> In standard FreeIPA setup we have 'allow_all' HBAC rule which roughly
> states "anyone can access any service on any host". Did you disable this
> rule?
>
> If yes, then you have to have an explicit rules allowing access to specific
> services.
Thanks! Yes, that was it exactly. I did disable th
On Wed, 18 Mar 2015, Guertin, David S. wrote:
I've almost got AD integration going, except for the minor detail that no one
can log in. When an AD user tries to SSH in to the IPA server, /var/log/secure
shows:
--
Mar 18 13:59:08 genet sshd[21335]: pam_
I've almost got AD integration going, except for the minor detail that no one
can log in. When an AD user tries to SSH in to the IPA server, /var/log/secure
shows:
--
Mar 18 13:59:08 genet sshd[21335]: pam_unix(sshd:auth): authentication failure;
lognam