On Fri, Apr 05, 2013 at 02:00:58PM +0200, Jan-Frode Myklebust wrote: > On Fri, Mar 22, 2013 at 06:43:07PM +0100, Jan-Frode Myklebust wrote: > > > > > > > > Does the problem go away if you set: > > > selinux_provider = none > > Sorry, no. Also the "No SELinux user maps found!" didn't go away. > > At "Apr 5 13:46:22" I was denied access again by pam_access, and then > seconds later I could log in: > > Apr 5 13:46:22 ipa2 sshd: pam_access(sshd:account): access > denied for user `janfrode' from `login2.example.com' > Apr 5 13:46:29 ipa2 sshd: pam_unix(sshd:session): session > opened for user janfrode by (uid=0) > Apr 5 13:46:33 ipa2 su: pam_unix(su-l:session): session opened for > user root by janfrode(uid=15019) > > debug=6 logs attached. Any other suggestions?
It's still the same error. I would expect not to see this function: [sssd[be[example]]] [ipa_get_selinux_send] (0x0400): Retrieving SELinux user mapping being called at all if selinux_provider is set to none. I will test this case locally again with the same version as you do. A definite workaround would be to create the SELinux config object on the server side. _______________________________________________ Freeipa-users mailing list Freeipaemail@example.com https://www.redhat.com/mailman/listinfo/freeipa-users