[root@freeipa ~]# ipa hbactest --user=myuser --host=my.fqdn. --service=sshd
--------------------
Access granted: True
--------------------
  Matched rules: allow_all
[root@freeipa ~]#


└─> ssh myus...@ec2-54-xxx.xxx.compute-1.amazonaws.com -i
/home/user/.ssh/key
Connection closed by 54x.x.x.x

(client server logs)
Apr 10 13:59:04 ip-10-152-174-17 sshd[22868]: pam_sss(sshd:account): Access
denied for user myuser: 4 (System error)
Apr 10 13:59:04 ip-10-152-174-17 sshd[22872]: fatal: Access denied for user
client by PAM account configuration


(client ipa versions)
ipa-admintools-3.0.0-26.el6_4.2.x86_64
ipa-client-3.0.0-26.el6_4.2.x86_64
ipa-python-3.0.0-26.el6_4.2.x86_64


(master ipa versions)
[root@freeipa ~]# rpm -qa |grep ipa-

ipa-pki-common-theme-9.0.3-7.el6.noarch
ipa-pki-ca-theme-9.0.3-7.el6.noarch
ipa-client-3.0.0-26.el6_4.2.x86_64
ipa-python-3.0.0-26.el6_4.2.x86_64
ipa-admintools-3.0.0-26.el6_4.2.x86_64
ipa-server-selinux-3.0.0-26.el6_4.2.x86_64
ipa-server-3.0.0-26.el6_4.2.x86_64
[root@freeipa ~]#




On Thu, Apr 4, 2013 at 5:06 PM, KodaK <sako...@gmail.com> wrote:

> Run an hbactest:
>
> ipa hbactest --user=youruser --host=fqdn.of.host --service=sshd
>
> Make sure that works, if it does, then you can move on to troubleshooting
> the host itself.
>
>
> On Thu, Apr 4, 2013 at 2:27 PM, Shawn <taaj.sh...@gmail.com> wrote:
>
>> Hi,
>>
>> I have configured a ipa-server, replica and client.
>>
>> In the GUI I can see that all hosts are in the "hosts" list.. I have
>> created a single user as well and attached that user to the client.
>>
>> When trying to login as the user to the client, I see this in the
>> secure.log.
>>
>> fatal: Access denied for user <username> by PAM account configuration.
>>
>> any suggestions on steps to troubleshoot this?
>>
>> Thanks
>>
>>
>> --
>> *- Shawn Taaj*
>>
>> _______________________________________________
>> Freeipa-users mailing list
>> Freeipa-users@redhat.com
>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>
>
>
>
> --
> The government is going to read our mail anyway, might as well make it
> tough for them.  GPG Public key ID:  B6A1A7C6
>



-- 
*- Shawn Taaj*
_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to