Re: [Freeipa-users] login/su problem on ubuntu
Perhaps you need to add a HBAC Service for lightdm. At least, that's what I did. And also to add that service in the HBAC rules for the hosts on which the users may login. On 28-02-17 21:01, Jakub Hrozek wrote: > On Tue, Feb 28, 2017 at 06:13:42PM +0100, Karl Forner wrote: >> I just registered a new computer running ubuntu to our freeIPA system. >> Some users (all I tried except me) are not able to login using lightdm. >> >> The message on screen is "Permission denied". >> On the system the user (joe) is created, its home directory also, but it >> only contains a .kde/ subdir and a .bash_history. >> >> On my session, if I type: >> $sudo su - joe >> I get: >> su: Permission denied >> (Ignored) >> >> >> The only log file that is modified is /var/log/auth.log. >> The relevant lines during the graphical login are: >> >> Feb 28 16:44:29 nyx lightdm: pam_unix(lightdm:auth): authentication >> failure; logname= uid=0 euid=0 tty=:0 ruser= rhost= user=joe >> Feb 28 16:44:41 nyx lightdm: pam_sss(lightdm:auth): authentication success; >> logname= uid=0 euid=0 tty=:0 ruser= rhost= user=joe >> Feb 28 16:44:41 nyx lightdm: pam_kwallet(lightdm:auth): pam_sm_authenticate >> Feb 28 16:44:43 nyx lightdm: pam_sss(lightdm:account): Access denied for >> user joe: 6 (Permission denied) >> Feb 28 16:44:54 nyx lightdm: pam_succeed_if(lightdm:auth): requirement >> "user ingroup nopasswdlogin" not met by user "joe" >> >> The relevant lines during the "sudo su - joe": >> Feb 28 16:48:32 nyx su[26394]: pam_sss(su:account): Access denied for user >> joe: 6 (Permission denied) > You need to enable SSSD debugging: > https://fedorahosted.org/sssd/wiki/Troubleshooting > and check the sssd logs, probably the HBAC access control is kicking you > out. > -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] login/su problem on ubuntu
On Tue, Feb 28, 2017 at 06:13:42PM +0100, Karl Forner wrote: > I just registered a new computer running ubuntu to our freeIPA system. > Some users (all I tried except me) are not able to login using lightdm. > > The message on screen is "Permission denied". > On the system the user (joe) is created, its home directory also, but it > only contains a .kde/ subdir and a .bash_history. > > On my session, if I type: > $sudo su - joe > I get: > su: Permission denied > (Ignored) > > > The only log file that is modified is /var/log/auth.log. > The relevant lines during the graphical login are: > > Feb 28 16:44:29 nyx lightdm: pam_unix(lightdm:auth): authentication > failure; logname= uid=0 euid=0 tty=:0 ruser= rhost= user=joe > Feb 28 16:44:41 nyx lightdm: pam_sss(lightdm:auth): authentication success; > logname= uid=0 euid=0 tty=:0 ruser= rhost= user=joe > Feb 28 16:44:41 nyx lightdm: pam_kwallet(lightdm:auth): pam_sm_authenticate > Feb 28 16:44:43 nyx lightdm: pam_sss(lightdm:account): Access denied for > user joe: 6 (Permission denied) > Feb 28 16:44:54 nyx lightdm: pam_succeed_if(lightdm:auth): requirement > "user ingroup nopasswdlogin" not met by user "joe" > > The relevant lines during the "sudo su - joe": > Feb 28 16:48:32 nyx su[26394]: pam_sss(su:account): Access denied for user > joe: 6 (Permission denied) You need to enable SSSD debugging: https://fedorahosted.org/sssd/wiki/Troubleshooting and check the sssd logs, probably the HBAC access control is kicking you out. -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
[Freeipa-users] login/su problem on ubuntu
I just registered a new computer running ubuntu to our freeIPA system. Some users (all I tried except me) are not able to login using lightdm. The message on screen is "Permission denied". On the system the user (joe) is created, its home directory also, but it only contains a .kde/ subdir and a .bash_history. On my session, if I type: $sudo su - joe I get: su: Permission denied (Ignored) The only log file that is modified is /var/log/auth.log. The relevant lines during the graphical login are: Feb 28 16:44:29 nyx lightdm: pam_unix(lightdm:auth): authentication failure; logname= uid=0 euid=0 tty=:0 ruser= rhost= user=joe Feb 28 16:44:41 nyx lightdm: pam_sss(lightdm:auth): authentication success; logname= uid=0 euid=0 tty=:0 ruser= rhost= user=joe Feb 28 16:44:41 nyx lightdm: pam_kwallet(lightdm:auth): pam_sm_authenticate Feb 28 16:44:43 nyx lightdm: pam_sss(lightdm:account): Access denied for user joe: 6 (Permission denied) Feb 28 16:44:54 nyx lightdm: pam_succeed_if(lightdm:auth): requirement "user ingroup nopasswdlogin" not met by user "joe" The relevant lines during the "sudo su - joe": Feb 28 16:48:32 nyx su[26394]: pam_sss(su:account): Access denied for user joe: 6 (Permission denied) Feb 28 16:48:32 nyx su[26394]: pam_acct_mgmt: Permission denied Feb 28 16:48:32 nyx su[26394]: FAILED su for joe by karl This computer is setup exactly like a dozen of others that work fine. What could be the problem ? Thanks, Karl Forner P.S Description:Ubuntu 14.04.5 LTS 3.16.0-76-generic #98~14.04.1-Ubuntu SM -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
