I just realized that I never closed the loop on this problem and just finished upgrading all my systems to use our new IPA servers. And this problem is still with me.
I can log onto some workstations but not all. My only enabled hbac rule is still "allow_all", and it's as permissive as it gets.
Is there anything else I can check? I'm trying to get this working before my users arrive on Monday and carry off my head on a pikestaff...
Bret
On 02/22/2018 09:30 AM, Bret Wortman wrote:
Back to this thread; I stood up a new VM and used ipa-client-install to subscribe it to the new server. I can log on to it from both ssh and console, so the problem on my original workstation appears to be in switching from one server to another.
Thoughts?
On 02/21/2018 10:29 AM, Bret Wortman wrote:
My only hbac rule is "allow_all", and it's enabled. I hadn't gotten around to setting up any additional ones yet.
On 02/21/2018 10:14 AM, Rob Crittenden wrote:
Bret Wortman via FreeIPA-users wrote:
Any ideas why I might be prevented from logging in on a system through GDM and the console, but if I log in as root and:
# ssh bretw@localhost
I'm able to log in without issues? And it'll tell me about failed logins for every time I try through GDM or the console.
This is on a brand new IPA server I'm setting up using data from our older ones but it's not set up as a replica.
Check HBAC rules. Logging into console is a different pam service than ssh.
rob