[Freeipa-users] Trusted AD Users login via gdm
Sumit Bose
sbose at redhat.com
Wed Jun 12 10:03:29 UTC 2013
On Wed, Jun 12, 2013 at 11:42:23AM +0200, Leah Zimmermann wrote:
> Dear List Members,
>
> I have a FreeIPA-Domain on a CentOS 6.4 machine. It is in a trusted
> relationship to an AD-Domain.
> The users of the AD-Domain can login via ssh- or console-login. Then
> they can start the gnome desktop manually. But if they login via gdm
> they logged out immediatly.
Which name style are you using 'AD_NETBIOS\username' or
'username at AD_DOMAIN' ? If you only tried one can you try the other?
If this does not help, please send the relevant section of
/var/Log/secure and the sssd logs with a high debug level.
bye,
Sumit
>
> In /var/log/Xorg.0.log I see many entries like
>
> [ 88837.701] AUDIT: Wed Jun 12 10:56:57 2013: 10913: client 12
> connected from local host ( uid=42 gid=42 pid=10962 )
> Auth name: MIT-MAGIC-COOKIE-1 ID: 270
> [ 88837.731] AUDIT: Wed Jun 12 10:56:57 2013: 10913: client 14
> connected from local host ( uid=42 gid=42 pid=10962 )
> Auth name: MIT-MAGIC-COOKIE-1 ID: 270
> [ 88868.079] AUDIT: Wed Jun 12 10:57:28 2013: 10913: client 14 disconnected
> [ 88868.079] AUDIT: Wed Jun 12 10:57:28 2013: 10913: client 12 disconnected
>
> and an entry in /var/log/messages like
>
> Jun 12 11:18:52 ipa_hostname smbd[11154]: Failed to find a Unix
> account for AD_NETBIOS$Failed to find a Unix account for
> AD_NETBIOS$Failed to find a Unix account for AD_NETBIOS$Failed to
> find a Unix account for AD_NETBIOS$Failed to find a Unix account for
> AD_NETBIOS$Failed to find a Unix account for AD_NETBIOS$Failed to
> find a Unix account for AD_NETBIOS$Failed to find a Unix account for
> AD_NETBIOS$Failed to find a Unix account for
> AD_NETBIOS$_netr_ServerAuthenticate3: netlogon_creds_server_check
> failed. Rejecting auth request from client ADS machine account
> AD_DOMAIN.
>
> Where AD_DOMAIN and AD_NETBIOS are replacements according to
> http://www.freeipa.org/page/Howto/IPAv3_AD_trust_setup#Assumptions
>
> We need some AD user able to login via gdm to the CentOS machine.
> Can someone please tell me how to enable graphical/gdm login on the
> FreeIPA-Server for AD-Users?
>
> thank you in advanced
>
> Leah
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
More information about the Freeipa-users
mailing list