Did you try the "ssh admin@`hostname`" command? It should show if ssh to admin via SSSD&FreeIPA really works.
On 02/09/2015 11:18 AM, alireza baghery wrote: > account admin recognize and show uid gid and groups > On Feb 9, 2015 1:42 PM, "Martin Kosek" <mko...@redhat.com> wrote: > >> Ok. When on the server, does >> >> # id admin >> >> or "ssh admin@`hostname`" work? Maybe it does not recognize the admin >> user. >> >> On 02/09/2015 09:29 AM, alireza baghery wrote: >>> ipasrv# Service SSSD status >>> sssd is runing >>> nevertheless i restart service sssd >>> but problem do not solved >>> >>> On Mon, Feb 9, 2015 at 11:19 AM, Martin Kosek <mko...@redhat.com> wrote: >>> >>>> On 02/09/2015 07:42 AM, alireza baghery wrote: >>>>> i check on both server ssh each other's name and ssh successful and >>>> resolve >>>>> name was also correct on each server >>>>> but i can not login with user admin from ipareplica via ssh >>>> (root@ipareplica]# >>>>> ssh admin@ipasrv ===> failed) >>>>> >>>>> [root@ipareplica ~]# ssh ipasrv >>>>> root@ipasrv's password: >>>>> Last login: Mon Feb 9 09:49:54 2015 from 10.30.160.20 >>>>> =====log /var/secure==== >>>>> Feb 9 09:50:29 ipasrv sshd[12076]: Accepted password for root from >>>>> 10.30.160.20 port 52110 ssh2 >>>>> Feb 9 09:50:29 ipasrv sshd[12076]: pam_unix(sshd:session): session >>>> opened >>>>> for user root by (uid=0) >>>>> ===== >>>>> [root@ipasrv ~]# ssh ipareplica >>>>> root@ipareplica's password: >>>>> Last login: Mon Feb 9 09:50:20 2015 from 10.30.160.19 >>>>> >>>>> ====== >>>>> [root@ipareplica ~]# nslookup ipasrv >>>>> Server: 10.30.160.19 >>>>> Address: 10.30.160.19#53 >>>>> >>>>> Name: ipasrv >>>>> Address: 10.30.160.19 >>>>> >>>>> ======== >>>>> [root@ipasrv ~]# nslookup ipareplica >>>>> Server: 127.0.0.1 >>>>> Address: 127.0.0.1#53 >>>>> >>>>> Name: ipareplica >>>>> Address: 10.30.160.20 >>>>> ========= >>>> >>>> Ok, so ssh is running, you can log in with root. I think that by 99% >>>> chance, >>>> your SSSD service is not running on the IPA server. Please check if this >>>> is the >>>> case and if yes, please try to (re)start it. If that helped, it would be >>>> also >>>> useful to see *why* the SSSD is not running (crash, misconfiguration, >> ...) >>>> >>>> Martin >>>> >>> >>> >>> >> >> > -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
