Re: [Freeipa-users] proftpd with ipa

2015-11-19 Thread Rob Crittenden 
patrickcprove...@eaton.com wrote:
> I don't have that one enabled.  I have use one that allows only my Unix 
> admins to have access to all systems.

Ok, I'd start with typical SSSD troubleshooting then:
https://fedorahosted.org/sssd/wiki/Troubleshooting

rob

> 
> -Original Message-
> From: Rob Crittenden [mailto:rcrit...@redhat.com] 
> Sent: Thursday, November 19, 2015 10:51 AM
> To: Provenzo, Patrick C; freeipa-users@redhat.com
> Subject: Re: [Freeipa-users] proftpd with ipa
> 
> patrickcprove...@eaton.com wrote:
>> I cannot get proftpd to authenticate with IPA.  I received the 
>> following messages in /var/log/secure
>>
>>  
>>
>> proftpd[21477]: 151.##.##.## (151.#.##.##[151.##.##.##]) - USER
>> e0026887: no such user found from 151.##.##.## [151.##.##.##] to 
>> 151.##.##.##
>>
> 
> Just throwing this out there, but what HBAC rules do you have? Do you still 
> have the allow_all rule enabled?
> 
> rob
> 
>>  
>>
>> Here are all the versions I have installed
>>
>>  
>>
>> RHEL - 6.7
>>
>> IPA - 3.0.0-47.el6
>>
>> proftpd.x86_64  1.3.3g-4.el6 
>>
>> proftpd-ldap.x86_64 1.3.3g-4.el6
>>
>>  
>>
>> I have attached my proftpd.conf file also.
>>
>>  
>>
>> Patrick Provenzo
>>
>> www.eaton.com <http://www.eaton.com/>
>>
>> Specialist.IT.EIS-E.Design & Engineering**
>>
>> patrickcprove...@eaton.com
>>
>>  
>>
>>
>>
> 

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] proftpd with ipa

2015-11-19 Thread Rob Crittenden 
patrickcprove...@eaton.com wrote:
> I cannot get proftpd to authenticate with IPA.  I received the following
> messages in /var/log/secure
> 
>  
> 
> proftpd[21477]: 151.##.##.## (151.#.##.##[151.##.##.##]) - USER
> e0026887: no such user found from 151.##.##.## [151.##.##.##] to
> 151.##.##.##
> 

Just throwing this out there, but what HBAC rules do you have? Do you
still have the allow_all rule enabled?

rob

>  
> 
> Here are all the versions I have installed
> 
>  
> 
> RHEL – 6.7
> 
> IPA - 3.0.0-47.el6
> 
> proftpd.x86_64  1.3.3g-4.el6 
> 
> proftpd-ldap.x86_64 1.3.3g-4.el6
> 
>  
> 
> I have attached my proftpd.conf file also.
> 
>  
> 
> Patrick Provenzo
> 
> www.eaton.com 
> 
> Specialist.IT.EIS-E.Design & Engineering**
> 
> patrickcprove...@eaton.com
> 
>  
> 
> 
> 

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] proftpd with ipa

2015-11-19 Thread Jakub Hrozek 
On Thu, Nov 19, 2015 at 11:32:32AM -0500, Rob Crittenden wrote:
> patrickcprove...@eaton.com wrote:
> > I don't have that one enabled.  I have use one that allows only my Unix 
> > admins to have access to all systems.
> 
> Ok, I'd start with typical SSSD troubleshooting then:
> https://fedorahosted.org/sssd/wiki/Troubleshooting
> 
> rob

In addition the proftpd message says "no such user", can you resolve the
user on the proftpd server with 'getent passwd $username' ?

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project