[Freeipa-users] reboot required after ipa-client-install?

Dmitri Pal dpal at redhat.com
Thu Nov 7 22:41:31 UTC 2013 

On 11/07/2013 12:59 PM, Dean Hunter wrote:
> On Thu, 2013-11-07 at 12:36 -0500, Dmitri Pal wrote:
>> On 11/07/2013 12:21 PM, Dean Hunter wrote:
>>> On Thu, 2013-11-07 at 09:44 +0200, Alexander Bokovoy wrote:
>>>> On Wed, 06 Nov 2013, Dean Hunter wrote:
>>>>
>>>> >After building a new VM and configuring the IPA 3.3.2 client, Gnome
>>>> >seems to only perform a local log-in until the system is rebooted. SSH
>>>> >works with IPA, but not Gnome. Is this correct? Is there anything less
>>>> >disruptive than a reboot that I can do?
>>>
>>>> Restart gdm.service?
>>>> I'm not sure how gdm handles PAM auth.
>>>
>>> I have tried:
>>>
>>>     ipa-client-install ...
>>>     systemctl restart gdm.service
>>>
>>> but the behavior remains the same. The Gnome log in screen accepts
>>> the user name, pauses about 25 seconds, then displays the log in
>>> screen again without any messages or indication of a problem. This
>>> is the same behavior I see when entering an incorrect local user
>>> name before configuring IPA.
>>>
>>>
>>>
>>> _______________________________________________
>>> Freeipa-users mailing list
>>> Freeipa-users at redhat.com <mailto:Freeipa-users at redhat.com>
>>> https://www.redhat.com/mailman/listinfo/freeipa-users
>> Can it be a DIR cache issue and the fact that the directory can't is
>> not created at proper time?
>
> Which directory, please?

If you are hitting the DIR cache issue (which I am not sure is the case
this is why I asked about AVCs) then the directory we are talking about
is /var/run/usr/<uid>
This directory should be created by kerberos library when it tries to
authenticate a user. But it might not be able to since a parent
directory /var/run/usr might not be created yet. This is one of the
reasons why we decided not to continue the path of DIR cache but
switched to using Kernel based ccache.


>
>> Do you see any AVCs?

Question still stands.


>>
>> -- 
>> Thank you,
>> Dmitri Pal
>>
>> Sr. Engineering Manager for IdM portfolio
>> Red Hat Inc.
>>
>>
>> -------------------------------
>> Looking to carve out IT costs?
>> www.redhat.com/carveoutcosts/ <http://www.redhat.com/carveoutcosts/>
>>
>>
>> _______________________________________________
>> Freeipa-users mailing list
>> Freeipa-users at redhat.com <mailto:Freeipa-users at redhat.com>
>> https://www.redhat.com/mailman/listinfo/freeipa-users
>


-- 
Thank you,
Dmitri Pal

Sr. Engineering Manager for IdM portfolio
Red Hat Inc.


-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20131107/f4d85cb9/attachment.htm>

More information about the Freeipa-users mailing list