[Freeipa-users] [Solaris 10] Cannot login through console or ssh with ipa users
Dmitri Pal
dpal at redhat.com
Wed Feb 25 23:58:31 UTC 2015
On 02/25/2015 04:37 PM, nathan at nathanpeters.com wrote:
>> It does not seem to recognize the user in the secan attempt but the
>> first attempt seems to authenticate and then disconnect.
>> I do not see trace from accounting session but I suspect that your pam
>> stack does not authorize authenticated user.
>> Try to allow all authenticated users first. This will prove that it is a
>> pam stack accounting phase configuration issue.
>>
>> --
>> Thank you,
>> Dmitri Pal
>>
>> Sr. Engineering Manager IdM portfolio
>> Red Hat, Inc.
>>
>> --
>> Manage your subscription for the Freeipa-users mailing list:
>> https://www.redhat.com/mailman/listinfo/freeipa-users
>> Go To http://freeipa.org for more info on the project
>>
> How do I allow all authenticated users? In the freeIPA domain I have a
> rule 'allow_all' that allows any user to connect to any system on any
> service. This is working fine for linux clients.
>
> I assume you mean to do it on the Solaris machine? I don't have any users
> specifically blocked, ie, there is nothing in my sshd_config file that is
> limiting the users and groups that can login. Eg, I've got no
> 'AllowUsers' lines or anything like that. I've even got PermitRootLogin
> set to yes and have tested that root can login.
>
>
>
>
other account required pam_permit.so
and comment other pam modules in the section:
Default definition for Account management
# Used when service name is not explicitly mentioned for account management
#
other account requisite pam_roles.so.1 debug
other account required pam_unix_account.so.1 debug
#other account sufficient pam_ldap.so.1
other account required pam_krb5.so.1 debug
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.
More information about the Freeipa-users
mailing list