Kristian Petersen via FreeIPA-users wrote: > I ran that and the sshd service shows access granted True even though > ssh-ing in doesn't work. Does the user have to have both login and sshd > to login via ssh? Other users that have the same permissions are able > to get in OK which is why this is so confusing.
No, they are different pam services. You'll need to bump up sssd debugging on the client side to see what is going on. rob > > On Tue, Mar 17, 2020 at 1:04 AM Angus Clarke <p...@angusclarke.com > <mailto:p...@angusclarke.com>> wrote: > > Hello > > I suggest running the hbactest function, somrthing like: > > ipa hbactest --user=user1 --host=fqdn.of.target.server --service=login > > Regards > Angus > > ------------------------------------------------------------------------ > *From:* Kristian Petersen via FreeIPA-users > <freeipa-users@lists.fedorahosted.org > <mailto:freeipa-users@lists.fedorahosted.org>> > *Sent:* 16 March 2020 21:57 > *To:* FreeIPA users list <freeipa-users@lists.fedorahosted.org > <mailto:freeipa-users@lists.fedorahosted.org>> > *Cc:* Kristian Petersen <nesre...@chem.byu.edu > <mailto:nesre...@chem.byu.edu>> > *Subject:* [Freeipa-users] Some users unable to log in to host > > Hey all, > > I have a user that is trying to log into a host that is configured > to have access restricted via an HBAC rule. This user is a > member of one of the groups defined in the HBAC rule that should be > granted access. When this user tries to SSH in to this host, they > get 3 consecutive password prompts like "Password:" and then one > like "username@domain's password:" and then they get a response of > "Permission denied, please try again." I am not seeing any entries > in the messages log or secure log for this user from these log in > attempts. Anyone have any thoughts about why this is happening? > -- > Kristian Petersen > System Administrator > BYU Dept. of Chemistry and Biochemistry > > > > -- > Kristian Petersen > System Administrator > BYU Dept. of Chemistry and Biochemistry > > _______________________________________________ > FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org > To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org > _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
