On Fri, Apr 05, 2013 at 02:00:58PM +0200, Jan-Frode Myklebust wrote:
> On Fri, Mar 22, 2013 at 06:43:07PM +0100, Jan-Frode Myklebust wrote:
> > >
> > > Does the problem go away if you set:
> > > selinux_provider = none
> Sorry, no. Also the "No SELinux user maps found!" didn't go away.
> At "Apr 5 13:46:22" I was denied access again by pam_access, and then
> seconds later I could log in:
> Apr 5 13:46:22 ipa2 sshd: pam_access(sshd:account): access
> denied for user `janfrode' from `login2.example.com'
> Apr 5 13:46:29 ipa2 sshd: pam_unix(sshd:session): session
> opened for user janfrode by (uid=0)
> Apr 5 13:46:33 ipa2 su: pam_unix(su-l:session): session opened for
> user root by janfrode(uid=15019)
> debug=6 logs attached. Any other suggestions?
I tried a similar case locally and everything worked for me. In the
domain log I saw:
[sssd[be[idm.lab.bos.redhat.com]]] [be_pam_handler_callback] (0x0400): SELinux
provider doesn't exist, not sending the request to it
when I set selinux_provider=none.
What exact SSSD version is this?
Can you paste the domain section of the sssd.conf?
Freeipa-users mailing list