Kristian Petersen via FreeIPA-users wrote: > I ran that and the sshd service shows access granted True even though > ssh-ing in doesn't work. Does the user have to have both login and sshd > to login via ssh? Other users that have the same permissions are able > to get in OK which is why this is so confusing.
No, they are different pam services. You'll need to bump up sssd debugging on the client side to see what is going on. rob > > On Tue, Mar 17, 2020 at 1:04 AM Angus Clarke <[email protected] > <mailto:[email protected]>> wrote: > > Hello > > I suggest running the hbactest function, somrthing like: > > ipa hbactest --user=user1 --host=fqdn.of.target.server --service=login > > Regards > Angus > > ------------------------------------------------------------------------ > *From:* Kristian Petersen via FreeIPA-users > <[email protected] > <mailto:[email protected]>> > *Sent:* 16 March 2020 21:57 > *To:* FreeIPA users list <[email protected] > <mailto:[email protected]>> > *Cc:* Kristian Petersen <[email protected] > <mailto:[email protected]>> > *Subject:* [Freeipa-users] Some users unable to log in to host > > Hey all, > > I have a user that is trying to log into a host that is configured > to have access restricted via an HBAC rule. This user is a > member of one of the groups defined in the HBAC rule that should be > granted access. When this user tries to SSH in to this host, they > get 3 consecutive password prompts like "Password:" and then one > like "username@domain's password:" and then they get a response of > "Permission denied, please try again." I am not seeing any entries > in the messages log or secure log for this user from these log in > attempts. Anyone have any thoughts about why this is happening? > -- > Kristian Petersen > System Administrator > BYU Dept. of Chemistry and Biochemistry > > > > -- > Kristian Petersen > System Administrator > BYU Dept. of Chemistry and Biochemistry > > _______________________________________________ > FreeIPA-users mailing list -- [email protected] > To unsubscribe send an email to [email protected] > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/[email protected] > _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
