Description of problem: client not able to ssh to localhost with ipa user Version-Release number of selected component (if applicable): [root@dell-pe1950-01 ~]# rpm -q ipa-server ipa-server-3.3.3-28.el7.x86_64 [root@nec-em16 ~]# rpm -q ipa-client sssd ipa-client-2.1.3-7.el5 sssd-1.5.1-71.el5 How reproducible: Always Steps to Reproduce: 1.create ipa user on server 2.client ssh to localhost with ipa user Actual results: login failed with permission denied Expected results: login succesful Additional info: sssd is running client seems to be correctly configured nothing abnormal in /var/log/messages ,/var/log/secure and sssd logs. [root@nec-em16 ~]# id testuser004 id: testuser004: No such user [root@nec-em16 ~]# kinit testuser004 Password for testuser004: [root@nec-em16 ~]# ldapsearch -h dell-pe1950-01.testrelm.test -b dc=testrelm,dc=test uid=testuser004 -x # extended LDIF # # LDAPv3 # base <dc=testrelm,dc=test> with scope subtree # filter: uid=testuser004 # requesting: ALL # # testuser004, users, compat, testrelm.test dn: uid=testuser004,cn=users,cn=compat,dc=testrelm,dc=test objectClass: posixAccount objectClass: top gecos: testuser 004 cn: testuser 004 uidNumber: 1801800001 gidNumber: 1801800001 loginShell: /bin/sh homeDirectory: /home/testuser004 uid: testuser004 # testuser004, users, accounts, testrelm.test dn: uid=testuser004,cn=users,cn=accounts,dc=testrelm,dc=test krbLastSuccessfulAuth: 20140710172245Z krbPasswordExpiration: 20141008143509Z krbExtraData:: AAKdpL5Ta2FkbWluZEBURVNUUkVMTS5URVNUAA== krbLoginFailedCount: 0 krbTicketFlags: 128 krbLastPwdChange: 20140710143509Z mepManagedEntry: cn=testuser004,cn=groups,cn=accounts,dc=testrelm,dc=test displayName: testuser 004 cn: testuser 004 objectClass: top objectClass: person objectClass: organizationalperson objectClass: inetorgperson objectClass: inetuser objectClass: posixaccount objectClass: krbprincipalaux objectClass: krbticketpolicyaux objectClass: ipaobject objectClass: ipasshuser objectClass: ipaSshGroupOfPubKeys objectClass: mepOriginEntry loginShell: /bin/sh gecos: testuser 004 sn: 004 homeDirectory: /home/testuser004 uid: testuser004 mail: testuser004 krbPrincipalName: testuser004 givenName: testuser initials: t0 ipaUniqueID: 608021bc-083f-11e4-add5-001372f97726 uidNumber: 1801800001 gidNumber: 1801800001 # search result search: 2 result: 0 Success # numResponses: 3 # numEntries: 2
issue can't be reproduced on a different machine , close as not a bug