I've been evaluating FreeIPA in a lab environment prior to possibly rolling
it out in our enterprise but have been having issues with a few hosts
rejecting SSH logins for users authenticated against the FreeIPA server via
All systems are running CentOS 6.4 with FreeIPA client/server 3.0.0
installed from the base repo. The default RBAC rule to allow all users
access to all hosts is in effect, the only Kerberos/LDAP/SSSD/PAM
configuration changes that have been made on client machines (apart from
enabling debug logging) were done with `ipa-client-install --mkhomedir`.
I enabled debug logging for SSSD and have included relevant bits from the
log files here:
I can get a Kerberos ticket for the admin user on the ovz2 host and connect
ssh into the test host as the admin user afterward without any problems.
I assume that there's something I'm missing, but I haven't had much luck
Googling, any insight into the issue anyone could provide would be very
Freeipa-users mailing list