Hi I'm unable to login via ssh to an ipa client or server as the admin user or a new user. This a new installation of the ipa server and clients. I've saved some of the error messages: I created a test user (tuser). I was able to su - tuser successfully. I was not able to ssh to the master ipa server or any of the clients. Below I have some information from the sssd log, the command ipa hbactest, and the secure log. If you need any other info please let me know.
Thanks Jeff sssd_<domainname>.log sh tuser@pcs1dc01 Mar 16 12:39:53 pcs1dc01 authpriv.info sshd[30792]: Set /proc/self/oom_score_adj to 0 Mar 16 12:39:53 pcs1dc01 authpriv.info sshd[30792]: Connection from 10.109.4.20 port 60969 Mar 16 12:39:53 pcs1dc01 authpriv.info sshd[30792]: Failed publickey for tuser from 10.109.4.20 port 60969 ssh2 Password: Mar 16 12:39:53 pcs1dc01 authpriv.info sshd[30793]: Postponed keyboard-interactive for tuser from 10.109.4.20 port 60969 ssh2 Mar 16 12:40:57 pcs1dc01 authpriv.notice sshd[30795]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.109.4.20 user=tuser Mar 16 12:40:57 pcs1dc01 authpriv.info sshd[30795]: pam_sss(sshd:auth): authentication success; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.109.4.20 user=tuser Mar 16 12:40:57 pcs1dc01 authpriv.notice sshd[30795]: pam_sss(sshd:account): Access denied for user tuser: 6 (Permission denied) Mar 16 12:40:57 pcs1dc01 authpriv.err sshd[30792]: error: PAM: User account has expired for tuser from 10.109.4.20 Mar 16 12:40:57 pcs1dc01 authpriv.info sshd[30792]: Failed keyboard-interactive/pam for tuser from 10.109.4.20 port 60969 ssh2 Received disconnect from UNKNOWN: 2: Too many authentication failures for tuser Mar 16 12:40:57 pcs1dc01 authpriv.info sshd[30793]: Disconnecting: Too many authentication failures for tuse Command: ipa hbactest User name: tuser Target host: <server> Service: ssh --------------------- Access granted: False --------------------- Not matched rules: GUI_ACCESS Not matched rules: SSH_ACCESS Secure log Mar 16 12:29:55 authpriv.notice sshd[30697]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost= <ip-address> user=tuser Mar 16 12:29:56 authpriv.info sshd[30697]: pam_sss(sshd:auth): authentication success; logname= uid=0 euid=0 tty=ssh ruser= rhost=<ip-address> user=tuser Mar 16 12:29:56 authpriv.notice sshd[30697]: pam_sss(sshd:account): Access denied for user tuser: 6 (Permission denied) Mar 16 12:29:56 authpriv.err sshd[30694]: error: PAM: User account has expired for tuser from 10.109.4.20 Mar 16 12:29:56 authpriv.info sshd[30694]: Failed keyboard-interactive/pam for tuser from <ipaddress> port 60942 ssh2 Received disconnect from UNKNOWN: 2: Too many authentication failures for tuser Mar 16 12:29:56 authpriv.info sshd[30695]: Disconnecting: Too many authentication failures for tuser
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project