Hi Steve:
Thank you for your suggestions. > In the gui you can do a hbac test of the rule. I ran the hbactest rule testing from the command line using "ipa hbactest ...". It showed that the rules were correct. Do you think that the GUI might provide a different result? > Also what are the UIDS? IPA provided 32bit ones? or your own? The UID's were provided by IPA. Actually during testing I also provided my own at one point but reverted back when that didn't seem to make a difference. Can you explain why that might cause the problem? For example, would duplicates break the system or are there ranges of UIDs that are not legal? > I'd suggest re-setting that user's password and get them to login and reset the password, that > works for me, it was a sign of bad/failed replication in my system I think (now fixed). I tried that using kpasswd and "ipa passwd" to change the password but neither solved the problem. In both cases I was able to run "kinit new-user" and set the credentials using the new password but new-user could not ssh in. It was a really strange problem. It looks like something got out of sync but I could not (and cannot) figure out where. It is doubly difficult because removing and re-adding the user worked. In addition, adding other users worked. Regards, Joe
_______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
