Re: [Freeipa-users] Trusted AD Users login via gdm

Wed, 12 Jun 2013 03:06:26 -0700 

On Wed, Jun 12, 2013 at 11:42:23AM +0200, Leah Zimmermann wrote:
> Dear List Members,
> 
> I have a FreeIPA-Domain on a CentOS 6.4 machine. It is in a trusted
> relationship to an AD-Domain.
> The users of the AD-Domain can login via ssh- or console-login. Then
> they can start the gnome desktop manually. But if they login via gdm
> they logged out immediatly.

Which name style are you using 'AD_NETBIOS\username' or
'username@AD_DOMAIN' ? If you only tried one can you try the other?

If this does not help, please send the relevant section of
/var/Log/secure and the sssd logs with a high debug level.

bye,
Sumit

> 
> In /var/log/Xorg.0.log I see many entries like
> 
> [ 88837.701] AUDIT: Wed Jun 12 10:56:57 2013: 10913: client 12
> connected from local host ( uid=42 gid=42 pid=10962 )
>   Auth name: MIT-MAGIC-COOKIE-1 ID: 270
> [ 88837.731] AUDIT: Wed Jun 12 10:56:57 2013: 10913: client 14
> connected from local host ( uid=42 gid=42 pid=10962 )
>   Auth name: MIT-MAGIC-COOKIE-1 ID: 270
> [ 88868.079] AUDIT: Wed Jun 12 10:57:28 2013: 10913: client 14 disconnected
> [ 88868.079] AUDIT: Wed Jun 12 10:57:28 2013: 10913: client 12 disconnected
> 
> and an entry in /var/log/messages like
> 
> Jun 12 11:18:52 ipa_hostname smbd[11154]:   Failed to find a Unix
> account for AD_NETBIOS$Failed to find a Unix account for
> AD_NETBIOS$Failed to find a Unix account for AD_NETBIOS$Failed to
> find a Unix account for AD_NETBIOS$Failed to find a Unix account for
> AD_NETBIOS$Failed to find a Unix account for AD_NETBIOS$Failed to
> find a Unix account for AD_NETBIOS$Failed to find a Unix account for
> AD_NETBIOS$Failed to find a Unix account for
> AD_NETBIOS$_netr_ServerAuthenticate3: netlogon_creds_server_check
> failed. Rejecting auth request from client ADS machine account
> AD_DOMAIN.
> 
> Where AD_DOMAIN and AD_NETBIOS are replacements according to
> http://www.freeipa.org/page/Howto/IPAv3_AD_trust_setup#Assumptions
> 
> We need some AD user able to login via gdm to the CentOS machine.
> Can someone please tell me how to enable graphical/gdm login on the
> FreeIPA-Server for AD-Users?
> 
> thank you in advanced
> 
> Leah
> 

> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users@redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to