On Wed, Jun 12, 2013 at 11:42:23AM +0200, Leah Zimmermann wrote: > Dear List Members, > > I have a FreeIPA-Domain on a CentOS 6.4 machine. It is in a trusted > relationship to an AD-Domain. > The users of the AD-Domain can login via ssh- or console-login. Then > they can start the gnome desktop manually. But if they login via gdm > they logged out immediatly.
Which name style are you using 'AD_NETBIOS\username' or 'username@AD_DOMAIN' ? If you only tried one can you try the other? If this does not help, please send the relevant section of /var/Log/secure and the sssd logs with a high debug level. bye, Sumit > > In /var/log/Xorg.0.log I see many entries like > > [ 88837.701] AUDIT: Wed Jun 12 10:56:57 2013: 10913: client 12 > connected from local host ( uid=42 gid=42 pid=10962 ) > Auth name: MIT-MAGIC-COOKIE-1 ID: 270 > [ 88837.731] AUDIT: Wed Jun 12 10:56:57 2013: 10913: client 14 > connected from local host ( uid=42 gid=42 pid=10962 ) > Auth name: MIT-MAGIC-COOKIE-1 ID: 270 > [ 88868.079] AUDIT: Wed Jun 12 10:57:28 2013: 10913: client 14 disconnected > [ 88868.079] AUDIT: Wed Jun 12 10:57:28 2013: 10913: client 12 disconnected > > and an entry in /var/log/messages like > > Jun 12 11:18:52 ipa_hostname smbd[11154]: Failed to find a Unix > account for AD_NETBIOS$Failed to find a Unix account for > AD_NETBIOS$Failed to find a Unix account for AD_NETBIOS$Failed to > find a Unix account for AD_NETBIOS$Failed to find a Unix account for > AD_NETBIOS$Failed to find a Unix account for AD_NETBIOS$Failed to > find a Unix account for AD_NETBIOS$Failed to find a Unix account for > AD_NETBIOS$Failed to find a Unix account for > AD_NETBIOS$_netr_ServerAuthenticate3: netlogon_creds_server_check > failed. Rejecting auth request from client ADS machine account > AD_DOMAIN. > > Where AD_DOMAIN and AD_NETBIOS are replacements according to > http://www.freeipa.org/page/Howto/IPAv3_AD_trust_setup#Assumptions > > We need some AD user able to login via gdm to the CentOS machine. > Can someone please tell me how to enable graphical/gdm login on the > FreeIPA-Server for AD-Users? > > thank you in advanced > > Leah > > _______________________________________________ > Freeipa-users mailing list > Freeipa-users@redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-users _______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users