Joe Linoff wrote:
Hi Folks:
I managed to get the user working doing the following (all from the CLI):
1.Deleted the user (ipa user-del new-user)
2.Re-added the user
3.Add the user to administrator groups.
4.Changed/set the password.
5.Removed the administrator privileges.
6.Attempt report ssh login.
Steps 3 and 5 are a hack but I can demonstrate that /not /doing them
causes the strange login problem. I can also show that the HBAC rules
are enforced properly after step 5 is run so this works for me. I just
don’t understand why it is necessary.
Are you performing a login between steps 3 and 5? Otherwise all that
does is add a member/memberof and then remove it. I don't see how this
would affect anything.
rob
Thank you for all of your help and suggestions.
Regards,
Joe
*From:*Joe Linoff
*Sent:* Monday, July 23, 2012 1:51 PM
*To:* sgall...@redhat.com; d...@redhat.com
*Cc:* freeipa-users@redhat.com; Joe Linoff
*Subject:* Re: [Freeipa-users] User can't login via ssh from external
Hi Stephen and Dmitri:
Thank you for the sshd GSSAPI configuration suggestion. I tried it this
morning but it didn’t work. That particular user is still not able to
login. What is even more interesting is that I created a user with the
identical setup and the new user worked (i.e., they were able to ssh in
remotely).
I am really confused by this because it does not appear to be a global
setup issue like ssh. It may be some sort of HBAC rule violation or
something else equally strange. I just can’t figure it out.
Can you suggest any other ways to troubleshoot this?
Thanks,
Joe
_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
