[Freeipa-users] Trusted AD Users login via gdm
Sumit Bose
sbose at redhat.com
Thu Jun 13 07:18:14 UTC 2013
On Wed, Jun 12, 2013 at 02:04:33PM +0200, Leah Zimmermann wrote:
> Am 12.06.2013 12:03, schrieb Sumit Bose:
> >On Wed, Jun 12, 2013 at 11:42:23AM +0200, Leah Zimmermann wrote:
> >>Dear List Members,
> >>
> >>I have a FreeIPA-Domain on a CentOS 6.4 machine. It is in a trusted
> >>relationship to an AD-Domain.
> >>The users of the AD-Domain can login via ssh- or console-login. Then
> >>they can start the gnome desktop manually. But if they login via gdm
> >>they logged out immediatly.
> >Which name style are you using 'AD_NETBIOS\username' or
> >'username at AD_DOMAIN' ? If you only tried one can you try the other?
> until now I tried only 'username at AD_DOMAIN', but
> 'AD_NETBIOS\username' does not work as well.
> >
> >If this does not help, please send the relevant section of
> >/var/Log/secure and the sssd logs with a high debug level.
> >
> >
> As far as I can see, both styles causing the same results.
>
> Jun 12 13:27:56 ipa_hostname pam: gdm-password:
> pam_unix(gdm-password:auth): authentication failure; logname= uid=0
> euid=0 tty=:0 ruser= rhost= user=leah at AD_DOMAIN
> Jun 12 13:27:57 ipa_hostname pam: gdm-password:
> pam_sss(gdm-password:auth): authentication success; logname= uid=0
> euid=0 tty=:0 ruser= rhost= user=leah at AD_DOMAIN
> Jun 12 13:27:57 ipa_hostname pam: gdm-password:
> pam_unix(gdm-password:session): session opened for user
> leah at AD_DOMAIN by (uid=0)
> Jun 12 13:27:57 ipa_hostname polkitd(authority=local): Unregistered
> Authentication Agent for session
> /org/freedesktop/ConsoleKit/Session25 (system bus name :1.265,
> object path /org/gnome/PolicyKit1/AuthenticationAgent, locale
> de_DE.UTF-8) (disconnected from bus)
> Jun 12 13:27:58 ipa_hostname pam: gdm-password:
> pam_unix(gdm-password:session): session closed for user
> leah at AD_DOMAIN
> Jun 12 13:27:59 ipa_hostname polkitd(authority=local): Registered
> Authentication Agent for session
> /org/freedesktop/ConsoleKit/Session27 (system bus name :1.275
> [/usr/libexec/polkit-gnome-authentication-agent-1], object path
> /org/gnome/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8)
>
>
> Jun 12 13:32:56 ipa_hostname pam: gdm-password:
> pam_unix(gdm-password:auth): authentication failure; logname= uid=0
> euid=0 tty=:0 ruser= rhost= user=AD_NETBIOS\leah
> Jun 12 13:32:58 ipa_hostname pam: gdm-password:
> pam_sss(gdm-password:auth): authentication success; logname= uid=0
> euid=0 tty=:0 ruser= rhost= user=AD_NETBIOS\leah
> Jun 12 13:32:58 ipa_hostname pam: gdm-password:
> pam_unix(gdm-password:session): session opened for user
> AD_NETBIOS\leah by (uid=0)
> Jun 12 13:32:58 ipa_hostname polkitd(authority=local): Unregistered
> Authentication Agent for session
> /org/freedesktop/ConsoleKit/Session27 (system bus name :1.275,
> object path /org/gnome/PolicyKit1/AuthenticationAgent, locale
> de_DE.UTF-8) (disconnected from bus)
> Jun 12 13:32:58 ipa_hostname pam: gdm-password:
> pam_unix(gdm-password:session): session closed for user
> AD_NETBIOS\leah
> Jun 12 13:32:59 ipa_hostname polkitd(authority=local): Registered
> Authentication Agent for session
> /org/freedesktop/ConsoleKit/Session29 (system bus name :1.285
> [/usr/libexec/polkit-gnome-authentication-agent-1], object path
> /org/gnome/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8)
>
> May be the Unregistered Authentication Agent is the problem. But
> what I have missed to do?
Do you have SELinux enabled? Can you check if there any audit messages
with DELinux denials? Can you check if the SELinux context of the users
home directory is right?
bye,
Sumit
>
> Thanks
>
> Leah
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
More information about the Freeipa-users
mailing list