thanks

On Mon, Feb 9, 2015 at 6:42 PM, Martin Kosek <mko...@redhat.com> wrote:

> On 02/09/2015 03:31 PM, Dmitri Pal wrote:
> > On 02/09/2015 08:34 AM, alireza baghery wrote:
> >> yes try "ssh admin@hostname" but do not work
> >> ====log secure-====
> >>
> >> Feb  9 15:42:20 ipasrv sshd[13414]: pam_unix(sshd:auth): authentication
> >> failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.30.160.20
> user=admin
> >> Feb  9 15:42:20 ipasrv sshd[13414]: pam_sss(sshd:auth): authentication
> >> success; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.30.160.20
> user=admin
> >> Feb  9 15:42:20 ipasrv sshd[13414]: pam_sss(sshd:account): Access
> denied for
> >> user admin: 6 (Permission denied)
> >> Feb  9 15:42:20 ipasrv sshd[13414]: Failed password for admin from
> >> 10.30.160.20 port 52123 ssh2
> >> Feb  9 15:42:20 ipasrv sshd[13415]: fatal: Access denied for user admin
> by
> >> PAM account configuration
> >>
> >
> > Do you have HBAC rules? Does admin have the rights to log via SSH?
> > If you changed the default rules it might be that admin is not allowed
> to log
> > via ssh.
>
> Good questions. Also note, that if for some special reasons, you do not
> want to
> make admins log in to your FreeIPA servers, you can always pass
> --skip-conncheck to the replica and go straight to the installation,
> skipping
> the firewall check.
>
> Of course, no guarantees that the installation won't get stuck or crash
> because
> of closed ports in that case.
>
> Martin
>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go To http://freeipa.org for more info on the project
>
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project

Reply via email to