Hi, This is one odd issue?! Red Hat Enterprise Linux 7.1
#Server Side Red Hat Enterprise Linux Server release 7.1 (Maipo) ipa-server-4.1.0-18.el7_1.3.x86_64 #Client side Fedora release 21 (Twenty One) * freeipa-client-4.1.4-1.fc21.x86_64 * sssd-client-1.12.4-3.fc21.x86_64 Issue: User cannot login to their PC Error: /var/log/secure Jun 23 17:08:48 johnpc sshd[3591]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=localhost user=john Jun 23 17:08:48 johnpc sshd[3591]: pam_sss(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=localhost user=john Jun 23 17:08:48 johnpc sshd[3591]: pam_sss(sshd:auth): received for user john: 7 (Authentication failure) However: 1. Kerberous works; kinit john john@johnpc /etc/pam.d> klist Ticket cache: KEYRING:persistent:365:365 Default principal: j...@example.exampleaus.com.au Valid starting Expires Service principal 23/06/15 16:49:30 24/06/15 16:49:28 krbtgt/example.exampleaus.com...@example.exampleaus.com.au 2. LDAP works; john@johnpc ~> getent passwd john john:x:365:132::/home/john:/bin/bash 3. ssh to IPA server works with a password (so not relying on the kerberous ticket); john@erio ~> ssh john@sysvm-ipa1 john@sysvm-ipa1's password: Last login: Tue Jun 23 16:50:02 2015 from johnpc.example.exampleaus.com.au Any advice would be greatly appreciated? Regards, Craig -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project