as a Linux admin i want to login into my ipa client with a user that is defined in ipa-server UI.
I installed Ipa-server and an Ipa-client on CentOS7.6 I defined Internal DNS on ipa-server and i defined A and PTR records for client on ipa-server. now i can see my client in ipa-UI and i defined a user with name "elham" and i expect that it can login into ipa-client. when i login with root in ipa-client and i do sudo elham, it works and kinit elham works too but when i do ssh into ipa-client with this user, it show "Access denied" i have errors with this context: pam_reply : authentication failure to the client pam_sss: authentication falure
im tired of this issue. please help me if you know the solution.
(what happens)
login into ipa-client successfully
ipa-server 4.6.5-11.el7 ipa-client 4.6.4-10.el7.centos.3
Log file locations:
<img alt="krb5.conf" src="/freeipa/issue/raw/files/663905f3663bd96356a1111317cc850be7fc3f22a5afe03b472603117d84ccb0-krb5.conf" />
<img alt="krb5_child.log" src="/freeipa/issue/raw/files/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855-krb5_child.log" /> <img alt="ldap_child.log" src="/freeipa/issue/raw/files/69de4e45c1da74827c8b837129baa5bc2e03e4e57cc248168b7d3cbed7d85395-ldap_child.log" /> <img alt="sssd.conf" src="/freeipa/issue/raw/files/c9a3d0e73de8fd63b227baff394304c1a35250eb4e32804abb525241f0153176-sssd.conf" /> <img alt="krb5_child.log" src="/freeipa/issue/raw/files/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855-krb5_child.log" /><img alt="ldap_child.log" src="/freeipa/issue/raw/files/69de4e45c1da74827c8b837129baa5bc2e03e4e57cc248168b7d3cbed7d85395-ldap_child.log" /><img alt="sssd.conf" src="/freeipa/issue/raw/files/c9a3d0e73de8fd63b227baff394304c1a35250eb4e32804abb525241f0153176-sssd.conf" /><img alt="sssd.log" src="/freeipa/issue/raw/files/84b3eca9106ad001c72aa8fccc849805b63b6e031a06f6fdf3b21ae9bb8f5644-sssd.log" /><img alt="sssd_lshs.dc.log" src="/freeipa/issue/raw/files/01178b8874de83a1cfea5feb798e603c182a5e06a4901d851d50bb26a63cb775-sssd_lshs.dc.log" /><img alt="sssd_nss.log" src="/freeipa/issue/raw/files/17791286941bda27177a908e21c12e76e0b2de268c6c21e1f30b775219b19e77-sssd_nss.log" /><img alt="sssd_pac.log" src="/freeipa/issue/raw/files/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855-sssd_pac.log" /><img alt="sssd_pam.log" src="/freeipa/issue/raw/files/c893d834d6ffe4080a2b8a3d0d14d65e7a69807cbe92b705eaa83465ff2c0a0e-sssd_pam.log" /> <img alt="sssd.log" src="/freeipa/issue/raw/files/84b3eca9106ad001c72aa8fccc849805b63b6e031a06f6fdf3b21ae9bb8f5644-sssd.log" /> <img alt="sssd_nss.log" src="/freeipa/issue/raw/files/17791286941bda27177a908e21c12e76e0b2de268c6c21e1f30b775219b19e77-sssd_nss.log" /> <img alt="sssd_pac.log" src="/freeipa/issue/raw/files/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855-sssd_pac.log" /> <img alt="sssd_pac.log" src="/freeipa/issue/raw/files/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855-sssd_pac.log" />
Closing, as this is tracked in the community mailing-list:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org/message/RJFBP7ECHACNIXWWFHDAW3M5PQPMPZYU/
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org/message/AJ6KIWGQFCGZU7C6L72WX5IDTZCHCHJN/
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org/message/5ETYVBPPOTQWVSN2QVYD4XZPDTY6IEKR/
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org/message/CWH3ILKCF2IMAGOQEXUW3RBUWH6KRAH3/
Please keep the communication in the mailing-list and keep freeipa-users in CC: or To: as mentioned by Rob multiple times.
Metadata Update from @fcami: - Issue close_status updated to: duplicate - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.