'[SSSD-users]Access denied by HBAC Rules'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       sssd-users
Subject:    [SSSD-users]Access denied by HBAC Rules
From:       "Baird, Josh" <jbaird () follett ! com>
Date:       2015-08-21 12:22:43
Message-ID: D6C04EC67151214DAD5E55E7EBF5207E42BCD5E2 () WRXXENTEXMB01 ! na ! follett ! lan
[Download RAW message or body]

Hi,

I have a situation where an IPA/sssd client is not allowing an AD trusted user to \
login, even though HBAC rules allow the user:

(Thu Aug 20 15:15:50 2015) [sssd[be[unix.domain.com]]] [hbac_attrs_to_rule] (0x1000): \
Processing rule [allow_eitunixadmins] (Thu Aug 20 15:15:50 2015) \
[sssd[be[unix.domain.com]]] [hbac_user_attrs_to_rule] (0x1000): Processing users for \
rule [allow_eitunixadmins] (Thu Aug 20 15:15:50 2015) [sssd[be[unix.domain.com]]] \
[sysdb_search_users] (0x2000): Search users with filter: \
(&(objectclass=user)(originalDN=cn=eitunixadmins,cn=groups,cn=accounts,dc=unix,dc=follett,dc=com))
 (Thu Aug 20 15:15:50 2015) [sssd[be[unix.domain.com]]] [ipa_hbac_evaluate_rules] \
(0x0080): Access denied by HBAC rules

jbaird@impr-d1-dc01:~$ ipa hbactest
User name: jbaird@na.follett.lan
Target host: imqa-d1-cl05.corp.domain.com
Service: ssh
--------------------
Access granted: True
--------------------
  Matched rules: allow_eitunixadmins

How would I go about troubleshooting this?  Both client and server are running the \
newest RHEL 7.1.z packages.

Thanks,

Josh


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic