Justean wrote: > Our Redhat 5.10 servers that were moved into our IPA domain cannot run > any IPA user's crons we can't even list the crons: > > crontab -l "you (/username/) are not allowed to access to (crontab) > because of pam configuration" > > I don't know if I should be manually editing the > /etc/pam.d/system-auth-ac and/or /etc/pam.d/crond to get this working > and if so what I should put for the config. > > The client version is ipa-client-2.1.3-7.el5.x86_64 and the server > version is ipa-server-3.0.0-42.el6.x86_64
I would suspect this is due to HBAC. Do you use the HBAC feature? Perhaps you need to add rules for these hosts. rob -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project