Hi:
I am using free-ipa 2.2 to manage LDAP/DNS for about a dozen CentOS 6.3 servers on a small network. I am having a problem where a user cannot log into a host even though "ipa hbactest" says the he is authorized. This user can log into other hosts where "ipa hbactest" says he is authorized. Here is the problem in a nutshell: # Works for host1 $ ssh user1@host1 user1@host1's password: <top-secret> Last login ... [user1@host1 ~] echo "SUCCESS" SUCCESS # Fails for host2 $ ssh user1@host2 Password: <top-secret> Permission denied (publickey, gssapi-keyex, gssapi-with-mic, keyboard-interactive). # hbactest $ ipa hbactest --user=user1 --host=host1 --service==sshd -------------------- Access granted: True -------------------- <output snipped> # hbactest $ ipa hbactest --user=user1 --host=host2 --service==sshd -------------------- Access granted: True -------------------- <output snipped> It seems that free-ipa thinks that everything is copacetic so there must be something different on the hosts. I looked at /etc/ssh/sshd.conf, /etc/nsswitch.conf and /etc/sssd/sssd.conf on both hosts but didn't see anything that looked out of whack. I also tried "ssh -vvv" but wasn't sure how to interpret the results. I am using an NFS automount /home setup so both are using the same ~/.ssh. I am not sure how to debug this. Do you know why the password prompt is different? That may be a clue. Can you suggest some other things that I can try? Any help would be greatly appreciated. Thank you. Regards, Joe
_______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
