[Freeipa-users] User can't login via ssh from external

[Joe Linoff]

Hi Folks:

 

I managed to get the user working doing the following (all from the
CLI):

 

1.       Deleted the user (ipa user-del new-user)

2.       Re-added the user

3.       Add the user to administrator groups.

4.       Changed/set the password.

5.       Removed the administrator privileges.

6.       Attempt report ssh login.

 

Steps 3 and 5 are a hack but I can demonstrate that not doing them
causes the strange login problem. I can also show that the HBAC rules
are enforced properly after step 5 is run so this works for me. I just
don't understand why it is necessary.

 

Thank you for all of your help and suggestions.

 

Regards,

 

Joe

 

From: Joe Linoff 
Sent: Monday, July 23, 2012 1:51 PM
To: sgallagh at redhat.com; dpal at redhat.com
Cc: freeipa-users at redhat.com; Joe Linoff
Subject: Re: [Freeipa-users] User can't login via ssh from external

 

Hi Stephen and Dmitri:

 

Thank you for the sshd GSSAPI configuration suggestion. I tried it this
morning but it didn't work. That particular user is still not able to
login. What is even more interesting is that I created a user with the
identical setup and the new user worked (i.e., they were able to ssh in
remotely). 

 

I am really confused by this because it does not appear to be a global
setup issue like ssh. It may be some sort of HBAC rule violation or
something else equally strange. I just can't figure it out.

 

Can you suggest any other ways to troubleshoot this?


Thanks,

 

Joe

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20120723/1d0e0be5/attachment.htm>