I set up freeipa on our environment and its works perfectly for most of the hosts.. but on few I am getting a permission denied.
[root@ipa-client-1c :~] ssh tempuser@localhost tempuser@localhost's password: Permission denied, please try again. tempuser@localhost's password: I checked the hbac, but that seems to be fine root@ipa-master-test-1b ] ipa hbactest --user=tempuser --host=x.x.x.x --service=sshd -------------------- Access granted: True -------------------- Matched rules: allow_all Another thing I noticed is the nsswitch.conf had the below entries after the freeipa installation passwd: files sss ldap shadow: files sss ldap group: files sss ldap hosts: files dns bootparams: nisplus [NOTFOUND=return] files ethers: files netmasks: files networks: files protocols: files rpc: files services: files sss netgroup: files sss ldap publickey: nisplus automount: files ldap aliases: files nisplus sudoers: files sss The ldap shouldn't be there above I guess.. and from the logs, i have the below errors ==> /var/log/secure <== Feb 18 03:29:33 ip-x-x-x-x sshd[24851]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=x.x.x.x user=tempuser Feb 18 03:29:33 ip-x-x-x-x sshd[24851]: pam_sss(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=x.x.x.x user=tempuser Feb 18 03:29:33 ip-x-x-x-x sshd[24851]: pam_sss(sshd:auth): received for user tempuser: 4 (System error) Feb 18 03:29:35 ip-x-x-x-x sshd[24851]: Failed password for tempuser from x.x.x.x port 36687 ssh2 Feb 18 03:29:39 ip-x-x-x-x sshd[24853]: Connection closed by x.x.x.x Feb 18 03:34:17 ip-x-x-x-x sshd[25108]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=127.0.0.1 user=tempuser Feb 18 03:34:17 ip-x-x-x-x sshd[25108]: pam_sss(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=127.0.0.1 user=tempuser Feb 18 03:34:17 ip-x-x-x-x sshd[25108]: pam_sss(sshd:auth): received for user tempuser: 4 (System error) Feb 18 03:34:19 ip-x-x-x-x sshd[25108]: Failed password for tempuser from 127.0.0.1 port 59870 ssh2 ==> /var/log/messages <== Feb 18 03:37:45 ip-x-x-x-x sssd[be[xyz.com]]: Shutting down Feb 18 03:37:45 ip-x-x-x-x sssd: Starting up Feb 18 03:37:46 ip-x-x-x-x sssd[be[xyz.com]]: Starting up Feb 18 03:37:46 ip-x-x-x-x sssd[nss]: Starting up Feb 18 03:37:46 ip-x-x-x-x sssd[sudo]: Starting up Feb 18 03:37:46 ip-x-x-x-x sssd[pam]: Starting up Feb 18 03:37:46 ip-x-x-x-x sssd[pac]: Starting up Feb 18 03:37:46 ip-x-x-x-x sssd[ssh]: Starting up Feb 18 03:37:46 ip-x-x-x-x sssd[be[xyz.com]]: dereference processing failed : Input/output error Feb 18 03:37:46 ip-x-x-x-x sssd[be[xyz.com]]: dereference processing failed : Input/output error Feb 18 03:38:41 ip-x-x-x-x [sssd[krb5_child[25324]]]: Permission denied Feb 18 03:38:41 ip-x-x-x-x [sssd[krb5_child[25324]]]: Permission denied
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project