>Why is both pam_ldap and pam_sss in the PAM stack? This seems a bit
>wrong..
This was the pointer... there was a prior installation of openldap and the
entries for ldap were still there ..
authsufficientpam_ldap.so use_first_pass
account [default=bad success=ok user_unknown=ignor
On Mon, Feb 15, 2016 at 06:59:57PM +0530, Rakesh Rajasekharan wrote:
> this is what I have in /var/log/secure
>
> Feb 15 12:22:33 ipa-xyz sshd[13499]: pam_unix(sshd:auth): authentication
> failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=x.x.x.x user=tempuser
> Feb 15 12:22:33 ipa-xyz sshd[134
this is what I have in /var/log/secure
Feb 15 12:22:33 ipa-xyz sshd[13499]: pam_unix(sshd:auth): authentication
failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=x.x.x.x user=tempuser
Feb 15 12:22:33 ipa-xyz sshd[13499]: pam_sss(sshd:auth): authentication
failure; logname= uid=0 euid=0 tty=ssh
On Mon, Feb 15, 2016 at 10:24:23AM +0530, Rakesh Rajasekharan wrote:
> hbac seems to be fine
>
>
> ipa hbactest --user=q-temp --host=x.x.x.x --service=sshd
>
> Access granted: True
>
> Matched rules: allow_all
>
>
> I see this in the sssd.log
>
> (Mo
hbac seems to be fine
ipa hbactest --user=q-temp --host=x.x.x.x --service=sshd
Access granted: True
Matched rules: allow_all
I see this in the sssd.log
(Mon Feb 15 04:49:18 2016) [sssd[nss]] [sss_ncache_check_str] (0x2000):
Checking negative cache fo
On Sat, Feb 13, 2016 at 07:38:16AM +0530, Rakesh Rajasekharan wrote:
> I started up with freeipa and setup a server and a client
>
>
> Now when I add a user and try logging in,
> It successfully prompts for the password change and completes setting up
> the new password.
>
> However, when I gain