I've been evaluating FreeIPA in a lab environment prior to possibly rolling
it out in our enterprise but have been having issues with a few hosts
rejecting SSH logins for users authenticated against the FreeIPA server via

All systems are running CentOS 6.4 with FreeIPA client/server 3.0.0
installed from the base repo. The default RBAC rule to allow all users
access to all hosts is in effect, the only Kerberos/LDAP/SSSD/PAM
configuration changes that have been made on client machines (apart from
enabling debug logging) were done with `ipa-client-install --mkhomedir`.

I enabled debug logging for SSSD and have included relevant bits from the
log files here:

I can get a Kerberos ticket for the admin user on the ovz2 host and connect
ssh into the test host as the admin user afterward without any problems.

I assume that there's something I'm missing, but I haven't had much luck
Googling, any insight into the issue anyone could provide would be very

Best Regards,
Freeipa-users mailing list

Reply via email to