[Freeipa-users] AD users cannot log in: PAM permission denied
Guertin, David S.
guertin at middlebury.edu
Wed Mar 18 19:13:38 UTC 2015
> In standard FreeIPA setup we have 'allow_all' HBAC rule which roughly
> states "anyone can access any service on any host". Did you disable this
> rule?
>
> If yes, then you have to have an explicit rules allowing access to specific
> services.
Thanks! Yes, that was it exactly. I did disable the "allow all" rule on installation, but hadn't set up a specific rule allowing the appropriate group SSH access. I've added the rule, and everything is working as it should now. I'm a very happy sysadmin at the moment. :-)
David Guertin
More information about the Freeipa-users
mailing list