On Fri, Apr 05, 2013 at 02:00:58PM +0200, Jan-Frode Myklebust wrote:
> On Fri, Mar 22, 2013 at 06:43:07PM +0100, Jan-Frode Myklebust wrote:
> > 
> > > 
> > > Does the problem go away if you set:
> > > selinux_provider = none
> 
> Sorry, no. Also the "No SELinux user maps found!" didn't go away.
> 
> At "Apr  5 13:46:22" I was denied access again by pam_access, and then
> seconds later I could log in:
> 
>       Apr  5 13:46:22 ipa2 sshd[15417]: pam_access(sshd:account): access 
> denied for user `janfrode' from `login2.example.com'
>       Apr  5 13:46:29 ipa2 sshd[15423]: pam_unix(sshd:session): session 
> opened for user janfrode by (uid=0)
>       Apr  5 13:46:33 ipa2 su: pam_unix(su-l:session): session opened for 
> user root by janfrode(uid=15019)
> 
> debug=6 logs attached. Any other suggestions?

I tried a similar case locally and everything worked for me. In the
domain log I saw:

[sssd[be[idm.lab.bos.redhat.com]]] [be_pam_handler_callback] (0x0400): SELinux 
provider doesn't exist, not sending the request to it

when I set selinux_provider=none.

What exact SSSD version is this?

Can you paste the domain section of the sssd.conf?

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to