Re: [Freeipa-users] freeipa and gdm
Yes! reboot works. Thanks a lot. George > > From: Simo Sorce >To: george he >Cc: Stephen Gallagher ; "freeipa-users@redhat.com" > >Sent: Monday, June 25, 2012 2:39 PM >Subject: Re: [Freeipa-users] freeipa and gdm > >On Mon, 2012-06-25 at 10:41 -0700, george he wrote: >> Hi Stephen, >> >> >> I already have a home directory which was created the first time I ssh >> in. >> Now when I click on "sign in", nothing happens... >> > >I've encountered this recently as well, apparently GDM uses some service >that misbehaves when nsswitch.conf is changed. >It used to be simple to fix that by forcing a restart of GDM (I used to >ctrl+alt+backspace once after install of sssd/ipa), but on my recent F17 >it didn't work. >I suspect soem stuff has been moved to a helper that is not restarted >when gdm restart. >A reboot fixed it for me. > >Simo. > > >-- >Simo Sorce * Red Hat, Inc * New York > > > >___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] freeipa and gdm
On Mon, 2012-06-25 at 10:41 -0700, george he wrote: > Hi Stephen, > > > I already have a home directory which was created the first time I ssh > in. > Now when I click on "sign in", nothing happens... > I've encountered this recently as well, apparently GDM uses some service that misbehaves when nsswitch.conf is changed. It used to be simple to fix that by forcing a restart of GDM (I used to ctrl+alt+backspace once after install of sssd/ipa), but on my recent F17 it didn't work. I suspect soem stuff has been moved to a helper that is not restarted when gdm restart. A reboot fixed it for me. Simo. -- Simo Sorce * Red Hat, Inc * New York ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] freeipa and gdm
On Mon, 2012-06-25 at 11:09 -0700, george he wrote: > Hi Stephen, > > > Here are the lines from /var/log/messages. it seems there's some info, > but I don't understand it... ... > Jun 25 14:03:53 mz dbus-daemon[775]: dbus[775]: [system] Rejected send > message, 2 matched rules; type="method_return", sender=":1.0" (uid=0 > pid=728 comm="/usr/lib/systemd/systemd-logind ") interface="(unset)" > member="(unset)" error name="(unset)" requested_reply="0" > destination=":1.21" (uid=42 pid=1183 comm="/usr/bin/gnome-session -f > ") > Jun 25 14:03:53 mz dbus[775]: [system] Rejected send message, 2 > matched rules; type="method_return", sender=":1.0" (uid=0 pid=728 > comm="/usr/lib/systemd/systemd-logind ") interface="(unset)" > member="(unset)" error name="(unset)" requested_reply="0" > destination=":1.21" (uid=42 pid=1183 comm="/usr/bin/gnome-session -f > ") This is probably the cause of the issue, but I don't know why it's happening. Someone who understands GDM and systemd better than I do would have to step in here. signature.asc Description: This is a digitally signed message part ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] freeipa and gdm
Hi Stephen, Here are the lines from /var/log/messages. it seems there's some info, but I don't understand it... Jun 25 13:53:37 mz dbus-daemon[775]: dbus[775]: [system] Activating service name='net.reactivated.Fprint' (using servicehelper) Jun 25 13:53:37 mz dbus[775]: [system] Activating service name='net.reactivated.Fprint' (using servicehelper) Jun 25 13:53:37 mz dbus-daemon[775]: Launching FprintObject Jun 25 13:53:37 mz dbus-daemon[775]: dbus[775]: [system] Successfully activated service 'net.reactivated.Fprint' Jun 25 13:53:37 mz dbus[775]: [system] Successfully activated service 'net.reactivated.Fprint' Jun 25 13:53:37 mz dbus-daemon[775]: ** Message: D-Bus service launched with name: net.reactivated.Fprint Jun 25 13:53:37 mz dbus-daemon[775]: ** Message: entering main loop Jun 25 13:54:08 mz dbus-daemon[775]: ** Message: No devices in use, exit Jun 25 14:03:53 mz dbus-daemon[775]: dbus[775]: [system] Rejected send message, 2 matched rules; type="method_return", sender=":1.0" (uid=0 pid=728 comm="/usr/lib/systemd/systemd-logind ") interface="(unset)" member="(unset)" error