hbac seems to be fine

ipa hbactest --user=q-temp --host=x.x.x.x --service=sshd
--------------------
Access granted: True
--------------------
  Matched rules: allow_all


I see this in the sssd.log

(Mon Feb 15 04:49:18 2016) [sssd[nss]] [sss_ncache_check_str] (0x2000):
Checking negative cache for [NCE/USER/xyz.com/q-temp]
(Mon Feb 15 04:49:18 2016) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0100):
Requesting info for [q-t...@xyz.com]
(Mon Feb 15 04:49:18 2016) [sssd[nss]] [check_cache] (0x0400): Cached entry
is valid, returning..
(Mon Feb 15 04:49:18 2016) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0400):
Returning info for user [q-t...@xyz.com]
(Mon Feb 15 04:49:18 2016) [sssd[nss]] [client_recv] (0x0200): Client
disconnected!
(Mon Feb 15 04:49:18 2016) [sssd[nss]] [client_destructor] (0x2000):
Terminated client [0x23d2f80][20]
(Mon Feb 15 04:49:27 2016) [sssd[nss]] [sbus_get_sender_id_send] (0x2000):
Not a sysbus message, quit

On Sat, Feb 13, 2016 at 4:41 PM, Jakub Hrozek <jhro...@redhat.com> wrote:

> On Sat, Feb 13, 2016 at 07:38:16AM +0530, Rakesh Rajasekharan wrote:
> > I started up with freeipa and setup a server and a client
> >
> >
> > Now when I add a user and try logging in,
> > It successfully prompts for the password change and completes setting up
> > the new password.
> >
> > However, when I gain try to login with the new password, it gives me the
> > below error
> >
> > "Connection closed by UNKNOWN"
> >
> > In /var/log/secure , I see this
> >
> > fatal: Access denied for user t-temp by PAM account configuration.
> >
> > Any pointers, what I would have done wrong in the setup or if I would
> have
> > missed something.
>
> I would guess HBAC if that message comes from pam_sss.
>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project
>
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to