On Thu, Apr 12, 2012 at 04:09:20AM +0000, Steven Jones wrote:
> Hi,
> I have a user, myself that used to be able to login to a specific IPA client 
> / host but I am no longer able to....
> The /var/log/secure log  appears to be telling me my password is wrong, so I 
> reset it in IPA, but on initial login I cant put in the temp password and 
> then reset it....I still get denied. I am also having a similar problem for a 
> new user....
> So I went to another client/host and I can login and set a new password...so 
> IPA looks to be OK....so its either a rule or the client/host is broken....
> next I went into the allow_all HBAC policy and turned it back on but I am 
> still denied.....
> So where do I look for a specific failure msg to tell me the issue?  I assume 
> its the host/client side....

Can you paste what /var/log/secure or /var/log/messages had to say? If
there is nothing to trace the error with, can you enable debugging(*) in SSSD
and paste the relevant contents of the SSSD log?

(*) put debug_level=6 or higher into the [domain/*] section of the SSSD,
service sssd restart, retry the login

Freeipa-users mailing list

Reply via email to