On Tue, Sep 20, 2016 at 03:37:27PM -0000, niger niger wrote:
> I seting up fedora (24), using wiki.
> https://fedorahosted.org/sssd/wiki/DesignDocs/SmartcardAuthenticationTestingWithAD
> Every thing going ok, and i can use login and password. But if i'll try to 
> use smart card, nothing hapent in gdm logon screen.

So far I basically tested gdm on CentOS/RHEL which iirc have some
different defaults then Fedora with respect to gdm and Smartcards.

To make sure Smartcard authentication works in general I would like to
ask you to check if the login on the text console will ask you for the
Smartcard PIN or if 'su - aduser@ad.domain' will ask for the PIN (please
do not run the su command as root because this will skip all
authentication).

If there is no PIN prompt please add debug_level=10 to the [pam] section
in sssd.conf, restart SSSD, re-run the su or text console test and send
me the sssd_pam.log and p11_child.log files. Please see
https://fedorahosted.org/sssd/wiki/Troubleshooting for details.

HTH

bye,
Sumit

> 
> pkcs11-tool --module my_pkcs11_module.so --slot 0 --list-objects -l  
> ask my pin, and after show my certs and keys
> 
> /usr/libexec/sssd/p11_child --pre -d 10 --debug-fd=2 --nssdb=/etc/pki/nssdb
> return public key of my cert.
> 
> /etc/pam.d/smartcard-auth-ac
> auth   sufficient   pam_sss allow_missing_name
> 
> in log, cant see any intresting about inserting my token.
> _______________________________________________
> sssd-users mailing list -- sssd-users@lists.fedorahosted.org
> To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org
_______________________________________________
sssd-users mailing list -- sssd-users@lists.fedorahosted.org
To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org

Reply via email to