thanks On Mon, Feb 9, 2015 at 6:42 PM, Martin Kosek <[email protected]> wrote:
> On 02/09/2015 03:31 PM, Dmitri Pal wrote: > > On 02/09/2015 08:34 AM, alireza baghery wrote: > >> yes try "ssh admin@hostname" but do not work > >> ====log secure-==== > >> > >> Feb 9 15:42:20 ipasrv sshd[13414]: pam_unix(sshd:auth): authentication > >> failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.30.160.20 > user=admin > >> Feb 9 15:42:20 ipasrv sshd[13414]: pam_sss(sshd:auth): authentication > >> success; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.30.160.20 > user=admin > >> Feb 9 15:42:20 ipasrv sshd[13414]: pam_sss(sshd:account): Access > denied for > >> user admin: 6 (Permission denied) > >> Feb 9 15:42:20 ipasrv sshd[13414]: Failed password for admin from > >> 10.30.160.20 port 52123 ssh2 > >> Feb 9 15:42:20 ipasrv sshd[13415]: fatal: Access denied for user admin > by > >> PAM account configuration > >> > > > > Do you have HBAC rules? Does admin have the rights to log via SSH? > > If you changed the default rules it might be that admin is not allowed > to log > > via ssh. > > Good questions. Also note, that if for some special reasons, you do not > want to > make admins log in to your FreeIPA servers, you can always pass > --skip-conncheck to the replica and go straight to the installation, > skipping > the firewall check. > > Of course, no guarantees that the installation won't get stuck or crash > because > of closed ports in that case. > > Martin > > -- > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > Go To http://freeipa.org for more info on the project >
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
