On 02/09/2015 03:31 PM, Dmitri Pal wrote: > On 02/09/2015 08:34 AM, alireza baghery wrote: >> yes try "ssh admin@hostname" but do not work >> ====log secure-==== >> >> Feb 9 15:42:20 ipasrv sshd[13414]: pam_unix(sshd:auth): authentication >> failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.30.160.20 user=admin >> Feb 9 15:42:20 ipasrv sshd[13414]: pam_sss(sshd:auth): authentication >> success; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.30.160.20 user=admin >> Feb 9 15:42:20 ipasrv sshd[13414]: pam_sss(sshd:account): Access denied for >> user admin: 6 (Permission denied) >> Feb 9 15:42:20 ipasrv sshd[13414]: Failed password for admin from >> 10.30.160.20 port 52123 ssh2 >> Feb 9 15:42:20 ipasrv sshd[13415]: fatal: Access denied for user admin by >> PAM account configuration >> > > Do you have HBAC rules? Does admin have the rights to log via SSH? > If you changed the default rules it might be that admin is not allowed to log > via ssh.
Good questions. Also note, that if for some special reasons, you do not want to make admins log in to your FreeIPA servers, you can always pass --skip-conncheck to the replica and go straight to the installation, skipping the firewall check. Of course, no guarantees that the installation won't get stuck or crash because of closed ports in that case. Martin -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
