On Fri, Apr 05, 2013 at 02:00:58PM +0200, Jan-Frode Myklebust wrote:
> On Fri, Mar 22, 2013 at 06:43:07PM +0100, Jan-Frode Myklebust wrote:
> > 
> > > 
> > > Does the problem go away if you set:
> > > selinux_provider = none
> 
> Sorry, no. Also the "No SELinux user maps found!" didn't go away.
> 
> At "Apr  5 13:46:22" I was denied access again by pam_access, and then
> seconds later I could log in:
> 
>       Apr  5 13:46:22 ipa2 sshd[15417]: pam_access(sshd:account): access 
> denied for user `janfrode' from `login2.example.com'
>       Apr  5 13:46:29 ipa2 sshd[15423]: pam_unix(sshd:session): session 
> opened for user janfrode by (uid=0)
>       Apr  5 13:46:33 ipa2 su: pam_unix(su-l:session): session opened for 
> user root by janfrode(uid=15019)
> 
> debug=6 logs attached. Any other suggestions?

It's still the same error. I would expect not to see this function:
[sssd[be[example]]] [ipa_get_selinux_send] (0x0400): Retrieving SELinux user 
mapping
being called at all if selinux_provider is set to none.

I will test this case locally again with the same version as you do. A
definite workaround would be to create the SELinux config object on the
server side.

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to