I ran that and the sshd service shows access granted True even though
ssh-ing in doesn't work. Does the user have to have both login and sshd to
login via ssh? Other users that have the same permissions are able to get
in OK which is why this is so confusing.
On Tue, Mar 17, 2020 at 1:04 AM Angus Clarke <post(a)angusclarke.com> wrote:
Hello
I suggest running the hbactest function, somrthing like:
ipa hbactest --user=user1 --host=fqdn.of.target.server --service=login
Regards
Angus
------------------------------
*From:* Kristian Petersen via FreeIPA-users <
freeipa-users(a)lists.fedorahosted.org>
*Sent:* 16 March 2020 21:57
*To:* FreeIPA users list <freeipa-users(a)lists.fedorahosted.org>
*Cc:* Kristian Petersen <nesretep(a)chem.byu.edu>
*Subject:* [Freeipa-users] Some users unable to log in to host
Hey all,
I have a user that is trying to log into a host that is configured to have
access restricted via an HBAC rule. This user is a member of one of the
groups defined in the HBAC rule that should be granted access. When this
user tries to SSH in to this host, they get 3 consecutive password prompts
like "Password:" and then one like "username@domain's password:"
and then
they get a response of "Permission denied, please try again." I am not
seeing any entries in the messages log or secure log for this user from
these log in attempts. Anyone have any thoughts about why this is
happening?
--
Kristian Petersen
System Administrator
BYU Dept. of Chemistry and Biochemistry
--
Kristian Petersen
System Administrator
BYU Dept. of Chemistry and Biochemistry