On 17.01.19 10:09, Alexander Bokovoy wrote:
On to, 17 tammi 2019, Ronald Wimmer via FreeIPA-users wrote:
> I set up ipsilon on a separate machine as documented in
>
https://ipsilon-project.org/doc/quickstart-ipa.html
>
> When I try to log in with the admin user I get the "Unauthorized"
> error. The logs say:
>
> ==> ssl_error_log <==
> [Thu Jan 17 09:51:45.555163 2019] [authnz_pam:warn] [pid 5977]
> [client 10.65.150.250:33802] PAM account validation failed for user
> admin: Permission denied, referer:
>
https://ipa-ipsilon.linux.mydomain.at/idp/login/gssapi/negotiate?ipsilon_...
Well, as it says, PAM validation failed. You need to look into sssd logs
to see what was wrong. Most likely you have no HBAC rule that allows to
login to ipsilon for your users. Did you create one? You need to create
HBAC service 'ipsilon' and then an HBAC rule to govern access to this
service on the machine where ipsilon is deployed.
Thanks a lot for pointing me in the right direction. I am already logged
in. As we are still not using IPA productively I did not come to my mind...
Cheers,
Ronald