On Fri, Sep 11, 2015 at 07:19:47PM -0400, [email protected] wrote: > Hi All, > > I am using RHEL 7 with ipa server and vsftpd - no modifications to installed > packages whatsoever. > Local users (listed in /etc/passwd) can login using ftp client but ipa > defined users get login denied. Here is the snippet from > /var/log/audit/audit.log > type=USER_AUTH msg=audit(1442012213.988:24095): pid=27280 uid=0 > auid=4294967295 ses=4294967295 subj=system_u:system_r:ftpd_t:s0-s0:c0.c1023 > msg='op=PAM:authentication grantors=? acct="admin" exe="/usr/sbin/vsftpd" > hostname=::ffff:192.168.1.11 addr=::ffff:192.168.1.11 terminal=ftp res=failed' > > for local account: > type=USER_AUTH msg=audit(1442012143.221:24056): pid=27173 uid=0 > auid=4294967295 ses=4294967295 subj=system_u:system_r:ftpd_t:s0-s0:c0.c1023 > msg='op=PAM:authentication grantors=pam_listfile,pam_shells,pam_unix > acct="jcnt" exe="/usr/sbin/vsftpd" hostname=::ffff:192.168.1.11 > addr=::ffff:192.168.1.11 terminal=ftp res=success' > > Grantors value is missing when ipa defined user is processed ... > > admin user uses default HBAC - all hosts all services. > > Identical behavior on a test system running CentOS 7. > > I found similar subject thread > https://www.redhat.com/archives/freeipa-users/2014-October/msg00479.html but > seems not applicable, I haven't touched /tmp permissions/ownership.
Is there anything for /var/log/secure for vsftpd ? I would look for messages from pam_sss.so -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
