On 02/25/2015 04:37 PM, nat...@nathanpeters.com wrote:
It does not seem to recognize the user in the secan attempt but the
first attempt seems to authenticate and then disconnect.
I do not see trace from accounting session but I suspect that your pam
stack does not authorize authenticated user.
Try to allow all authenticated users first. This will prove that it is a
pam stack accounting phase configuration issue.
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project
How do I allow all authenticated users? In the freeIPA domain I have a
rule 'allow_all' that allows any user to connect to any system on any
service. This is working fine for linux clients.
I assume you mean to do it on the Solaris machine? I don't have any users
specifically blocked, ie, there is nothing in my sshd_config file that is
limiting the users and groups that can login. Eg, I've got no
'AllowUsers' lines or anything like that. I've even got PermitRootLogin
set to yes and have tested that root can login.
other account required pam_permit.so
and comment other pam modules in the section:
Default definition for Account management
# Used when service name is not explicitly mentioned for account management
#
other account requisite pam_roles.so.1 debug
other account required pam_unix_account.so.1 debug
#other account sufficient pam_ldap.so.1
other account required pam_krb5.so.1 debug
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project
