Hi,
I have a situation where an IPA/sssd client is not allowing an AD trusted user to login,
even though HBAC rules allow the user:
(Thu Aug 20 15:15:50 2015) [sssd[be[unix.domain.com]]] [hbac_attrs_to_rule] (0x1000):
Processing rule [allow_eitunixadmins] (Thu Aug 20 15:15:50 2015)
[sssd[be[unix.domain.com]]] [hbac_user_attrs_to_rule] (0x1000): Processing users for rule
[allow_eitunixadmins] (Thu Aug 20 15:15:50 2015) [sssd[be[unix.domain.com]]]
[sysdb_search_users] (0x2000): Search users with filter:
(&(objectclass=user)(originalDN=cn=eitunixadmins,cn=groups,cn=accounts,dc=unix,dc=follett,dc=com))
(Thu Aug 20 15:15:50 2015) [sssd[be[unix.domain.com]]] [ipa_hbac_evaluate_rules] (0x0080):
Access denied by HBAC rules
jbaird@impr-d1-dc01:~$ ipa hbactest
User name: jbaird(a)na.follett.lan
Target host:
imqa-d1-cl05.corp.domain.com
Service: ssh
--------------------
Access granted: True
--------------------
Matched rules: allow_eitunixadmins
How would I go about troubleshooting this? Both client and server are running the newest
RHEL 7.1.z packages.
Thanks,
Josh