Re: [Freeipa-users] Issues after setup

2013-04-10 Thread Jakub Hrozek
On Wed, Apr 10, 2013 at 02:49:46PM -0400, Shawn wrote: > Yep, sure does. Thanks much. > > If selinux is disabled, why does it care? > It's an SSSD bug: https://bugzilla.redhat.com/show_bug.cgi?id=914433 We didn't realize that SELinux disabled might mean that the directory is not there at all. L

Re: [Freeipa-users] Issues after setup

2013-04-10 Thread Shawn
Yep, sure does. Thanks much. If selinux is disabled, why does it care? On Wed, Apr 10, 2013 at 2:37 PM, Jakub Hrozek wrote: > On Wed, Apr 10, 2013 at 02:34:06PM -0400, Shawn wrote: > > [root@freeclient1 sssd]# sestatus > > SELinux status: disabled > > [root@freeclient1 sssd]#

Re: [Freeipa-users] Issues after setup

2013-04-10 Thread Jakub Hrozek
On Wed, Apr 10, 2013 at 02:34:06PM -0400, Shawn wrote: > [root@freeclient1 sssd]# sestatus > SELinux status: disabled > [root@freeclient1 sssd]# ls -ldZ /etc/selinux/ > drwxr-xr-x root root ?/etc/selinux/ > [root@freeclient1 sssd]# I take it there is

Re: [Freeipa-users] Issues after setup

2013-04-10 Thread Shawn
[root@freeclient1 sssd]# sestatus SELinux status: disabled [root@freeclient1 sssd]# ls -ldZ /etc/selinux/ drwxr-xr-x root root ?/etc/selinux/ [root@freeclient1 sssd]# On Wed, Apr 10, 2013 at 2:31 PM, Jakub Hrozek wrote: > On Wed, Apr 10, 2013 at

Re: [Freeipa-users] Issues after setup

2013-04-10 Thread Jakub Hrozek
On Wed, Apr 10, 2013 at 02:27:36PM -0400, Shawn wrote: > (Wed Apr 10 14:22:45 2013) [sssd[pam]] [write_selinux_login_file] (0x0040): > creating the temp file for SELinux data failed. > /etc/selinux/targeted/logins/staajtlQ108(Wed Apr 10 14:22:45 2013) > [sssd[pam]] [pam_reply] (0x0100): blen: 30 I

Re: [Freeipa-users] Issues after setup

2013-04-10 Thread Shawn
(Wed Apr 10 14:22:45 2013) [sssd[pam]] [sss_parse_name_for_domains] (0x0200): name 'staaj' matched without domain, user is staaj (Wed Apr 10 14:22:45 2013) [sssd[pam]] [sss_parse_name_for_domains] (0x0200): using default domain [(null)] (Wed Apr 10 14:22:45 2013) [sssd[pam]] [pam_print_data] (0x010

Re: [Freeipa-users] Issues after setup

2013-04-10 Thread Jakub Hrozek
On Wed, Apr 10, 2013 at 02:11:14PM -0400, Rob Crittenden wrote: > Shawn wrote: > >[root@freeipa ~]# ipa hbactest --user=myuser --host=my.fqdn. --service=sshd > > > >Access granted: True > > > > Matched rules: allow_all > >[root@freeipa ~]# > > > > > >└─> ss

Re: [Freeipa-users] Issues after setup

2013-04-10 Thread Rob Crittenden
Shawn wrote: [root@freeipa ~]# ipa hbactest --user=myuser --host=my.fqdn. --service=sshd Access granted: True Matched rules: allow_all [root@freeipa ~]# └─> ssh myus...@ec2-54-xxx.xxx.compute-1.amazonaws.com

Re: [Freeipa-users] Issues after setup

2013-04-10 Thread Shawn
[root@freeipa ~]# ipa hbactest --user=myuser --host=my.fqdn. --service=sshd Access granted: True Matched rules: allow_all [root@freeipa ~]# └─> ssh myus...@ec2-54-xxx.xxx.compute-1.amazonaws.com -i /home/user/.ssh/key Connection closed by 54x.x.x.x (cl

Re: [Freeipa-users] Issues after setup

2013-04-04 Thread KodaK
Run an hbactest: ipa hbactest --user=youruser --host=fqdn.of.host --service=sshd Make sure that works, if it does, then you can move on to troubleshooting the host itself. On Thu, Apr 4, 2013 at 2:27 PM, Shawn wrote: > Hi, > > I have configured a ipa-server, replica and client. > > In the GUI

Re: [Freeipa-users] Issues after setup

2013-04-04 Thread Jakub Hrozek
On Thu, Apr 04, 2013 at 03:27:37PM -0400, Shawn wrote: > Hi, > > I have configured a ipa-server, replica and client. > > In the GUI I can see that all hosts are in the "hosts" list.. I have > created a single user as well and attached that user to the client. > > When trying to login as the user

Re: [Freeipa-users] Issues after setup

2013-04-04 Thread Rob Crittenden
Shawn wrote: Hi, I have configured a ipa-server, replica and client. In the GUI I can see that all hosts are in the "hosts" list.. I have created a single user as well and attached that user to the client. When trying to login as the user to the client, I see this in the secure.log. fatal: Ac

Re: [Freeipa-users] Issues after setup

2013-04-04 Thread Shawn
Rob, Nope that's still enabled. On Thu, Apr 4, 2013 at 4:50 PM, Rob Crittenden wrote: > Shawn wrote: > >> Hi, >> >> I have configured a ipa-server, replica and client. >> >> In the GUI I can see that all hosts are in the "hosts" list.. I have >> created a single user as well and attached that

Re: [Freeipa-users] Issues after setup

2013-04-04 Thread Shawn
I am able to login to my replica and master with users no problem, just having issues with clients.. On Thu, Apr 4, 2013 at 3:27 PM, Shawn wrote: > Hi, > > I have configured a ipa-server, replica and client. > > In the GUI I can see that all hosts are in the "hosts" list.. I have > created a si

[Freeipa-users] Issues after setup

2013-04-04 Thread Shawn
Hi, I have configured a ipa-server, replica and client. In the GUI I can see that all hosts are in the "hosts" list.. I have created a single user as well and attached that user to the client. When trying to login as the user to the client, I see this in the secure.log. fatal: Access denied for