[Freeipa-users] Trying to trace why a user cannot login to a client
Jakub Hrozek
jhrozek at redhat.com
Tue May 8 13:03:42 UTC 2012
On Tue, May 01, 2012 at 10:12:48PM +0000, Steven Jones wrote:
>
> regards
>
> Steven Jones
>
> Technical Specialist - Linux RHCE
>
> Victoria University, Wellington, NZ
>
> 0064 4 463 6272
The logs only say "[ipa_hbac_evaluate_rules] (3): Access granted by HBAC rule
[desktop-admins-test]". The error must be elsewhere, can you also attach
or paste what does the /var/log/secure and /var/log/sssd/sssd_pam.log
files have to say when the System Error occurs?
Does the System Error occur with both 6.2 and 6.3 packages?
> Does by any chance your sssd.conf include a debug_level directive in the
> [sssd] section and not in the others?
>
> I think that was a case that only worked by accident and we removed it
> in 1.7
>
> The "fix" is to specify debug_level in all the sections you'd like to
> print debug information from. In your case, that would be the [domain/*]
> section and perhaps the [pam] section.
>
Did you have a chance to take a look at the debug logging?
More information about the Freeipa-users
mailing list