Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 6): Bug 1662479
Description of problem: While installing ipa-client sshd service is failing to start. I also tried to install with "--no-ssh" option. Version-Release number of selected component (if applicable): ipa-client-3.0.0-51.el6.x86_64 How reproducible: # ipa-client-install -d --domain gsslab.pnq2.redhat.com --server vm250-105.gsslab.pnq2.redhat.com --realm GSSLAB.PNQ2.REDHAT.COM --ca-cert-file=/etc/ipa/ca.crt -p admin -w RedHat1! --no-ssh Actual results: ~~~ ... stdout=openssh-daemon (pid 5414) is running... stderr= args=/sbin/service sshd restart stdout=Stopping sshd: [ OK ] Starting sshd: [FAILED] stderr=/etc/ssh/sshd_config line 147: Directive 'UsePAM' is not allowed within a Match block sshd failed to restart: Command '/sbin/service sshd restart ' returned non-zero exit status 255 Client configuration complete. ~~~ Expected results: ~~~ stderr= args=/sbin/service sshd restart stdout=Stopping sshd: [ OK ] Starting sshd: [ OK ] stderr= args=/sbin/service sshd status stdout=openssh-daemon (pid 25393) is running... stderr= Client configuration complete. ~~~ Additional info: Bug 1282845
Metadata Update from @rcritten: - Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1662479
Match section block extends until end of file. I guess we need at least to document that we add certain instructions to sshd_config and they might be invalid if 'Match' block is present at the end of sshd_config.
Metadata Update from @abbra: - Issue set to the milestone: FreeIPA 3.x Documentation (was: 0.0 NEEDS_TRIAGE)
Login to comment on this ticket.