[Freeipa-users] vsftpd PAM setup problem
jcnt at use.startmail.com
jcnt at use.startmail.com
Fri Sep 11 23:19:47 UTC 2015
Hi All,
I am using RHEL 7 with ipa server and vsftpd - no modifications to installed packages whatsoever.
Local users (listed in /etc/passwd) can login using ftp client but ipa defined users get login denied. Here is the snippet from /var/log/audit/audit.log
type=USER_AUTH msg=audit(1442012213.988:24095): pid=27280 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:ftpd_t:s0-s0:c0.c1023 msg='op=PAM:authentication grantors=? acct="admin" exe="/usr/sbin/vsftpd" hostname=::ffff:192.168.1.11 addr=::ffff:192.168.1.11 terminal=ftp res=failed'
for local account:
type=USER_AUTH msg=audit(1442012143.221:24056): pid=27173 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:ftpd_t:s0-s0:c0.c1023 msg='op=PAM:authentication grantors=pam_listfile,pam_shells,pam_unix acct="jcnt" exe="/usr/sbin/vsftpd" hostname=::ffff:192.168.1.11 addr=::ffff:192.168.1.11 terminal=ftp res=success'
Grantors value is missing when ipa defined user is processed ...
admin user uses default HBAC - all hosts all services.
Identical behavior on a test system running CentOS 7.
I found similar subject thread https://www.redhat.com/archives/freeipa-users/2014-October/msg00479.html but seems not applicable, I haven't touched /tmp permissions/ownership.
--
Josh.
More information about the Freeipa-users
mailing list