I have configured a ipa-server, replica and client.
In the GUI I can see that all hosts are in the "hosts" list.. I have
created a single user as well and attached that user to the client.
When trying to login as the user to the client, I see this in the
fatal: Access denied for user <username> by PAM account configuration.
Did you disable or remove the default allow_all HBAC rule?
Freeipa-users mailing list