[Freeipa-users] User can't login via ssh from external

[Joe Linoff]

Hi Steve:

 

Thank you for your suggestions. 

 

> In the gui you can do a hbac test of the rule.

 

I ran the hbactest rule testing from the command line using "ipa
hbactest ...". It showed that the rules were correct. Do you think that
the GUI might provide a different result?

 

 

> Also what are the UIDS?  IPA provided 32bit ones?  or your own?

 

The UID's were provided by IPA. Actually during testing I also provided
my own at one point but reverted back when that didn't seem to make a
difference. 

 

Can you explain why that might cause the problem? For example, would
duplicates break the system or are there ranges of UIDs that are not
legal? 

 

> I'd suggest re-setting that user's password and get them to login and
reset the password, that 

> works for me, it was a sign of bad/failed replication in my system I
think (now fixed).

 

I tried that using kpasswd and "ipa passwd" to change the password but
neither solved the problem. In both cases I was able to run "kinit
new-user" and set the credentials using the new password but new-user
could not ssh in.

It was a really strange problem. It looks like something got out of sync
but I could not (and cannot) figure out where. It is doubly difficult
because removing and re-adding the user worked. In addition, adding
other users worked.

 

Regards,

 

Joe

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20120723/56039be5/attachment.htm>