Hi, I've recently upgraded from FreeIPA 1.2 to 2.1. Most things are working OK, but I have a few problems:
1. I'm unable to login to a new client machine via GDM with my existing credentials. i.e. I can login on the command line and my home directory is created correctly, but GDM logins hang, with the fields greyed out until I press escape, when it returns to the login screen. The /var/log/gdm files contain: Window manager warning: Buggy client sent a _NET_ACTIVE_WINDOW message with a timestamp of 0 for 0x1400007 (Login Wind) Window manager warning: meta_window_activate called by a pager with a 0 timestamp; the pager needs to be fixed. Window manager warning: Buggy client sent a _NET_ACTIVE_WINDOW message with a timestamp of 0 for 0x1400007 (Login Wind) Window manager warning: meta_window_activate called by a pager with a 0 timestamp; the pager needs to be fixed. ==> /var/log/gdm/:0-slave.log <== pam: gdm-password[2484]: pam_unix(gdm-password:auth): authentication failure; logname= uid=0 euid=0 tty=:0 ruser= rhost= user=djscott pam: gdm-password[2484]: pam_sss(gdm-password:auth): authentication success; logname= uid=0 euid=0 tty=:0 ruser= rhost= user=djscott ==> /var/log/gdm/:0-greeter.log <== Window manager warning: Buggy client sent a _NET_ACTIVE_WINDOW message with a timestamp of 0 for 0x1400007 (Login Wind) Window manager warning: meta_window_activate called by a pager with a 0 timestamp; the pager needs to be fixed. Window manager warning: Buggy client sent a _NET_ACTIVE_WINDOW message with a timestamp of 0 for 0x1400007 (Login Wind) Window manager warning: meta_window_activate called by a pager with a 0 timestamp; the pager needs to be fixed. Window manager warning: Buggy client sent a _NET_ACTIVE_WINDOW message with a timestamp of 0 for 0x1400007 (Login Wind) Window manager warning: meta_window_activate called by a pager with a 0 timestamp; the pager needs to be fixed. Any idea what's going on here? 2. I'm having trouble migrating the user passwords. The /ipa/migration/ webpage doesn't work: "There was a problem with your request. Please, try again later." The only way I have been able to migrate user passwords is by getting them to ssh into one of the FreeIPA masters. I've read through manpages for sssd, sssd.conf, sssd-ldap, sssd-krb5 and pam_sss, and the FreeIPA and SSSD websites, but I can't find the documentation for getting SSSD to migrate passwords. Can someone point me in the correct direction? 3. The migration appears to have created a group for each user, i.e. there is a group called 'djscott' along with my user, visible via an LDAP browser. Should they exist? Is there an easy way to remove them - they don't show up in the web interface or command line, just the LDAP browser. 4. The old ipausers group had ID 1002, which now does not exist, resulting in an annoying "id: cannot find name for group ID 1002" whenever I ssh to another system. Is there a simple way to change the GID for all users who have the old ID to have the new ID? I've created a temporary ipausers-legacy group with ID 1002 to eliminate the error temporarily. I think that's it for now.... :) Thanks, Dan Scott http://danieljamesscott.org/ _______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
