Am Wed, Apr 27, 2022 at 02:50:42PM -0000 schrieb Ben Aveling via FreeIPA-users:

We're having users unable to login on some hosts.

The error message in /var/log/secure is:

sshd[29399]: error: PAM: User account has expired for <<username>> from <<ip address>>

The same users can login fine to other hosts, suggesting it's a config or other issue with these specific hosts.

Hi,

I would guess that some of the cached user data is not updated because the domain the user is coming from is offline from some reasons. You can check with 'sssctl domain-status domain.name' the status of the domain ('sssctl domain-list' will show a list of all domains). If the domain is offline maybe restarting SSSD might already help. If not please enable debugging by adding 'debug_level = 9' to the [domain/...] section of sssd.conf, restart SSSD, try to login again and then check the SSSD debug logs or send them here.

bye, Sumit

Has anyone seen anything similar? _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste... Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure