On Sun, Jun 2, 2013 at 9:49 PM, Ryan Cunningham
> I've been evaluating FreeIPA in a lab environment prior to possibly rolling
> it out in our enterprise but have been having issues with a few hosts
> rejecting SSH logins for users authenticated against the FreeIPA server via
> All systems are running CentOS 6.4 with FreeIPA client/server 3.0.0
> installed from the base repo. The default RBAC rule to allow all users
> access to all hosts is in effect, the only Kerberos/LDAP/SSSD/PAM
> configuration changes that have been made on client machines (apart from
> enabling debug logging) were done with `ipa-client-install --mkhomedir`.
> I enabled debug logging for SSSD and have included relevant bits from the
> log files here:
What I see is:
fatal: Access denied for user admin by PAM account configuration
I would compare the pam.d dir on systems where you can login to the one
on systems you cannot log in to.
What about disabling selinux? Anything strange on audit.log? Maybe the
context of the homedir is not correct.
Freeipa-users mailing list