On Wed, May 31, 2017 at 08:56:44PM -0000, paul--- via FreeIPA-users wrote:
> Hi Jakub,
> Thanks for clearing this out and pointing out ypbind is the wrong direction.
> What do you mean with 'the workaround'? Do mean use of 'authconfig 
> --enablenis --update'?
> The combination of Centos 7.3 with ipa-client 4.4 and that workaround results 
> in a hanging boot with the following errors and no login:
> Failed to start RealtimeKit for Policy Services 
> Failed to start Authorization Manager 
> Dependency failed for Dynamic System tuning deamon
> Failed to start Login Service
> Failed to start GNOME display Manager
> Starting terminate Plymouth boot screen
> 
> SSH works (but very slow login after 20 minutes) with the following content 
> of /var/log/secure:
> May 31 22:25:26 ad02 userhelper[15096]: 
> pam_succeed_if(ovirt-container-list:auth): requirement "user = ovirtagent" 
> was met by user "ovirtagent"
> May 31 22:25:26 ad02 userhelper[15096]: running 
> '/usr/share/ovirt-guest-agent/container-list' with root privileges on behalf 
> of 'ovirtagent'
> May 31 22:30:54 ad02 userhelper[688]: 
> pam_succeed_if(ovirt-container-list:auth): requirement "user = ovirtagent" 
> was met by user "ovirtagent"
> May 31 22:31:54 ad02 userhelper[688]: running 
> '/usr/share/ovirt-guest-agent/container-list' with root privileges on behalf 
> of 'ovirtagent'
> May 31 22:34:03 ad02 userhelper[695]: 
> pam_succeed_if(ovirt-container-list:auth): requirement "user = ovirtagent" 
> was met by user "ovirtagent"
> May 31 22:35:04 ad02 userhelper[695]: running 
> '/usr/share/ovirt-guest-agent/container-list' with root privileges on behalf 
> of 'ovirtagent'
> May 31 22:35:54 ad02 userhelper[707]: 
> pam_succeed_if(ovirt-container-list:auth): requirement "user = ovirtagent" 
> was met by user "ovirtagent"
> May 31 22:36:54 ad02 userhelper[707]: running 
> '/usr/share/ovirt-guest-agent/container-list' with root privileges on behalf 
> of 'ovirtagent'
> May 31 22:37:04 ad02 userhelper[708]: pam_succeed_if(diskmapper:auth): 
> requirement "user = ovirtagent" was met by user "ovirtagent"
> May 31 22:38:04 ad02 userhelper[708]: running 
> '/usr/share/ovirt-guest-agent/diskmapper.script' with root privileges on 
> behalf of 'ovirtagent'
> May 31 22:42:03 ad02 userhelper[722]: pam_succeed_if(ovirt-locksession:auth): 
> requirement "user = ovirtagent" was met by user "ovirtagent"
> May 31 22:42:54 ad02 userhelper[730]: 
> pam_succeed_if(ovirt-container-list:auth): requirement "user = ovirtagent" 
> was met by user "ovirtagent"
> May 31 22:43:03 ad02 userhelper[722]: running 
> '/usr/share/ovirt-guest-agent/LockActiveSession.py' with root privileges on 
> behalf of 'ovirtagent'
> May 31 22:43:51 ad02 userhelper[730]: running 
> '/usr/share/ovirt-guest-agent/container-list' with root privileges on behalf 
> of 'ovirtagent'
> May 31 22:44:51 ad02 userhelper[841]: pam_succeed_if(diskmapper:auth): 
> requirement "user = ovirtagent" was met by user "ovirtagent"
> May 31 22:44:51 ad02 userhelper[841]: running 
> '/usr/share/ovirt-guest-agent/diskmapper.script' with root privileges on 
> behalf of 'ovirtagent'
> May 31 22:45:51 ad02 userhelper[905]: 
> pam_succeed_if(ovirt-container-list:auth): requirement "user = ovirtagent" 
> was met by user "ovirtagent"
> May 31 22:45:51 ad02 userhelper[905]: running 
> '/usr/share/ovirt-guest-agent/container-list' with root privileges on behalf 
> of 'ovirtagent'
> May 31 22:47:51 ad02 userhelper[1138]: 
> pam_succeed_if(ovirt-container-list:auth): requirement "user = ovirtagent" 
> was met by user "ovirtagent"
> May 31 22:47:51 ad02 userhelper[1138]: running 
> '/usr/share/ovirt-guest-agent/container-list' with root privileges on behalf 
> of 'ovirtagent'
> May 31 22:48:22 ad02 sshd[1148]: Server listening on 0.0.0.0 port 22.
> May 31 22:48:22 ad02 sshd[1148]: Server listening on :: port 22.
> May 31 22:49:52 ad02 userhelper[2369]: 
> pam_succeed_if(ovirt-container-list:auth): requirement "user = ovirtagent" 
> was met by user "ovirtagent"
> May 31 22:49:52 ad02 userhelper[2369]: running 
> '/usr/share/ovirt-guest-agent/container-list' with root privileges on behalf 
> of 'ovirtagent'
> May 31 22:49:52 ad02 userhelper[2370]: pam_succeed_if(diskmapper:auth): 
> requirement "user = ovirtagent" was met by user "ovirtagent"
> May 31 22:49:52 ad02 userhelper[2370]: running 
> '/usr/share/ovirt-guest-agent/diskmapper.script' with root privileges on 
> behalf of 'ovirtagent'
> May 31 22:50:42 ad02 sshd[2392]: Accepted keyboard-interactive/pam for root 
> from 10.0.2.65 port 34866 ssh2
> May 31 22:51:08 ad02 sshd[2392]: pam_systemd(sshd:session): Failed to create 
> session: Activation of org.freedesktop.login1 timed out
> May 31 22:51:08 ad02 sshd[2392]: pam_unix(sshd:session): session opened for 
> user root by (uid=0)

I admit I'm getting a bit out of my depth, because I've actually never
tried this myself, only debugged on IRC with the engineer who hit the
issue first with RHEV-M. But these messages make it look like dbus or
logind failed to start for some reason. I wouldn't expect the
--enablenis --update to make a difference there -- does it also change
nsswitch.conf in any way? Are there any interesting logs in
/var/log/messages?
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to