[Freeipa-users] error install replication
Martin Kosek
mkosek at redhat.com
Mon Feb 9 15:12:33 UTC 2015
On 02/09/2015 03:31 PM, Dmitri Pal wrote:
> On 02/09/2015 08:34 AM, alireza baghery wrote:
>> yes try "ssh admin at hostname" but do not work
>> ====log secure-====
>>
>> Feb 9 15:42:20 ipasrv sshd[13414]: pam_unix(sshd:auth): authentication
>> failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.30.160.20 user=admin
>> Feb 9 15:42:20 ipasrv sshd[13414]: pam_sss(sshd:auth): authentication
>> success; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.30.160.20 user=admin
>> Feb 9 15:42:20 ipasrv sshd[13414]: pam_sss(sshd:account): Access denied for
>> user admin: 6 (Permission denied)
>> Feb 9 15:42:20 ipasrv sshd[13414]: Failed password for admin from
>> 10.30.160.20 port 52123 ssh2
>> Feb 9 15:42:20 ipasrv sshd[13415]: fatal: Access denied for user admin by
>> PAM account configuration
>>
>
> Do you have HBAC rules? Does admin have the rights to log via SSH?
> If you changed the default rules it might be that admin is not allowed to log
> via ssh.
Good questions. Also note, that if for some special reasons, you do not want to
make admins log in to your FreeIPA servers, you can always pass
--skip-conncheck to the replica and go straight to the installation, skipping
the firewall check.
Of course, no guarantees that the installation won't get stuck or crash because
of closed ports in that case.
Martin
More information about the Freeipa-users
mailing list