Hello Sumit,
Hello List Members,
Am 13.06.2013 09:18, schrieb Sumit Bose:
On Wed, Jun 12, 2013 at 02:04:33PM +0200, Leah Zimmermann wrote:
Am 12.06.2013 12:03, schrieb Sumit Bose:
On Wed, Jun 12, 2013 at 11:42:23AM +0200, Leah Zimmermann wrote:
Dear List Members,
I have a FreeIPA-Domain on a CentOS 6.4 machine. It is in a trusted
relationship to an AD-Domain.
The users of the AD-Domain can login via ssh- or console-login. Then
they can start the gnome desktop manually. But if they login via gdm
they logged out immediatly.
Which name style are you using 'AD_NETBIOS\username' or
'username@AD_DOMAIN' ? If you only tried one can you try the other?
until now I tried only 'username@AD_DOMAIN', but
'AD_NETBIOS\username' does not work as well.
If this does not help, please send the relevant section of
/var/Log/secure and the sssd logs with a high debug level.
As far as I can see, both styles causing the same results.
Jun 12 13:27:56 ipa_hostname pam: gdm-password:
pam_unix(gdm-password:auth): authentication failure; logname= uid=0
euid=0 tty=:0 ruser= rhost= user=leah@AD_DOMAIN
Jun 12 13:27:57 ipa_hostname pam: gdm-password:
pam_sss(gdm-password:auth): authentication success; logname= uid=0
euid=0 tty=:0 ruser= rhost= user=leah@AD_DOMAIN
Jun 12 13:27:57 ipa_hostname pam: gdm-password:
pam_unix(gdm-password:session): session opened for user
leah@AD_DOMAIN by (uid=0)
Jun 12 13:27:57 ipa_hostname polkitd(authority=local): Unregistered
Authentication Agent for session
/org/freedesktop/ConsoleKit/Session25 (system bus name :1.265,
object path /org/gnome/PolicyKit1/AuthenticationAgent, locale
de_DE.UTF-8) (disconnected from bus)
Jun 12 13:27:58 ipa_hostname pam: gdm-password:
pam_unix(gdm-password:session): session closed for user
leah@AD_DOMAIN
Jun 12 13:27:59 ipa_hostname polkitd(authority=local): Registered
Authentication Agent for session
/org/freedesktop/ConsoleKit/Session27 (system bus name :1.275
[/usr/libexec/polkit-gnome-authentication-agent-1], object path
/org/gnome/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8)
Jun 12 13:32:56 ipa_hostname pam: gdm-password:
pam_unix(gdm-password:auth): authentication failure; logname= uid=0
euid=0 tty=:0 ruser= rhost= user=AD_NETBIOS\leah
Jun 12 13:32:58 ipa_hostname pam: gdm-password:
pam_sss(gdm-password:auth): authentication success; logname= uid=0
euid=0 tty=:0 ruser= rhost= user=AD_NETBIOS\leah
Jun 12 13:32:58 ipa_hostname pam: gdm-password:
pam_unix(gdm-password:session): session opened for user
AD_NETBIOS\leah by (uid=0)
Jun 12 13:32:58 ipa_hostname polkitd(authority=local): Unregistered
Authentication Agent for session
/org/freedesktop/ConsoleKit/Session27 (system bus name :1.275,
object path /org/gnome/PolicyKit1/AuthenticationAgent, locale
de_DE.UTF-8) (disconnected from bus)
Jun 12 13:32:58 ipa_hostname pam: gdm-password:
pam_unix(gdm-password:session): session closed for user
AD_NETBIOS\leah
Jun 12 13:32:59 ipa_hostname polkitd(authority=local): Registered
Authentication Agent for session
/org/freedesktop/ConsoleKit/Session29 (system bus name :1.285
[/usr/libexec/polkit-gnome-authentication-agent-1], object path
/org/gnome/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8)
May be the Unregistered Authentication Agent is the problem. But
what I have missed to do?
Do you have SELinux enabled? Can you check if there any audit messages
with DELinux denials? Can you check if the SELinux context of the users
home directory is right?
SELinux is disabled by setting SELINUX=disabled in /etc/sysconfig/selinux.
I did that already, for eleminating this as the source of difficulties.
I'm sorry. May be, I should have mentioned this earlier.
If I set it to permissive mode I get
drwxr-xr-x. leah@ad_domain leah@ad_domain
unconfined_u:object_r:user_home_t:s0 leah
drwxr-xr-x. user_xy@ad_domain user_xy@ad_domain
unconfined_u:object_r:user_home_t:s0 user_xy
...
All home directories of AD-Users looks like this.
Thanks
Leah
_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