name="(unset)" requested_reply="0" destination=":1.21" (uid=42 pid=1183 comm="/usr/bin/gnome-session -f ") Jun 25 14:03:53 mz dbus[775]: [system] Rejected send message, 2 matched rules; type="method_return", sender=":1.0" (uid=0 pid=728 comm="/usr/lib/systemd/systemd-logind ") interface="(unset)" member="(unset)" error name="(unset)" requested_reply="0" destination=":1.21" (uid=42 pid=1183 comm="/usr/bin/gnome-session -f ") Your help is appreciated. George > > From: Stephen Gallagher >To: george he >Cc: "freeipa-users@redhat.com" >Sent: Monday, June 25, 2012 1:58 PM >Subject: Re: [Freeipa-users] freeipa and gdm > >On Mon, 2012-06-25 at 10:55 -0700, george he wrote: >> Hi Stephen, >> selinux was set to permissive before I installed the client. ( I >> modified the file /etc/sysconfig/selinex) > > >Modifying that file without a reboot does not change the current state. >That only tells the kernel whether to boot with SELinux enabled. > >I suggest looking at /var/log/messages for other possible failures as >well. From /var/log/secure, SSSD is authenticating successfully, so the >failure is happening in GDM somewhere. > > > >___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] freeipa and gdm
On Mon, 2012-06-25 at 10:55 -0700, george he wrote: > Hi Stephen, > selinux was set to permissive before I installed the client. ( I > modified the file /etc/sysconfig/selinex) Modifying that file without a reboot does not change the current state. That only tells the kernel whether to boot with SELinux enabled. I suggest looking at /var/log/messages for other possible failures as well. From /var/log/secure, SSSD is authenticating successfully, so the failure is happening in GDM somewhere. signature.asc Description: This is a digitally signed message part ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] freeipa and gdm
Hi Stephen, selinux was set to permissive before I installed the client. ( I modified the file /etc/sysconfig/selinex) So It cannot be the reason. Thanks, George > > From: Stephen Gallagher >To: george he >Cc: "freeipa-users@redhat.com" >Sent: Monday, June 25, 2012 1:42 PM >Subject: Re: [Freeipa-users] freeipa and gdm > >On Mon, 2012-06-25 at 10:41 -0700, george he wrote: >> Hi Stephen, >> >> >> I already have a home directory which was created the first time I ssh >> in. >> Now when I click on "sign in", nothing happens... >> > >Just to experiment, try 'setenforce 0' as root and then try to log in. >SELinux could be denying you. > > > >___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] freeipa and gdm
On Mon, 2012-06-25 at 10:41 -0700, george he wrote: > Hi Stephen, > > > I already have a home directory which was created the first time I ssh > in. > Now when I click on "sign in", nothing happens... > Just to experiment, try 'setenforce 0' as root and then try to log in. SELinux could be denying you. signature.asc Description: This is a digitally signed message part ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] freeipa and gdm
Hi Stephen, I already have a home directory which was created the first time I ssh in. Now when I click on "sign in", nothing happens... Thanks, George > > From: Stephen Gallagher >To: george he >Cc: "freeipa-users@redhat.com" >Sent: Monday, June 25, 2012 1:30 PM >Subject: Re: [Freeipa-users] freeipa and gdm > >On Mon, 2012-06-25 at 10:25 -0700, george he wrote: >> Hello Stephen, >> >> >> this is what in the log file: >> >> Jun 25 13:22:10 mz gdm-password][21545]: pam_unix(gdm-password:auth): >> authentication failure; logname=(unknown) uid=0 euid=0 tty=:0 ruser= >> rhost= user=jhe >> Jun 25 13:22:11 mz gdm-password][21545]: pam_sss(gdm-password:auth): >> authentication success; logname=(unknown) uid=0 euid=0 tty=:0 ruser= >> rhost= user=jhe > > >According to that, SSSD successfully authenticated the user, but you >still didn't get logged in? I'll bet that means you don't have your >system set up to create home directories on first login automatically. > >If you run ipa-client-install with the --mkhomedir option when >configuring the client, it will set this up for you. If you want to >change it after the fact, do this: > >authconfig --update --enable-mkhomedir > >That should do the trick. > > > >___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] freeipa and gdm
On Mon, 2012-06-25 at 10:25 -0700, george he wrote: > Hello Stephen, > > > this is what in the log file: > > Jun 25 13:22:10 mz gdm-password][21545]: pam_unix(gdm-password:auth): > authentication failure; logname=(unknown) uid=0 euid=0 tty=:0 ruser= > rhost= user=jhe > Jun 25 13:22:11 mz gdm-password][21545]: pam_sss(gdm-password:auth): > authentication success; logname=(unknown) uid=0 euid=0 tty=:0 ruser= > rhost= user=jhe According to that, SSSD successfully authenticated the user, but you still didn't get logged in? I'll bet that means you don't have your system set up to create home directories on first login automatically. If you run ipa-client-install with the --mkhomedir option when configuring the client, it will set this up for you. If you want to change it after the fact, do this: authconfig --update --enable-mkhomedir That should do the trick. signature.asc Description: This is a digitally signed message part ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] freeipa and gdm
Hello Stephen, this is what in the log file: Jun 25 13:22:10 mz gdm-password][21545]: pam_unix(gdm-password:auth): authentication failure; logname=(unknown) uid=0 euid=0 tty=:0 ruser= rhost= user=jhe Jun 25 13:22:11 mz gdm-password][21545]: pam_sss(gdm-password:auth): authentication success; logname=(unknown) uid=0 euid=0 tty=:0 ruser= rhost= user=jhe and this is the sssd version: sssd-1.8.4-13.fc17.x86_64 Thanks, George > > From: Stephen Gallagher >To: george he >Cc: "freeipa-users@redhat.com" >Sent: Monday, June 25, 2012 1:07 PM >Subject: Re: [Freeipa-users] freeipa and gdm > >On Mon, 2012-06-25 at 09:52 -0700, george he wrote: >> Hello, >> I have a server and a few client set up. I can ssh to the server or >> clients. But there's no entry on the console gdm for ipa user, and I >> cannot login by choosing "others" either. >> What do I need to set up for gdm log on? I searched the docs but >> didn't find any... > > >Entries do not appear on the GDM login until you have logged in at least >once by choosing "others". I'm concerned that this is not working, >however. > >Can you do >'tail -n0 -f /var/log/secure' in a root shell while attempting to log in >through GDM and then show us what it says? > >Also, please tell us what version of SSSD is installed on your system >(you can find out with 'rpm -q sssd') > > > >___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] freeipa and gdm
On Mon, 2012-06-25 at 09:52 -0700, george he wrote: > Hello, > I have a server and a few client set up. I can ssh to the server or > clients. But there's no entry on the console gdm for ipa user, and I > cannot login by choosing "others" either. > What do I need to set up for gdm log on? I searched the docs but > didn't find any... Entries do not appear on the GDM login until you have logged in at least once by choosing "others". I'm concerned that this is not working, however. Can you do 'tail -n0 -f /var/log/secure' in a root shell while attempting to log in through GDM and then show us what it says? Also, please tell us what version of SSSD is installed on your system (you can find out with 'rpm -q sssd') signature.asc Description: This is a digitally signed message part ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
[Freeipa-users] freeipa and gdm
Hello, I have a server and a few client set up. I can ssh to the server or clients. But there's no entry on the console gdm for ipa user, and I cannot login by choosing "others" either. What do I need to set up for gdm log on? I searched the docs but didn't find any... Thanks, George ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users