On Fri, Sep 11, 2015 at 07:19:47PM -0400, j...@use.startmail.com wrote:
> Hi All,
> 
> I am using RHEL 7 with ipa server and vsftpd - no modifications to installed 
> packages whatsoever.
> Local users (listed in /etc/passwd) can login using ftp client but ipa 
> defined users get login denied. Here is the snippet from 
> /var/log/audit/audit.log
> type=USER_AUTH msg=audit(1442012213.988:24095): pid=27280 uid=0 
> auid=4294967295 ses=4294967295 subj=system_u:system_r:ftpd_t:s0-s0:c0.c1023 
> msg='op=PAM:authentication grantors=? acct="admin" exe="/usr/sbin/vsftpd" 
> hostname=::ffff:192.168.1.11 addr=::ffff:192.168.1.11 terminal=ftp res=failed'
> 
> for local account:
> type=USER_AUTH msg=audit(1442012143.221:24056): pid=27173 uid=0 
> auid=4294967295 ses=4294967295 subj=system_u:system_r:ftpd_t:s0-s0:c0.c1023 
> msg='op=PAM:authentication grantors=pam_listfile,pam_shells,pam_unix 
> acct="jcnt" exe="/usr/sbin/vsftpd" hostname=::ffff:192.168.1.11 
> addr=::ffff:192.168.1.11 terminal=ftp res=success'
> 
> Grantors value is missing when ipa defined user is processed ...
> 
> admin user uses default HBAC - all hosts all services.
> 
> Identical behavior on a test system running CentOS 7.
> 
> I found similar subject thread 
> https://www.redhat.com/archives/freeipa-users/2014-October/msg00479.html but 
> seems not applicable, I haven't touched /tmp permissions/ownership.

Is there anything for /var/log/secure for vsftpd ? I would look for
messages from pam_sss.so

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to