[Freeipa-users] login/su problem on ubuntu
Jakub Hrozek
jhrozek at redhat.com
Tue Feb 28 20:01:53 UTC 2017
On Tue, Feb 28, 2017 at 06:13:42PM +0100, Karl Forner wrote:
> I just registered a new computer running ubuntu to our freeIPA system.
> Some users (all I tried except me) are not able to login using lightdm.
>
> The message on screen is "Permission denied".
> On the system the user (joe) is created, its home directory also, but it
> only contains a .kde/ subdir and a .bash_history.
>
> On my session, if I type:
> $sudo su - joe
> I get:
> su: Permission denied
> (Ignored)
>
>
> The only log file that is modified is /var/log/auth.log.
> The relevant lines during the graphical login are:
>
> Feb 28 16:44:29 nyx lightdm: pam_unix(lightdm:auth): authentication
> failure; logname= uid=0 euid=0 tty=:0 ruser= rhost= user=joe
> Feb 28 16:44:41 nyx lightdm: pam_sss(lightdm:auth): authentication success;
> logname= uid=0 euid=0 tty=:0 ruser= rhost= user=joe
> Feb 28 16:44:41 nyx lightdm: pam_kwallet(lightdm:auth): pam_sm_authenticate
> Feb 28 16:44:43 nyx lightdm: pam_sss(lightdm:account): Access denied for
> user joe: 6 (Permission denied)
> Feb 28 16:44:54 nyx lightdm: pam_succeed_if(lightdm:auth): requirement
> "user ingroup nopasswdlogin" not met by user "joe"
>
> The relevant lines during the "sudo su - joe":
> Feb 28 16:48:32 nyx su[26394]: pam_sss(su:account): Access denied for user
> joe: 6 (Permission denied)
You need to enable SSSD debugging:
https://fedorahosted.org/sssd/wiki/Troubleshooting
and check the sssd logs, probably the HBAC access control is kicking you
out.
More information about the Freeipa-users
mailing list