[Freeipa-users] i inetgrated ipa server with AD but users AD can not loggin on server linux?
alireza baghery
baghery.jone at gmail.com
Wed Aug 20 11:45:14 UTC 2014
hi
Having a particularly weird problem. We have moved from AD(windows 2008
R2)
to ipa server(centos 6.5). and i integrated ipa with AD
machine linux joined with ipa and machine windowse joined with AD.
users AD can loggin in cli mode in system linux (centos 6.5)
but can not in GUI mod loggin
error message in file /var/log/security
----------------------------------------------------------------------------------
pam: gdm-password[2685]: pam_unix(gdm-password:auth):
authentication failure: logname= uid=0 euid=0 tty=:0 ruser= rhost=
rhost= user=sallea at AD
pam: gdm-password[2685]: pam_sss(gdm-password:auth):
user info message: your password will expire in 40 day
pam: gdm-password[2685]:pam_sss(
gdm-password:auth):
authenticate success: logname= uid=0 euid=0 tty=:0 ruser= rhost=
rhost= user=sallea at AD
pam: gdm-password[2685]:pam_unix (gdm-password:session):
session opened for user sallea at AD by (uid=0)
polkitd(authority=local): Unregistered Authentication
Agent for session /org/freedesktop/ConsoleKit/Session4 (system bus
name :1.116 , object path /org/gnome/PolcyKit1/AuthenticationAgent,
- Ignored:
local en_US) (disconnected from bus)
pam: gdm-password[2685]: pam_unix (gdm-password:session):
session closed for user sallea at AD
------------------------------------------------------
and context file /etc/pam.d/password-auth
-----------------------------------
auth required pam_env.so
auth sufficient pam_unix.so nullok try_first_pass
auth requisite pam_succeed_if.so uid >= 500 quiet
auth sufficient pam_sss.so use_first_pass
auth required pam_deny.so
account required pam_unix.so
account sufficient pam_localuser.so
account sufficient pam_succeed_if.so uid < 500 quiet
account [default=bad success=ok user_unknown=ignore] pam_sss.so
account required pam_permit.so
password requisite pam_cracklib.so try_first_pass retry=3 type=
password sufficient pam_unix.so sha512 shadow nullok
try_first_pass use_authtok
password sufficient pam_sss.so use_authtok
password required pam_deny.so
session optional pam_keyinit.so revoke
session required pam_limits.so
session [success=1 default=ignore] pam_succeed_if.so service in
crond quiet use_uid
session required pam_unix.so
session require pam_sss.so
--------------------------------------
how to solve this problem?
thanks
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140820/c4da80c2/attachment.htm>
More information about the Freeipa-users
mailing list