I am now getting this....
Technical Specialist - Linux RHCE
Victoria University, Wellington, NZ
0064 4 463 6272
From: Joe Linoff [jlin...@tabula.com]
Sent: Tuesday, 24 July 2012 10:04 a.m.
To: Steven Jones
Cc: firstname.lastname@example.org; Joe Linoff
Subject: Re: [Freeipa-users] User can't login via ssh from external
Thank you for your suggestions.
> In the gui you can do a hbac test of the rule.
I ran the hbactest rule testing from the command line using “ipa hbactest …”.
It showed that the rules were correct. Do you think that the GUI might provide
a different result?
> Also what are the UIDS? IPA provided 32bit ones? or your own?
The UID’s were provided by IPA. Actually during testing I also provided my own
at one point but reverted back when that didn’t seem to make a difference.
Can you explain why that might cause the problem? For example, would duplicates
break the system or are there ranges of UIDs that are not legal?
> I'd suggest re-setting that user's password and get them to login and reset
> the password, that
> works for me, it was a sign of bad/failed replication in my system I think
> (now fixed).
I tried that using kpasswd and “ipa passwd” to change the password but neither
solved the problem. In both cases I was able to run “kinit new-user” and set
the credentials using the new password but new-user could not ssh in.
It was a really strange problem. It looks like something got out of sync but I
could not (and cannot) figure out where. It is doubly difficult because
removing and re-adding the user worked. In addition, adding other users worked.
Freeipa-users mailing list