On Tue, Oct 28, 2025 at 10:34:46AM -0400, Rob Crittenden via FreeIPA-users wrote: > Frank Bergmann via FreeIPA-users wrote: > > Hi, > > > > I had an issue that an account was not allowed to login to a host. > > A call of hbactest with given user/host/service did show "granted > > false". > > With specifying the rule with "--rules=backup-backup" it did show > > "granted true". > > Checking the output of the first hbactest run it did show "Configured > > size limit exceeded". > > Then I set searchrecordslimit to -1 and the issue was gone, the account > > could login to the host. > > > > Am I missing something or is this a bug? > > > > details: ipa-server-4.9.13-20 RPM and 102 hbacrules > > The default search size limit is 100 and you have 102 rules. You can > either increase the limit, which will affect all searches, or try > passing the limit with the hbactest command. > > I don't recommend setting it to -1.
Hi Rob, thank you. But hbactest was not the actual issue (I know option --sizelimit). hbactest did just "show" me that we have more than 100 rules. The issue was that the login didn't work. And after removing the limit the login did work. Frank -- _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
