I just realized that I never closed the loop on this problem and just
finished upgrading all my systems to use our new IPA servers. And this
problem is still with me.
I can log onto some workstations but not all. My only enabled hbac rule
is still "allow_all", and it's as permissive as it gets.
Is there anything else I can check? I'm trying to get this working
before my users arrive on Monday and carry off my head on a pikestaff...
Bret
On 02/22/2018 09:30 AM, Bret Wortman wrote:
Back to this thread; I stood up a new VM and used ipa-client-install
to subscribe it to the new server. I can log on to it from both ssh
and console, so the problem on my original workstation appears to be
in switching from one server to another.
Thoughts?
On 02/21/2018 10:29 AM, Bret Wortman wrote:
> My only hbac rule is "allow_all", and it's enabled. I hadn't gotten
> around to setting up any additional ones yet.
>
>
> On 02/21/2018 10:14 AM, Rob Crittenden wrote:
>> Bret Wortman via FreeIPA-users wrote:
>>> Any ideas why I might be prevented from logging in on a system through
>>> GDM and the console, but if I log in as root and:
>>>
>>> # ssh bretw@localhost
>>>
>>> I'm able to log in without issues? And it'll tell me about failed
>>> logins
>>> for every time I try through GDM or the console.
>>>
>>> This is on a brand new IPA server I'm setting up using data from our
>>> older ones but it's not set up as a replica.
>> Check HBAC rules. Logging into console is a different pam service
>> than ssh.
>>
>> rob
>