[Freeipa-users] Unable to login where previously OK
Jakub Hrozek
jhrozek at redhat.com
Thu Apr 12 07:47:58 UTC 2012
On Thu, Apr 12, 2012 at 04:09:20AM +0000, Steven Jones wrote:
> Hi,
>
> I have a user, myself that used to be able to login to a specific IPA client / host but I am no longer able to....
>
> The /var/log/secure log appears to be telling me my password is wrong, so I reset it in IPA, but on initial login I cant put in the temp password and then reset it....I still get denied. I am also having a similar problem for a new user....
>
> So I went to another client/host and I can login and set a new password...so IPA looks to be OK....so its either a rule or the client/host is broken....
>
> next I went into the allow_all HBAC policy and turned it back on but I am still denied.....
>
> So where do I look for a specific failure msg to tell me the issue? I assume its the host/client side....
>
Can you paste what /var/log/secure or /var/log/messages had to say? If
there is nothing to trace the error with, can you enable debugging(*) in SSSD
and paste the relevant contents of the SSSD log?
(*) put debug_level=6 or higher into the [domain/*] section of the SSSD,
service sssd restart, retry the login
More information about the Freeipa-users
mailing list