Bug 1118458

Summary: client not able to ssh to localhost with ipa user
Product: Red Hat Enterprise Linux 5 Reporter: Xiyang Dong <xdong>
Component: ipa-clientAssignee: Rob Crittenden <rcritten>
Status: CLOSED NOTABUG QA Contact: Namita Soman <nsoman>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 5.11   
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-07-11 17:16:47 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Xiyang Dong 2014-07-10 18:35:35 UTC 
Description of problem:

client not able to ssh to localhost with ipa user

Version-Release number of selected component (if applicable):
[root@dell-pe1950-01 ~]# rpm -q ipa-server
ipa-server-3.3.3-28.el7.x86_64

[root@nec-em16 ~]# rpm -q ipa-client sssd
ipa-client-2.1.3-7.el5
sssd-1.5.1-71.el5

How reproducible:
Always

Steps to Reproduce:
1.create ipa user on server
2.client ssh to localhost with ipa user

Actual results:

login failed with permission denied

Expected results:

login succesful

Additional info:
sssd is running
client seems to be correctly configured
nothing abnormal in /var/log/messages ,/var/log/secure and sssd logs.


[root@nec-em16 ~]# id testuser004
id: testuser004: No such user

[root@nec-em16 ~]# kinit testuser004
Password for testuser004: 

[root@nec-em16 ~]# ldapsearch -h dell-pe1950-01.testrelm.test -b dc=testrelm,dc=test uid=testuser004 -x 
# extended LDIF
#
# LDAPv3
# base <dc=testrelm,dc=test> with scope subtree
# filter: uid=testuser004
# requesting: ALL
#

# testuser004, users, compat, testrelm.test
dn: uid=testuser004,cn=users,cn=compat,dc=testrelm,dc=test
objectClass: posixAccount
objectClass: top
gecos: testuser 004
cn: testuser 004
uidNumber: 1801800001
gidNumber: 1801800001
loginShell: /bin/sh
homeDirectory: /home/testuser004
uid: testuser004

# testuser004, users, accounts, testrelm.test
dn: uid=testuser004,cn=users,cn=accounts,dc=testrelm,dc=test
krbLastSuccessfulAuth: 20140710172245Z
krbPasswordExpiration: 20141008143509Z
krbExtraData:: AAKdpL5Ta2FkbWluZEBURVNUUkVMTS5URVNUAA==
krbLoginFailedCount: 0
krbTicketFlags: 128
krbLastPwdChange: 20140710143509Z
mepManagedEntry: cn=testuser004,cn=groups,cn=accounts,dc=testrelm,dc=test
displayName: testuser 004
cn: testuser 004
objectClass: top
objectClass: person
objectClass: organizationalperson
objectClass: inetorgperson
objectClass: inetuser
objectClass: posixaccount
objectClass: krbprincipalaux
objectClass: krbticketpolicyaux
objectClass: ipaobject
objectClass: ipasshuser
objectClass: ipaSshGroupOfPubKeys
objectClass: mepOriginEntry
loginShell: /bin/sh
gecos: testuser 004
sn: 004
homeDirectory: /home/testuser004
uid: testuser004
mail: testuser004
krbPrincipalName: testuser004
givenName: testuser
initials: t0
ipaUniqueID: 608021bc-083f-11e4-add5-001372f97726
uidNumber: 1801800001
gidNumber: 1801800001

# search result
search: 2
result: 0 Success

# numResponses: 3
# numEntries: 2
Comment 1 Xiyang Dong 2014-07-11 17:16:47 UTC 
issue can't be reproduced on a different machine , close as not a bug