Am Wed, Apr 27, 2022 at 02:50:42PM -0000 schrieb Ben Aveling via FreeIPA-users:
We're having users unable to login on some hosts.
The error message in /var/log/secure is:
sshd[29399]: error: PAM: User account has expired for <<username>> from
<<ip address>>
The same users can login fine to other hosts, suggesting it's a config or other issue
with these specific hosts.
Hi,
I would guess that some of the cached user data is not updated because
the domain the user is coming from is offline from some reasons. You can
check with 'sssctl domain-status domain.name' the status of the domain
('sssctl domain-list' will show a list of all domains). If the domain is
offline maybe restarting SSSD might already help. If not please enable
debugging by adding 'debug_level = 9' to the [domain/...] section of
sssd.conf, restart SSSD, try to login again and then check the SSSD
debug logs or send them here.
bye,
Sumit
Has anyone seen anything similar?
_______________________________________________
FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho...
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure