[prev in list] [next in list] [prev in thread] [next in thread]
List: sssd-users
Subject: [SSSD-users]Access denied by HBAC Rules
From: "Baird, Josh" <jbaird () follett ! com>
Date: 2015-08-21 12:22:43
Message-ID: D6C04EC67151214DAD5E55E7EBF5207E42BCD5E2 () WRXXENTEXMB01 ! na ! follett ! lan
[Download RAW message or body]
Hi,
I have a situation where an IPA/sssd client is not allowing an AD trusted user to \
login, even though HBAC rules allow the user:
(Thu Aug 20 15:15:50 2015) [sssd[be[unix.domain.com]]] [hbac_attrs_to_rule] (0x1000): \
Processing rule [allow_eitunixadmins] (Thu Aug 20 15:15:50 2015) \
[sssd[be[unix.domain.com]]] [hbac_user_attrs_to_rule] (0x1000): Processing users for \
rule [allow_eitunixadmins] (Thu Aug 20 15:15:50 2015) [sssd[be[unix.domain.com]]] \
[sysdb_search_users] (0x2000): Search users with filter: \
(&(objectclass=user)(originalDN=cn=eitunixadmins,cn=groups,cn=accounts,dc=unix,dc=follett,dc=com))
(Thu Aug 20 15:15:50 2015) [sssd[be[unix.domain.com]]] [ipa_hbac_evaluate_rules] \
(0x0080): Access denied by HBAC rules
jbaird@impr-d1-dc01:~$ ipa hbactest
User name: jbaird@na.follett.lan
Target host: imqa-d1-cl05.corp.domain.com
Service: ssh
--------------------
Access granted: True
--------------------
Matched rules: allow_eitunixadmins
How would I go about troubleshooting this? Both client and server are running the \
newest RHEL 7.1.z packages.
Thanks,
Josh
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic