> On Wed, 2 Oct 2013 14:32:00 +0300 (EEST) > "Jukka Tuominen" <[email protected]> wrote: > >> gdm-simple-slave[749]: WARNING: Failed to add user authorization: could >> not find user "username" on system >> ** >> ERROR:gdm-simple-slave.c:397:start_session_timeout: assertion failed: >> (auth_file != NULL) >> >> The working client machine is much faster than the others, so it can >> be a timeout issue, but then again, I never had that issue in the >> old-domain setup. The rejection happens in just about 1-2 seconds. >> >> Any ideas what could be the cause and how to fix it? > > Where is your passwd information? That is, your database of usernames > and uids and such. It just looks like one machine can resolve 'username' > to a uid, but on the other machine it cannot.
If I log in as a local unix user, then both machines can find the same information on command line. So far, all the services are on a single virtual machine to ease the development work. It now consists of a kerberos server, all openafs servers, and a libnss-afs package to pass on (afs?) metadata (+ other irrelevant services). None of the user information resides on the client side. In fact, the client machine is a read-only system, with a live-cd-type-of temporary ram-disk, and only the afs-homedirs are persistent over booting. Only the afs-cache partition survives boots to speed-up WAN connections. The two different client instances are identical (VM snapshots), and I also tried a USB memory stick boot that doesn't work anymore either. The working client runs under the same VM host as the server, so the connection is LAN. The clients that don't work are on another VM host, and neither LAN nor WAN connection work. nsswitch.conf BTW passwd: afs files group: afs files afspag shadow: files ... > > This doesn't seem to have much to do with openafs anymore. The reason why I ask this here was because when I had a faulty host-princ generated and added to the client's keytab, an authorization error was raised, similarly. So, I'm unsure whether the gdm is the source of the problem or the symptom of the authorization error elsewhere. AFAIU, afs is responsible of the authorization, am I wrong?. But if you feel this is out of the scope of this mailing list, I will seek the solution elsewhere. br, jukka > > -- > Andrew Deason > [email protected] > > _______________________________________________ > OpenAFS-info mailing list > [email protected] > https://lists.openafs.org/mailman/listinfo/openafs-info > _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
