On 02/09/2015 08:34 AM, alireza baghery wrote:
yes try "ssh admin@hostname" but do not work
====log secure-====
Feb 9 15:42:20 ipasrv sshd[13414]: pam_unix(sshd:auth):
authentication failure; logname= uid=0 euid=0 tty=ssh ruser=
rhost=10.30.160.20 user=admin
Feb 9 15:42:20 ipasrv sshd[13414]: pam_sss(sshd:auth): authentication
success; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.30.160.20
user=admin
Feb 9 15:42:20 ipasrv sshd[13414]: pam_sss(sshd:account): Access
denied for user admin: 6 (Permission denied)
Feb 9 15:42:20 ipasrv sshd[13414]: Failed password for admin from
10.30.160.20 port 52123 ssh2
Feb 9 15:42:20 ipasrv sshd[13415]: fatal: Access denied for user
admin by PAM account configuration
Do you have HBAC rules? Does admin have the rights to log via SSH?
If you changed the default rules it might be that admin is not allowed
to log via ssh.
On Mon, Feb 9, 2015 at 3:20 PM, Martin Kosek <[email protected]
<mailto:[email protected]>> wrote:
Did you try the "ssh admin@`hostname`" command? It should show if
ssh to admin
via SSSD&FreeIPA really works.
On 02/09/2015 11:18 AM, alireza baghery wrote:
> account admin recognize and show uid gid and groups
> On Feb 9, 2015 1:42 PM, "Martin Kosek" <[email protected]
<mailto:[email protected]>> wrote:
>
>> Ok. When on the server, does
>>
>> # id admin
>>
>> or "ssh admin@`hostname`" work? Maybe it does not recognize the
admin
>> user.
>>
>> On 02/09/2015 09:29 AM, alireza baghery wrote:
>>> ipasrv# Service SSSD status
>>> sssd is runing
>>> nevertheless i restart service sssd
>>> but problem do not solved
>>>
>>> On Mon, Feb 9, 2015 at 11:19 AM, Martin Kosek
<[email protected] <mailto:[email protected]>> wrote:
>>>
>>>> On 02/09/2015 07:42 AM, alireza baghery wrote:
>>>>> i check on both server ssh each other's name and ssh
successful and
>>>> resolve
>>>>> name was also correct on each server
>>>>> but i can not login with user admin from ipareplica via ssh
>>>> (root@ipareplica]#
>>>>> ssh admin@ipasrv ===> failed)
>>>>>
>>>>> [root@ipareplica ~]# ssh ipasrv
>>>>> root@ipasrv's password:
>>>>> Last login: Mon Feb 9 09:49:54 2015 from 10.30.160.20
>>>>> =====log /var/secure====
>>>>> Feb 9 09:50:29 ipasrv sshd[12076]: Accepted password for
root from
>>>>> 10.30.160.20 port 52110 ssh2
>>>>> Feb 9 09:50:29 ipasrv sshd[12076]: pam_unix(sshd:session):
session
>>>> opened
>>>>> for user root by (uid=0)
>>>>> =====
>>>>> [root@ipasrv ~]# ssh ipareplica
>>>>> root@ipareplica's password:
>>>>> Last login: Mon Feb 9 09:50:20 2015 from 10.30.160.19
>>>>>
>>>>> ======
>>>>> [root@ipareplica ~]# nslookup ipasrv
>>>>> Server: 10.30.160.19
>>>>> Address: 10.30.160.19#53
>>>>>
>>>>> Name: ipasrv
>>>>> Address: 10.30.160.19
>>>>>
>>>>> ========
>>>>> [root@ipasrv ~]# nslookup ipareplica
>>>>> Server: 127.0.0.1
>>>>> Address: 127.0.0.1#53
>>>>>
>>>>> Name: ipareplica
>>>>> Address: 10.30.160.20
>>>>> =========
>>>>
>>>> Ok, so ssh is running, you can log in with root. I think that
by 99%
>>>> chance,
>>>> your SSSD service is not running on the IPA server. Please
check if this
>>>> is the
>>>> case and if yes, please try to (re)start it. If that helped,
it would be
>>>> also
>>>> useful to see *why* the SSSD is not running (crash,
misconfiguration,
>> ...)
>>>>
>>>> Martin
>>>>
>>>
>>>
>>>
>>
>>
>
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project
