[Freeipa-users] Issues after setup
Rob Crittenden
rcritten at redhat.com
Wed Apr 10 18:11:14 UTC 2013
Shawn wrote:
> [root at freeipa ~]# ipa hbactest --user=myuser --host=my.fqdn. --service=sshd
> --------------------
> Access granted: True
> --------------------
> Matched rules: allow_all
> [root at freeipa ~]#
>
>
> └─> ssh myuserj at ec2-54-xxx.xxx.compute-1.amazonaws.com
> <mailto:myuserj at ec2-54-xxx.xxx.compute-1.amazonaws.com> -i
> /home/user/.ssh/key
> Connection closed by 54x.x.x.x
>
> (client server logs)
> Apr 10 13:59:04 ip-10-152-174-17 sshd[22868]: pam_sss(sshd:account):
> Access denied for user myuser: 4 (System error)
> Apr 10 13:59:04 ip-10-152-174-17 sshd[22872]: fatal: Access denied for
> user client by PAM account configuration
>
>
> (client ipa versions)
> ipa-admintools-3.0.0-26.el6_4.2.x86_64
> ipa-client-3.0.0-26.el6_4.2.x86_64
> ipa-python-3.0.0-26.el6_4.2.x86_64
>
>
> (master ipa versions)
> [root at freeipa ~]# rpm -qa |grep ipa-
>
> ipa-pki-common-theme-9.0.3-7.el6.noarch
> ipa-pki-ca-theme-9.0.3-7.el6.noarch
> ipa-client-3.0.0-26.el6_4.2.x86_64
> ipa-python-3.0.0-26.el6_4.2.x86_64
> ipa-admintools-3.0.0-26.el6_4.2.x86_64
> ipa-server-selinux-3.0.0-26.el6_4.2.x86_64
> ipa-server-3.0.0-26.el6_4.2.x86_64
> [root at freeipa ~]#
An error is occurring somewhere which is why access is denied. This
isn't HBAC, that looks like:
pam_sss(sshd:account): Access denied for user admin: 6 (Permission denied)
You need to crank up debugging in sssd and see what its logs say.
rob
More information about the Freeipa-users
mailing list