Am Tue, Aug 10, 2021 at 10:28:09AM +0000 schrieb Christopher Lamb: > Hi Sumit > > Thanks, that was it! The freeipa user(s) did not have home directories. > > I have now manually created the directory /home/lamb, changed the ownership to > lamb with chown, and now I can login with the freeipa-user. > > Did I miss an obvious error message in the logs?
Hi, the SSSD logs were all fine, I would suggest to check the general system logs and look for error from gdm or other Gnome components. Btw, while it might be ok on freeipa servers to create home directories manually since typically not all users should access the server, on clients this might be cumbersome. There is the '--mkhomedir' option for ipa-client-install to tell the system to create the home directories automatically during the first login. HTH bye, Sumit > > Cheers > > > ----- Original message ----- > From: "Sumit Bose via FreeIPA-users" > <[email protected]> > To: [email protected] > Cc: "Sumit Bose" <[email protected]> > Subject: [EXTERNAL] [Freeipa-users] Re: Cannot log in to Federoa Desktop > GUI with FreeIPA user. > Date: Tue, Aug 10, 2021 12:05 PM > > Am Tue, Aug 10, 2021 at 08:47:55AM +0000 schrieb Christopher Lamb via > FreeIPA-users: > > Hi > > > > I am attempting to set up a Single Sign On (SSO) development environment > in a > > Fedora 34 Virtual Machine on my laptop. > > > > I have successfully installed and configured freeipa-server, and can > create > > freeipa users both on the CLI, and via the Web UI. —> OK. > > > > I can both “kinit” and “su” to the freeipa users —> OK. This implies > that > that > > the users can be successfully authenticated, password is correct etc. > > > > However I cannot log in to the Fedora Desktop (Gnome) of the VM running > > freeipa-server with the freeipa users. —> NOT OK. > > > > I do get the “last log in" + date message displayed, then it returns to > the > > login dialog without displaying any error message. > > > > The “last log in” message suggests that authentication was successful, > but > > something after that has a worm in it. > > Hi, > > are you using pam_oddjob_mkhomedir.so or have you checked if there is a > home directory for the user? > > HTH > > bye, > Sumit > > > > > My setup is: > > VM Fedora Linux 34, freeipa-server 4.9.6, sssd 2.5.2 > > VM Host: macOS Big Sur 11.4 Parallels Desktop Pro Version 16.5.1 (49187) > > > > > > I found this issue https://bugzilla.redhat.com/show_bug.cgi?id=1837749 > where > > the user also cannot login, but for Active Directory users. My users are > plain > > vanilla freeipa. > > > > I have attached an extract from the sssd_acme.org.log at the time of > login > > attempt (09:40:10) The user is "lamb". > > > > Any ideas? > > > > Chris > > > > > > > > _______________________________________________ > > FreeIPA-users mailing list -- [email protected] > > To unsubscribe send an email to > [email protected] > > Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/ > code-of-conduct/ > > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > > List Archives: https://lists.fedorahosted.org/archives/list/ > [email protected] > > Do not reply to spam on the list, report it: https://pagure.io/ > fedora-infrastructure > _______________________________________________ > FreeIPA-users mailing list -- [email protected] > To unsubscribe send an email to [email protected] > Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/ > code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: https://lists.fedorahosted.org/archives/list/ > [email protected] > Do not reply to spam on the list, report it: https://pagure.io/ > fedora-infrastructure > > > > _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
