hbac seems to be fine
ipa hbactest --user=q-temp --host=x.x.x.x --service=sshd -------------------- Access granted: True -------------------- Matched rules: allow_all I see this in the sssd.log (Mon Feb 15 04:49:18 2016) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/xyz.com/q-temp] (Mon Feb 15 04:49:18 2016) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0100): Requesting info for [[email protected]] (Mon Feb 15 04:49:18 2016) [sssd[nss]] [check_cache] (0x0400): Cached entry is valid, returning.. (Mon Feb 15 04:49:18 2016) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0400): Returning info for user [[email protected]] (Mon Feb 15 04:49:18 2016) [sssd[nss]] [client_recv] (0x0200): Client disconnected! (Mon Feb 15 04:49:18 2016) [sssd[nss]] [client_destructor] (0x2000): Terminated client [0x23d2f80][20] (Mon Feb 15 04:49:27 2016) [sssd[nss]] [sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit On Sat, Feb 13, 2016 at 4:41 PM, Jakub Hrozek <[email protected]> wrote: > On Sat, Feb 13, 2016 at 07:38:16AM +0530, Rakesh Rajasekharan wrote: > > I started up with freeipa and setup a server and a client > > > > > > Now when I add a user and try logging in, > > It successfully prompts for the password change and completes setting up > > the new password. > > > > However, when I gain try to login with the new password, it gives me the > > below error > > > > "Connection closed by UNKNOWN" > > > > In /var/log/secure , I see this > > > > fatal: Access denied for user t-temp by PAM account configuration. > > > > Any pointers, what I would have done wrong in the setup or if I would > have > > missed something. > > I would guess HBAC if that message comes from pam_sss. > > -- > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > Go to http://freeipa.org for more info on the project >
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
