On (14/02/17 13:00), Nuno Higgs wrote: >Hello All, > > > >I have a LXC container running Centos7, fully patched that i can't login >into in a standard IPA usage configuration: > > >Feb 13 19:42:07 lxc1 sshd[1536]: pam_sss(sshd:account): Access denied for >user nuno 4 (System error) > System error means unexpected state for sssd.
I would recommend to follow sssd troubleshooting wiki https://fedorahosted.org/sssd/wiki/Troubleshooting#TroubleshootingAuthenticationPasswordChangeandAccessControl >Feb 13 19:42:07 lxc1 sshd[1536]: Failed password for nuno from 172.16.0.10 >port 54461 ssh2 > >Feb 13 19:42:07 lxc1 sshd[1536]: fatal: Access denied for user nuno by PAM >account configuration [preauth] > >Feb 13 19:43:42 lxc1 sshd[1553]: Connection closed by 172.16.3.253 [preauth] > >Feb 13 19:53:04 lxc1 sshd[1635]: pam_sss(sshd:auth): authentication success; >logname= uid=0 euid=0 tty=ssh ruser= rhost=172.16.3.253 user=nuno > >Feb 13 19:53:04 lxc1 sshd[1632]: error: PAM: User account has expired for >nuno from 172.16.3.253 > This error is little bit later but I think it is clear enough. The account is expired. LS -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project