Hello, I've been evaluating FreeIPA in a lab environment prior to possibly rolling it out in our enterprise but have been having issues with a few hosts rejecting SSH logins for users authenticated against the FreeIPA server via SSSD.
All systems are running CentOS 6.4 with FreeIPA client/server 3.0.0 installed from the base repo. The default RBAC rule to allow all users access to all hosts is in effect, the only Kerberos/LDAP/SSSD/PAM configuration changes that have been made on client machines (apart from enabling debug logging) were done with `ipa-client-install --mkhomedir`. I enabled debug logging for SSSD and have included relevant bits from the log files here: https://gist.github.com/arg0sy/5694537 I can get a Kerberos ticket for the admin user on the ovz2 host and connect ssh into the test host as the admin user afterward without any problems. I assume that there's something I'm missing, but I haven't had much luck Googling, any insight into the issue anyone could provide would be very welcome. Best Regards, Ryan
_______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
