Joe Linoff wrote:
Hi Folks:

I managed to get the user working doing the following (all from the CLI):

1.Deleted the user (ipa user-del new-user)

2.Re-added the user

3.Add the user to administrator groups.

4.Changed/set the password.

5.Removed the administrator privileges.

6.Attempt report ssh login.

Steps 3 and 5 are a hack but I can demonstrate that /not /doing them
causes the strange login problem. I can also show that the HBAC rules
are enforced properly after step 5 is run so this works for me. I just
don’t understand why it is necessary.

Are you performing a login between steps 3 and 5? Otherwise all that does is add a member/memberof and then remove it. I don't see how this would affect anything.


Thank you for all of your help and suggestions.



*From:*Joe Linoff
*Sent:* Monday, July 23, 2012 1:51 PM
*Cc:*; Joe Linoff
*Subject:* Re: [Freeipa-users] User can't login via ssh from external

Hi Stephen and Dmitri:

Thank you for the sshd GSSAPI configuration suggestion. I tried it this
morning but it didn’t work. That particular user is still not able to
login. What is even more interesting is that I created a user with the
identical setup and the new user worked (i.e., they were able to ssh in

I am really confused by this because it does not appear to be a global
setup issue like ssh. It may be some sort of HBAC rule violation or
something else equally strange. I just can’t figure it out.

Can you suggest any other ways to troubleshoot this?



Freeipa-users mailing list

Freeipa-users mailing list

Reply via email to