[Freeipa-users] User can't login via ssh from external

Joe Linoff jlinoff at tabula.com
Mon Jul 23 22:30:13 UTC 2012 

Hi Rob:

Thank you for helping.

> Are you performing a login between steps 3 and 5? Otherwise all that
does is add 
> a member/memberof and then remove it. I don't see how this would
affect anything.


Hmmm, good point. I think that I was probably doing a "kinit" between
steps 3 and 5 which would amount to the same thing, right?

Regards,

Joe

-----Original Message-----
From: Rob Crittenden [mailto:rcritten at redhat.com] 
Sent: Monday, July 23, 2012 3:21 PM
To: Joe Linoff
Cc: sgallagh at redhat.com; dpal at redhat.com; freeipa-users at redhat.com
Subject: Re: [Freeipa-users] User can't login via ssh from external

Joe Linoff wrote:
> Hi Folks:
>
> I managed to get the user working doing the following (all from the
CLI):
>
> 1.Deleted the user (ipa user-del new-user)
>
> 2.Re-added the user
>
> 3.Add the user to administrator groups.
>
> 4.Changed/set the password.
>
> 5.Removed the administrator privileges.
>
> 6.Attempt report ssh login.
>
> Steps 3 and 5 are a hack but I can demonstrate that /not /doing them 
> causes the strange login problem. I can also show that the HBAC rules 
> are enforced properly after step 5 is run so this works for me. I just

> don't understand why it is necessary.

Are you performing a login between steps 3 and 5? Otherwise all that
does is add a member/memberof and then remove it. I don't see how this
would affect anything.

rob

> Thank you for all of your help and suggestions.
>
> Regards,
>
> Joe
>
> *From:*Joe Linoff
> *Sent:* Monday, July 23, 2012 1:51 PM
> *To:* sgallagh at redhat.com; dpal at redhat.com
> *Cc:* freeipa-users at redhat.com; Joe Linoff
> *Subject:* Re: [Freeipa-users] User can't login via ssh from external
>
> Hi Stephen and Dmitri:
>
> Thank you for the sshd GSSAPI configuration suggestion. I tried it 
> this morning but it didn't work. That particular user is still not 
> able to login. What is even more interesting is that I created a user 
> with the identical setup and the new user worked (i.e., they were able

> to ssh in remotely).
>
> I am really confused by this because it does not appear to be a global

> setup issue like ssh. It may be some sort of HBAC rule violation or 
> something else equally strange. I just can't figure it out.
>
> Can you suggest any other ways to troubleshoot this?
>
>
> Thanks,
>
> Joe
>
>
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
>

More information about the Freeipa-users mailing list