[Freeipa-users] freeipa permission denied for user

Rakesh Rajasekharan rakesh.rajasekharan at gmail.com
Fri Feb 19 09:24:43 UTC 2016 

>                ^^^^^^^^^^^^^^^^
>        This usually mean critical error in sssd.
> Please provide log files (sssd_$domain.log and krb5_child.log)

I found this in my sssd-$domain.log

 [krb5_auth_prepare_ccache_name] (0x1000): No ccache file for user
[tempuser] found

so searching around I found that the permissions for the /tmp directory
should be 777..

setting it to 777 fixed the issue for me..



Thanks,
Rakesh



On Fri, Feb 19, 2016 at 1:08 PM, Lukas Slebodnik <lslebodn at redhat.com>
wrote:

> On (18/02/16 18:41), Rakesh Rajasekharan wrote:
> >I set up freeipa on our environment and its works perfectly for most of
> the
> >hosts.. but on few I am getting a permission denied.
> >
> >[root at ipa-client-1c :~] ssh tempuser at localhost
> >tempuser at localhost's password:
> >Permission denied, please try again.
> >tempuser at localhost's password:
> >
> >
> >
> >
> >I checked the hbac, but that seems to be fine
> >
> >root at ipa-master-test-1b ] ipa hbactest --user=tempuser --host=x.x.x.x
> >--service=sshd
> >--------------------
> >Access granted: True
> >--------------------
> >  Matched rules: allow_all
> >
> >
> >Another thing I noticed is the nsswitch.conf had the below entries after
> >the freeipa installation
> >passwd:     files sss ldap
> >shadow:     files sss ldap
> >group:      files sss ldap
> >
> >hosts:      files dns
> >
> >
> >bootparams: nisplus [NOTFOUND=return] files
> >
> >ethers:     files
> >netmasks:   files
> >networks:   files
> >protocols:  files
> >rpc:        files
> >services:   files sss
> >
> >netgroup:   files sss ldap
> >
> >publickey:  nisplus
> >
> >automount:  files ldap
> >aliases:    files nisplus
> >
> >sudoers: files sss
> >
> >
> >The ldap shouldn't be there above I guess..
> >
> >and from the logs, i have the below errors
> >
> >==> /var/log/secure <==
> >Feb 18 03:29:33 ip-x-x-x-x sshd[24851]: pam_unix(sshd:auth):
> authentication
> >failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=x.x.x.x  user=tempuser
> >Feb 18 03:29:33 ip-x-x-x-x sshd[24851]: pam_sss(sshd:auth): authentication
> >failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=x.x.x.x user=tempuser
> >Feb 18 03:29:33 ip-x-x-x-x sshd[24851]: pam_sss(sshd:auth): received for
> >user tempuser: 4 (System error)
>                 ^^^^^^^^^^^^^^^^
>         This usually mean critical error in sssd.
> Please provide log files (sssd_$domain.log and krb5_child.log)
> with high debug level.
> https://fedorahosted.org/sssd/wiki/Troubleshooting
>
> Whis version of sssd do you have?
>
> LS
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160219/b12787df/attachment.htm>

More information about the Freeipa-users mailing list