[Freeipa-users] new freeipa user
Rob Crittenden
rcritten at redhat.com
Thu Feb 26 18:14:15 UTC 2009
Natxo Asenjo wrote:
> On Thu, Feb 26, 2009 at 4:20 AM, Rob Crittenden <rcritten at redhat.com> wrote:
>> Natxo Asenjo wrote:
>
>>> I have so far only run into a problem and that is the auto creation of
>>> home dirs on the firs login. I used the authenthication configuration
>>> gui from fedora10 on the ipaclient and checked the option to
>>> auto-create homedirs but that doesn't work. There is a selinux error:
>>>
>>> Feb 25 23:28:47 ipaclient01 setroubleshoot: SELinux is preventing sshd
>>> (sshd_t) "write" to ./home (home_root_t). For complete SELinux
>>> messages. run sealert -l 2f194ec1-0764-48b0-b66c-d84734105283
>>> apparently the pam_mkhomedir.so is not allowed to work with selinux.
>>> Any workarounds?
>> It would be helpful to see the sealert output for this error. We may be able
>> to include a generic fix in IPA, or pass this by the SELinux guys to see
>> what they think.
>
> ok, the output of sealert -l 2f194ec1-0764-48b0-b66c-d84734105283
>
> Summary:
>
> SELinux is preventing sshd (sshd_t) "write" to ./home (home_root_t).
I'll check with some SELinux folks to see what they think. Thanks for
the detailed report.
rob
More information about the Freeipa-users
mailing list