Hello list,
After much testing I've found that this issue is not related to the IPA client machine, but to the IPA server the IPA client is using, and that's because I can log in into some of my IPA Servers (via Web Panel), but not to others, and that coincides with the server the clients can/can't login are using. So it seems there is a synchronization problem between my 3 IPA servers that I can't pinpoint yet.
So far, any change that I apply to any user via the Web Panel o command line is replicated to the other servers, but I've failed to see what parameter could be set in the servers where I'm unable to login.
I've tested with a user created with no locking policies at all, but this user can only login successfully to some IPA servers too.
Time is synchronized correctly between my three servers, ntpstat show that time is correct within 75 ms as much, so it doesn't seem to be the issue here.
Does this ring a bell to anyone? Any pointer in where to look further will be much appreciated.
Thanks in advance, regards...
Raul