[Freeipa-users] Authenticate on GNOME display manager with freeipa

Thu May 11 11:54:28 UTC 2017

On Thu, May 11, 2017 at 01:29:33PM +0200, tuxderlinuxfuchs77 at gmail.com wrote:
> Hello,
> 
> I have attached the requested files.

The logs indicate that access was granted by SSSD and that gdm even
called pam_open_session.

Did gdm login worked with the 'allow all' rule? Are there any other
hints in the system or gdm logs with gdm might have failed?

bye,
Sumit

> 
> Thanks in advance!
> 
> On 10-May-17 9:42 PM, Sumit Bose wrote:
> > On Tue, May 09, 2017 at 11:12:13PM +0200, tuxderlinuxfuchs77 at gmail.com wrote:
> >> Hello everyone,
> >>
> >> I set up my freeIPA instance and it works very well for my client
> >> computers (Ubuntu Desktop 16.04.2 LTS), I can login via SSH using a
> >> freeIPA managed user account.
> >>
> >> My own HBAC rule also works for that. I disabled the "allow all" rule
> >> and created my own one. Works fine for SSH.
> >>
> >> But I cannot login to the GNOME 3 Desktop on the client. I used the
> >> netinstall ISO image of Ubuntu. During installation, I have chose
> >> "Ubuntu GNOME Desktop" as the only desktop.
> >>
> >> So my display manager is gdm3.
> >>
> >> I added the "gdm" and "gdm-password" services to my HBAC rule. To be on
> >> the safe side, I rebooted the client machine. But I still can't login to
> >> the GNOME Desktop with an account that can login via SSH.
> >>
> >> So the services in my rule are
> >>
> >> login, gdm, gdm-password
> >>
> >> If you need any logs or other information, I will provide them.
> > Please send sssd_pam.log and sssd_domain.name.log with debug_level=10 in
> > the [pam] and [domain/...] section of sssd.conf.
> >
> > bye,
> > Sumit
> >
> >>
> >> Thanks in advance!
> >>
> >>
> >>
> >>
> >> -- 
> >> Manage your subscription for the Freeipa-users mailing list:
> >> https://www.redhat.com/mailman/listinfo/freeipa-users
> >> Go to http://freeipa.org for more info on the project
> 