On Sun, Feb 05, 2017 at 07:47:43PM +0530, Rakesh Rajasekharan wrote: > Hi, > > I am running a freeipa server version 4.4.0 and have setup hbac rules which > work fine > > However, just on one single host , I am seeing this issue wherein it is not > allowing me ssh access. > When I check my hbac permissions.. it say access granted but on trying to > login.. it blocks me > > On the Freeipa server > ipa hbactest --user=p-testhbac --host=>my-test-host> --service=sshd > > -------------------- > Access granted: True > -------------------- > Matched rules: ipa-alluser-access > Not matched rules: ipa-alluser-sudo-access > > On the client I get this message while doing an ssh "Connection closed by > 10.0.30.28". > > In /var/log/secure I see these messages > Feb 5 13:57:41 10 sshd[26692]: pam_sss(sshd:auth): authentication success; > logname= uid=0 euid=0 tty=ssh ruser= rhost=10.0.4.6 user=p-testhbac > Feb 5 13:57:41 10 sshd[26692]: pam_sss(sshd:account): Access denied for > user p-testhbac: 4 (System error)
If SSSD throws a System Error, you really need to look into SSSD's logs -- System Error is kind of an unhandled exception in SSSD's code. > Feb 5 13:57:41 10 sshd[26692]: Failed password for p-testhbac from > 10.0.4.6 port 40540 ssh2 -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
