Hi, Yesterday we migrated our dev servers to IPA - to help in the migration, I enabled the allow_all HBAC rule, but despite that, some users get this message:
Jul 29 15:56:23 el4966 sshd[98029]: Postponed keyboard-interactive for id094844 from 81.245.6.11 port 35552 ssh2 [preauth] Jul 29 15:56:49 el4966 sshd[98034]: pam_sss(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=el1921.bc user=id094844 Jul 29 15:56:49 el4966 sshd[98034]: pam_sss(sshd:auth): received for user id094844: 6 (Permission denied) < ----- This Jul 29 15:56:52 el4966 sshd[98029]: error: PAM: Authentication failure for id094844 from el1921.bc Jul 29 15:56:52 el4966 sshd[98029]: Failed keyboard-interactive/pam for id094844 from 81.245.6.11 port 35552 ssh2 Jul 29 15:56:58 el4966 sshd[98029]: Postponed keyboard-interactive for id094844 from 81.245.6.11 port 35552 ssh2 [preauth] Jul 29 15:57:00 el4966 sshd[98029]: Connection closed by 81.245.6.11 port 35552 [preauth] These are external (AD) users. Weird thing: not all users have this and not everywhere... I tried to remove the LDAP filter on the IPA server -> same thing... I'm running out of ideas... Thanks for your help! S. Toulmonde Sensitivity: Internal Use Only This e-mail cannot be used for other purposes than Proximus business use. See more on https://www.proximus.be/maildisclaimer
_______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
