Bug 1118458 - client not able to ssh to localhost with ipa user
Summary: client not able to ssh to localhost with ipa user
Alias: None
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: ipa-client
Version: 5.11
Hardware: Unspecified
OS: Linux
Target Milestone: rc
: ---
Assignee: Rob Crittenden
QA Contact: Namita Soman
Depends On:
TreeView+ depends on / blocked
Reported: 2014-07-10 18:35 UTC by Xiyang Dong
Modified: 2014-07-11 17:16 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2014-07-11 17:16:47 UTC

Attachments (Terms of Use)

Description Xiyang Dong 2014-07-10 18:35:35 UTC
Description of problem:

client not able to ssh to localhost with ipa user

Version-Release number of selected component (if applicable):
[root@dell-pe1950-01 ~]# rpm -q ipa-server

[root@nec-em16 ~]# rpm -q ipa-client sssd

How reproducible:

Steps to Reproduce:
1.create ipa user on server
2.client ssh to localhost with ipa user

Actual results:

login failed with permission denied

Expected results:

login succesful

Additional info:
sssd is running
client seems to be correctly configured
nothing abnormal in /var/log/messages ,/var/log/secure and sssd logs.

[root@nec-em16 ~]# id testuser004
id: testuser004: No such user

[root@nec-em16 ~]# kinit testuser004
Password for testuser004@TESTRELM.TEST: 

[root@nec-em16 ~]# ldapsearch -h dell-pe1950-01.testrelm.test -b dc=testrelm,dc=test uid=testuser004 -x 
# extended LDIF
# LDAPv3
# base <dc=testrelm,dc=test> with scope subtree
# filter: uid=testuser004
# requesting: ALL

# testuser004, users, compat, testrelm.test
dn: uid=testuser004,cn=users,cn=compat,dc=testrelm,dc=test
objectClass: posixAccount
objectClass: top
gecos: testuser 004
cn: testuser 004
uidNumber: 1801800001
gidNumber: 1801800001
loginShell: /bin/sh
homeDirectory: /home/testuser004
uid: testuser004

# testuser004, users, accounts, testrelm.test
dn: uid=testuser004,cn=users,cn=accounts,dc=testrelm,dc=test
krbLastSuccessfulAuth: 20140710172245Z
krbPasswordExpiration: 20141008143509Z
krbLoginFailedCount: 0
krbTicketFlags: 128
krbLastPwdChange: 20140710143509Z
mepManagedEntry: cn=testuser004,cn=groups,cn=accounts,dc=testrelm,dc=test
displayName: testuser 004
cn: testuser 004
objectClass: top
objectClass: person
objectClass: organizationalperson
objectClass: inetorgperson
objectClass: inetuser
objectClass: posixaccount
objectClass: krbprincipalaux
objectClass: krbticketpolicyaux
objectClass: ipaobject
objectClass: ipasshuser
objectClass: ipaSshGroupOfPubKeys
objectClass: mepOriginEntry
loginShell: /bin/sh
gecos: testuser 004
sn: 004
homeDirectory: /home/testuser004
uid: testuser004
mail: testuser004@testrelm.test
krbPrincipalName: testuser004@TESTRELM.TEST
givenName: testuser
initials: t0
ipaUniqueID: 608021bc-083f-11e4-add5-001372f97726
uidNumber: 1801800001
gidNumber: 1801800001

# search result
search: 2
result: 0 Success

# numResponses: 3
# numEntries: 2

Comment 1 Xiyang Dong 2014-07-11 17:16:47 UTC
issue can't be reproduced on a different machine , close as not a bug

Note You need to log in before you can comment on or make changes to this bug.