mar 17, 2020 at 1:04 AM Angus Clarke <[email protected]> wrote: > Hello > > I suggest running the hbactest function, somrthing like: > > ipa hbactest --user=user1 --host=fqdn.of.target.server --service=login > > Regards > Angus > > ------------------------------ > *From:* Kristian Petersen via FreeIPA-users < > [email protected]> > *Sent:* 16 March 2020 21:57 > *To:* FreeIPA users list <[email protected]> > *Cc:* Kristian Petersen <[email protected]> > *Subject:* [Freeipa-users] Some users unable to log in to host > > Hey all, > > I have a user that is trying to log into a host that is configured to have > access restricted via an HBAC rule. This user is a member of one of the > groups defined in the HBAC rule that should be granted access. When this > user tries to SSH in to this host, they get 3 consecutive password prompts > like "Password:" and then one like "username@domain's password:" and then > they get a response of "Permission denied, please try again." I am not > seeing any entries in the messages log or secure log for this user from > these log in attempts. Anyone have any thoughts about why this is > happening? > -- > Kristian Petersen > System Administrator > BYU Dept. of Chemistry and Biochemistry > -- Kristian Petersen System Administrator BYU Dept. of Chemistry and Biochemistry
_______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
