On (20/03/17 16:39), Alexander Bokovoy wrote:
>On ma, 20 maalis 2017, Artem Golubev wrote:
>> Good day!
>> We use freeipa server 4.3.1, we usually grant access via ssh keys to linux
>> We currently face the following issue with access on certificate: when we
>> add certificate to user's account, user is not able to login via ssh.
>> How can we solve this problem? We would like to have a possibility to
>> access linux clients via ssh keys and access to other resources using
>You need to provide logs, obviously. Start with level 3 debug logs in
>sshd, and debug_level=9 in sssd. Also show user's entry (as in 'ipa
>user-show --raw --all username').
>When you access SSH with ssh keys, SSSD is involved in account and
>session phases of PAM authentication. This means either user does not
>exist to sshd (it would then don't exist on system level at all) or
>something prevents session phase from success. In session phase SSSD
>does verify HBAC rules, for example.
>See https://fedorahosted.org/sssd/wiki/Troubleshooting for
The most important is to know version of sssd.
Because one related bug is already fixed.
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project