Hi Matthew,

> Where should I start looking?

I would start by tailing the logs on the destination host while the user 
attempts to login with the account that isn't working.  On an EL 7 host you can 
use 'journalctl -f', on EL 6 and older you can use 'tail -F /var/log/messages 

Are you certain this was just a forgotten password (in other words, was the 
user ever able to login to this particular machine)?  Do you use any HBAC rules 
in your environment?



Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to