On Fri, Apr 05, 2013 at 02:00:58PM +0200, Jan-Frode Myklebust wrote:
> On Fri, Mar 22, 2013 at 06:43:07PM +0100, Jan-Frode Myklebust wrote:
> > >
> > > Does the problem go away if you set:
> > > selinux_provider = none
> Sorry, no. Also the "No SELinux user maps found!" didn't go away.
> At "Apr 5 13:46:22" I was denied access again by pam_access, and then
> seconds later I could log in:
> Apr 5 13:46:22 ipa2 sshd: pam_access(sshd:account): access
> denied for user `janfrode' from `login2.example.com'
> Apr 5 13:46:29 ipa2 sshd: pam_unix(sshd:session): session
> opened for user janfrode by (uid=0)
> Apr 5 13:46:33 ipa2 su: pam_unix(su-l:session): session opened for
> user root by janfrode(uid=15019)
> debug=6 logs attached. Any other suggestions?
It's still the same error. I would expect not to see this function:
[sssd[be[example]]] [ipa_get_selinux_send] (0x0400): Retrieving SELinux user
being called at all if selinux_provider is set to none.
I will test this case locally again with the same version as you do. A
definite workaround would be to create the SELinux config object on the
Freeipa-users mailing list