server:
ipa-server-4.2.0-15.sl7_2.19.x86_64
sssd-1.13.0-40.el7_2.12.x86_64
client:
sssd-1.14.1-3.el7.centos.x86_64
AD trust - users are in AD. HBAC rule in place for client to allow a
user to login/ssh/su/etc.
This seems to have happened a couple times now, and again today after
rebooting the IPA server. sssd was denying the user to ssh into the
client by pam rules. Logged on to the IPA server and disabled and then
re-enabled the HBAC rule for the client and then was able to log back in
again. Has anyone else seen this before?
client sssd_pam just went from:
(Thu Sep 29 19:30:40 2016) [sssd[pam]] [pam_reply] (0x0200): pam_reply
called with result [6]: Permission denied.
to
(Thu Sep 29 19:37:04 2016) [sssd[pam]] [pam_reply] (0x0200): pam_reply
called with result [0]: Success.
so I assume I'll need to collect debug logs from sssd on the server next
time.
--
Orion Poplawski
Technical Manager 303-415-9701 x222
NWRA/CoRA Division FAX: 303-415-9702
3380 Mitchell Lane or...@cora.nwra.com
Boulder, CO 80301 http://www.cora.nwra.com
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project