AD trust - users are in AD. HBAC rule in place for client to allow a user to login/ssh/su/etc.

This seems to have happened a couple times now, and again today after rebooting the IPA server. sssd was denying the user to ssh into the client by pam rules. Logged on to the IPA server and disabled and then re-enabled the HBAC rule for the client and then was able to log back in again. Has anyone else seen this before?

client sssd_pam just went from:

(Thu Sep 29 19:30:40 2016) [sssd[pam]] [pam_reply] (0x0200): pam_reply called with result [6]: Permission denied.


(Thu Sep 29 19:37:04 2016) [sssd[pam]] [pam_reply] (0x0200): pam_reply called with result [0]: Success.

so I assume I'll need to collect debug logs from sssd on the server next time.

Orion Poplawski
Technical Manager                     303-415-9701 x222
NWRA/CoRA Division                    FAX: 303-415-9702
3380 Mitchell Lane        
Boulder, CO 80301    

Manage your subscription for the Freeipa-users mailing list:
Go to for more info on the project

Reply via email to