<html> <head> <meta http-equiv="content-type" content="text/html; charset=ISO-8859-15"> </head> <body text="#000000" bgcolor="#FFFFFF"> Dear List Members, I have a FreeIPA-Domain on a CentOS 6.4 machine. It is in a trusted relationship to an AD-Domain. The users of the AD-Domain can login via ssh- or console-login. Then they can start the gnome desktop manually. But if they login via gdm they logged out immediatly. In /var/log/Xorg.0.log I see many entries like [ 88837.701] AUDIT: Wed Jun 12 10:56:57 2013: 10913: client 12 connected from local host ( uid=42 gid=42 pid=10962 ) Auth name: MIT-MAGIC-COOKIE-1 ID: 270 [ 88837.731] AUDIT: Wed Jun 12 10:56:57 2013: 10913: client 14 connected from local host ( uid=42 gid=42 pid=10962 ) Auth name: MIT-MAGIC-COOKIE-1 ID: 270 [ 88868.079] AUDIT: Wed Jun 12 10:57:28 2013: 10913: client 14 disconnected [ 88868.079] AUDIT: Wed Jun 12 10:57:28 2013: 10913: client 12 disconnected and an entry in /var/log/messages like Jun 12 11:18:52 ipa_hostname smbd[11154]: Failed to find a Unix account for AD_NETBIOS$Failed to find a Unix account for AD_NETBIOS$Failed to find a Unix account for AD_NETBIOS$Failed to find a Unix account for AD_NETBIOS$Failed to find a Unix account for AD_NETBIOS$Failed to find a Unix account for AD_NETBIOS$Failed to find a Unix account for AD_NETBIOS$Failed to find a Unix account for AD_NETBIOS$Failed to find a Unix account for AD_NETBIOS$_netr_ServerAuthenticate3: netlogon_creds_server_check failed. Rejecting auth request from client ADS machine account AD_DOMAIN. Where AD_DOMAIN and AD_NETBIOS are replacements according to <a class="moz-txt-link-freetext" href="http://www.freeipa.org/page/Howto/IPAv3_AD_trust_setup#Assumptions">http://www.freeipa.org/page/Howto/IPAv3_AD_trust_setup#Assumptions</a> We need some AD user able to login via gdm to the CentOS machine. Can someone please tell me how to enable graphical/gdm login on the FreeIPA-Server for AD-Users? thank you in advanced Leah </body> </html>