On Thu, Apr 12, 2012 at 04:09:20AM +0000, Steven Jones wrote:
> I have a user, myself that used to be able to login to a specific IPA client
> / host but I am no longer able to....
> The /var/log/secure log appears to be telling me my password is wrong, so I
> reset it in IPA, but on initial login I cant put in the temp password and
> then reset it....I still get denied. I am also having a similar problem for a
> new user....
> So I went to another client/host and I can login and set a new password...so
> IPA looks to be OK....so its either a rule or the client/host is broken....
> next I went into the allow_all HBAC policy and turned it back on but I am
> still denied.....
> So where do I look for a specific failure msg to tell me the issue? I assume
> its the host/client side....
Can you paste what /var/log/secure or /var/log/messages had to say? If
there is nothing to trace the error with, can you enable debugging(*) in SSSD
and paste the relevant contents of the SSSD log?
(*) put debug_level=6 or higher into the [domain/*] section of the SSSD,
service sssd restart, retry the login
Freeipa-users mailing list