Dale Macartney wrote:


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Even folks

I've verified this both in a kickstart and via manual install to verify
any user error on my part.

I have a clean installation of RHEL 6.4 for an IPA domain of example.com

I also have several clients which are also clean installs of rhel 6.4
and although I can see ipa users via getent and even acquire a tgt's
successfully, I am unable to login with any ipa user on any ipa member
server.

I see the same results for any type of login attempt, e.g. gnome desktop
or ssh

My client installation is done by this command.

ipa-client-install -U -p admin -w redhat123 --mkhomedir --enable-dns-updates

IPA client version 3.0.0-25
SSSD version 1.9.2-82


Logs from client as as follows.

==> /var/log/secure <==
Feb 23 22:10:07 workstation02 sshd[2419]: pam_unix(sshd:auth):
authentication failure; logname= uid=0 euid=0 tty=ssh ruser=
rhost=10.0.1.254  user=admin
Feb 23 22:10:08 workstation02 sshd[2419]: pam_sss(sshd:auth): User info
message: Your password will expire in 89 day(s).
Feb 23 22:10:08 workstation02 sshd[2419]: pam_sss(sshd:auth):
authentication success; logname= uid=0 euid=0 tty=ssh ruser=
rhost=10.0.1.254 user=admin

==> /var/log/btmp <==
s    ssh:nottyadmin10.0.1.254@>)Q
?
==> /var/log/secure <==
Feb 23 22:10:08 workstation02 sshd[2419]: pam_sss(sshd:account): Access
denied for user admin: 4 (System error)
Feb 23 22:10:08 workstation02 sshd[2419]: Failed password for admin from
10.0.1.254 port 55554 ssh2
Feb 23 22:10:08 workstation02 sshd[2421]: fatal: Access denied for user
admin by PAM account configuration

==> /var/log/Xorg.0.log <==
[   604.308] AUDIT: Sat Feb 23 22:12:10 2013: 1908: client 17 connected
from local host ( uid=42 gid=42 pid=1958 )
   Auth name: MIT-MAGIC-COOKIE-1 ID: 284
[   604.312] AUDIT: Sat Feb 23 22:12:10 2013: 1908: client 17 disconnected

==> /var/log/messages <==
Feb 23 22:12:45 workstation02 ntpd[2359]: synchronized to LOCAL(0),
stratum 5
Feb 23 22:13:48 workstation02 ntpd[2359]: synchronized to 10.0.1.12,
stratum 11


interactive shell output as follows

[mac@rhodey ~]$ ssh admin@10.0.1.102
admin@10.0.1.102's password:
Your password will expire in 89 day(s).
Connection closed by 10.0.1.102
[mac@rhodey ~]$


Am I doing something rather trivially wrong or is there something fishy
going on here?

Thanks in advance.

I'd check your HBAC configuration.

rob

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to