Hide Forgot
This bug is created as a clone of upstream ticket: https://fedorahosted.org/sssd/ticket/1148 When used in conjunction with FreeIPA, SSSD is processing local user accounts during ssh login and rejecting them. Users are below the ignore min uid range. I can verify that getent passwd -s sssd jr does not exist, which should cause SSSD Pam to ignore him when Pam-unix passes the auth phase. Instead, he gets processed as if he were a FreeIPA user: {{{ (Mon Jan 23 07:54:44 2012) [sssd[be[expertcity.com]]] [sysdb_search_user_by_name] (0x0400): No such entry (Mon Jan 23 07:54:44 2012) [sssd[be[expertcity.com]]] [hbac_eval_user_element] (0x0020): Could not determine user memberships for [jr] (Mon Jan 23 07:54:44 2012) [sssd[be[expertcity.com]]] [hbac_ctx_to_rules] (0x0020): Could not construct eval request (Mon Jan 23 07:54:44 2012) [sssd[be[expertcity.com]]] [ipa_hbac_evaluate_rules] (0x0020): Could not construct HBAC rules (Mon Jan 23 07:54:44 2012) [sssd[be[expertcity.com]]] [be_pam_handler_callback] (0x0100): Backend returned: (3, 4, <NULL>) [Internal Error (System error)] (Mon Jan 23 07:54:44 2012) [sssd[be[expertcity.com]]] [be_pam_handler_callback] (0x0100): Sending result [4][expertcity.com] (Mon Jan 23 07:54:44 2012) [sssd[be[expertcity.com]]] [be_pam_handler_callback] (0x0100): Sent result [4][expertcity.com] (Mon Jan 23 07:54:58 2012) [sssd[be[expertcity.com]]] [sdap_id_conn_data_expire_handler }}}