HBAC rules are set to allow_all enabled 

-----Original Message-----
From: Rob Crittenden [mailto:rcrit...@redhat.com] 
Sent: Monday, March 31, 2014 3:44 PM
To: Todd Maugh; freeipa-users@redhat.com
Subject: Re: [Freeipa-users] uninstalled IPA client and reinstalled and 
enrolled to new server cant authenticate

Todd Maugh wrote:
> Hi,
> I have a rhel5 client  I had problems with my IPA environment and had 
> to rebuild
> I'm on the latest version of IPA with a red hat 6 server
> I successfully enrolled the client to the new server (same domain, 
> same
> realm) I had removed all old certs, sysrestores, and ipa/default.conf
> I can ssh to the box as root, and then either su or kinit to any IPA 
> user with out issue
> But when I try to ssh as the ipauser to the box it gives me permission 
> denied, please try again
> I cleared out the sssd cache and restarted sssd
> Is there something I'm missing or a log to check?
> I need to worked this out before I move forward enrolling other 
> previously enrolled clients.

Check your HBAC rules.


Freeipa-users mailing list

Reply via email to