[Freeipa-users] diskless workstations in an IPA domain
Jakub Hrozek
jhrozek at redhat.com
Fri Oct 14 08:02:20 UTC 2016
On Fri, Oct 14, 2016 at 09:44:11AM +0200, Sumit Bose wrote:
> On Fri, Oct 14, 2016 at 12:41:23AM +0200, Jacquelin Charbonnel wrote:
> > Thank you for this information. Yes, /tmp is writable.
> >
> > My problem is : access are sometimes definitively refused for random user
> > who wants to log in diskless workstations.
> > But if this banned user tries to connect to the single machine which mounts
> > the fs in rw mode, it's work, and this solve immediately its problem on all
> > the other stateless machines !? Strange...
>
> Maybe it is the selinux_provider, iirc at least in older version it used
> to write some data somewhere below /etc/selinux/. You can easily test
> this by setting 'selinux_provider = none' in the domain section in
> ssd.conf.
Aah, that's probably it. We no longer write to the directory directly,
but we call libsemanage functions that do.
More information about the Freeipa-users
mailing list