hi guys
I think it was asked on the list before but I still cannot find the thread.
Should AD's users be able to login to IPA's clients(non-replica) in a pretty vanilla setup? Those users can login to IPA masters okey.
I have not created any HBACs yet, nor added new hostgroups etc.
When I ssh to IPA's client that client denies that user & shows:
pam_sss(sshd:auth): received for user user1@private: 6 (Permission denied)
...
many thanks, L.
freeipa-users@lists.fedorahosted.org