Am 2017-11-21 11:26, schrieb Jakub Hrozek via FreeIPA-users:
On Tue, Nov 21, 2017 at 08:36:16AM +0100, Ray via FreeIPA-users wrote:
Hi,

yesterday I noticed a strange issue on a Centos 7 client running
ipa-client-4.5.0-21.el7.centos.2.2.x86_64:

My daughter tried to log in to the machine and was kicked out again after GNOME failed to load (/home on kerberized NFS4). Closer inspection showed that she had no permission to access her home directory, so GNOME was unable
to read its settings.

This worked before.

I asked her to log into a text console. She got / as her home directory, as
again, she was unable to access her actual home directory.

I checked with klist that she got a ticket. All seemed fine there (TGT
present).

Tried 'cd' again: Permission denied.

Then I asked her to kinit once more. She hacken in her password again and
got a new ticket.

Tried 'cd' again, et voila!: It cding to her NFS4 home directory worked
immediately.


Questions:
- What could be the reason for this behaviour? The box was freshly booted
and I don't see what might have been wrong with the first ticket.
- Where should I look (which logs, etc.) to investigate this further?

Does the faulty user account come from the IPA domain or a trusted AD domain?

I'm running FreeIPA 4.5 with four repicas on CentOS 7. No AD around anywhere.

Server version: ipa-server-4.5.0-21.el7.centos.2.2.x86_64

Another weird thing is that I was able to log in without issues on the same client when my daughter couldn't. My account comes from the same group of FreeIPA Servers/replicas.

Best,
Ray
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to