On Sun, Dec 11, 2011 at 11:49:46PM +0100, Sigbjorn Lie wrote: > On the other hand, even though looking up users, groups and > netgroups seem fine, I cannot log in. Neither at the console, su, or > ssh. Was there an issue with HBAC rules in SSSD 1.5.13 ? > > Dec 11 21:13:32 mint12 su[6769]: pam_sss(su:account): Access denied > for user test: 6 (Permission denied) > > > > Rgds, > Siggi >
Yes, there was a number of HBAC-related fixes since 1.5.13. The following commits touched files in src/providers/ipa/ipa_hbac*.[ch]: * Add a missing break (9077c3ebec92454d8ed949491c4ca89ed6cdf75a) * Do not access memory out of bounds (a2a954c4186aaa9e9dd027aebb986062fc5670e7) * HBAC: fix typos preventing proper hostgroup evaluation (28a9f96c3f9e6aa30fb1cbbbb33fe2ee2b1d7ef6) * HBAC: Do not save member/memberOf links (d14a28835223c0578b0a28a8c74d11777c50bcb9) * HBAC: Use originalMember for identifying servicegroups (d74b59b13208fa9508baaf5a1a5172fecad321ae) * HBAC: Use originalMember for identifying hostgroups (7c77e790204f82bce88dd6ecd237c941a9389349) Obviously, the Ubuntu package might have backported some of these into their 1.5.13 distribution package. The list was taken from upstream 1.5 branch. _______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
