<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=ISO-8859-15">
</head>
<body text="#000000" bgcolor="#FFFFFF">
Dear List Members,<br>
<br>
I have a FreeIPA-Domain on a CentOS 6.4 machine. It is in a trusted
relationship to an AD-Domain.<br>
The users of the AD-Domain can login via ssh- or console-login. Then
they can start the gnome desktop manually. But if they login via gdm
they logged out immediatly.<br>
<br>
In /var/log/Xorg.0.log I see many entries like<br>
<br>
<font face="Courier New, Courier, monospace">[ 88837.701] AUDIT: Wed
Jun 12 10:56:57 2013: 10913: client 12 connected from local host (
uid=42 gid=42 pid=10962 )<br>
Auth name: MIT-MAGIC-COOKIE-1 ID: 270<br>
[ 88837.731] AUDIT: Wed Jun 12 10:56:57 2013: 10913: client 14
connected from local host ( uid=42 gid=42 pid=10962 )<br>
Auth name: MIT-MAGIC-COOKIE-1 ID: 270<br>
[ 88868.079] AUDIT: Wed Jun 12 10:57:28 2013: 10913: client 14
disconnected<br>
[ 88868.079] AUDIT: Wed Jun 12 10:57:28 2013: 10913: client 12
disconnected<br>
</font><br>
and an entry in /var/log/messages like<br>
<br>
<font face="Courier New, Courier, monospace">Jun 12 11:18:52
ipa_hostname smbd[11154]: Failed to find a Unix account for
AD_NETBIOS$Failed to find a Unix account for AD_NETBIOS$Failed to
find a Unix account for AD_NETBIOS$Failed to find a Unix account
for AD_NETBIOS$Failed to find a Unix account for AD_NETBIOS$Failed
to find a Unix account for AD_NETBIOS$Failed to find a Unix
account for AD_NETBIOS$Failed to find a Unix account for
AD_NETBIOS$Failed to find a Unix account for
AD_NETBIOS$_netr_ServerAuthenticate3: netlogon_creds_server_check
failed. Rejecting auth request from client ADS machine account
AD_DOMAIN.<br>
</font><br>
Where <font face="Courier New, Courier, monospace">AD_DOMAIN </font>and
<font face="Courier New, Courier, monospace">AD_NETBIOS </font>are
replacements according to
<a class="moz-txt-link-freetext" href="http://www.freeipa.org/page/Howto/IPAv3_AD_trust_setup#Assumptions">http://www.freeipa.org/page/Howto/IPAv3_AD_trust_setup#Assumptions</a><br>
<br>
We need some AD user able to login via gdm to the CentOS machine.<br>
Can someone please tell me how to enable graphical/gdm login on the
FreeIPA-Server for AD-Users?<br>
<br>
thank you in advanced<br>
<br>
Leah<br>
<br>
</body>
</html>