[Freeipa-users] SSSD/SSH authentication issues on some hosts
Ryan Cunningham
ryan.cunningham.xyzzy at gmail.com
Sun Jun 2 19:49:02 UTC 2013
Hello,
I've been evaluating FreeIPA in a lab environment prior to possibly rolling
it out in our enterprise but have been having issues with a few hosts
rejecting SSH logins for users authenticated against the FreeIPA server via
SSSD.
All systems are running CentOS 6.4 with FreeIPA client/server 3.0.0
installed from the base repo. The default RBAC rule to allow all users
access to all hosts is in effect, the only Kerberos/LDAP/SSSD/PAM
configuration changes that have been made on client machines (apart from
enabling debug logging) were done with `ipa-client-install --mkhomedir`.
I enabled debug logging for SSSD and have included relevant bits from the
log files here:
https://gist.github.com/arg0sy/5694537
I can get a Kerberos ticket for the admin user on the ovz2 host and connect
ssh into the test host as the admin user afterward without any problems.
I assume that there's something I'm missing, but I haven't had much luck
Googling, any insight into the issue anyone could provide would be very
welcome.
Best Regards,
Ryan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20130602/fdb369bb/attachment.htm>
More information about the Freeipa-users
mailing list