<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
On 11/07/2013 12:59 PM, Dean Hunter wrote:
<blockquote cite="mid:1383847188.19912.44.camel@host.hunter.org"
type="cite">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta name="GENERATOR" content="GtkHTML/4.6.6">
On Thu, 2013-11-07 at 12:36 -0500, Dmitri Pal wrote:<br>
<blockquote type="CITE"> On 11/07/2013 12:21 PM, Dean Hunter
wrote: <br>
<blockquote type="CITE"> On Thu, 2013-11-07 at 09:44 +0200,
Alexander Bokovoy wrote:
<blockquote type="CITE">
<pre>On Wed, 06 Nov 2013, Dean Hunter wrote:
<font color="#737373">>After building a new VM and configuring the IPA 3.3.2 client, Gnome</font>
<font color="#737373">>seems to only perform a local log-in until the system is rebooted. SSH</font>
<font color="#737373">>works with IPA, but not Gnome. Is this correct? Is there anything less</font>
<font color="#737373">>disruptive than a reboot that I can do?</font>
</pre>
</blockquote>
<br>
<blockquote type="CITE">
<pre>Restart gdm.service?
I'm not sure how gdm handles PAM auth.
</pre>
</blockquote>
<br>
I have tried:<br>
<blockquote> <tt>ipa-client-install ...</tt><br>
<tt>systemctl restart gdm.service</tt><br>
</blockquote>
but the behavior remains the same. The Gnome log in screen
accepts the user name, pauses about 25 seconds, then displays
the log in screen again without any messages or indication of
a problem. This is the same behavior I see when entering an
incorrect local user name before configuring IPA.<br>
<br>
<br>
<br>
<pre>_______________________________________________
Freeipa-users mailing list
<a moz-do-not-send="true" href="mailto:Freeipa-users@redhat.com">Freeipa-users@redhat.com</a>
<a moz-do-not-send="true" href="https://www.redhat.com/mailman/listinfo/freeipa-users">https://www.redhat.com/mailman/listinfo/freeipa-users</a>
</pre>
</blockquote>
Can it be a DIR cache issue and the fact that the directory
can't is not created at proper time?<br>
</blockquote>
<br>
Which directory, please?<br>
</blockquote>
<br>
If you are hitting the DIR cache issue (which I am not sure is the
case this is why I asked about AVCs) then the directory we are
talking about is /var/run/usr/<uid> <br>
This directory should be created by kerberos library when it tries
to authenticate a user. But it might not be able to since a parent
directory /var/run/usr might not be created yet. This is one of the
reasons why we decided not to continue the path of DIR cache but
switched to using Kernel based ccache.<br>
<br>
<br>
<blockquote cite="mid:1383847188.19912.44.camel@host.hunter.org"
type="cite">
<br>
<blockquote type="CITE"> Do you see any AVCs?<br>
</blockquote>
</blockquote>
<br>
Question still stands.<br>
<br>
<br>
<blockquote cite="mid:1383847188.19912.44.camel@host.hunter.org"
type="cite">
<blockquote type="CITE"> <br>
<pre>--
Thank you,
Dmitri Pal
Sr. Engineering Manager for IdM portfolio
Red Hat Inc.
-------------------------------
Looking to carve out IT costs?
<a moz-do-not-send="true" href="http://www.redhat.com/carveoutcosts/">www.redhat.com/carveoutcosts/</a>
_______________________________________________
Freeipa-users mailing list
<a moz-do-not-send="true" href="mailto:Freeipa-users@redhat.com">Freeipa-users@redhat.com</a>
<a moz-do-not-send="true" href="https://www.redhat.com/mailman/listinfo/freeipa-users">https://www.redhat.com/mailman/listinfo/freeipa-users</a>
</pre>
</blockquote>
<br>
</blockquote>
<br>
<br>
<pre class="moz-signature" cols="72">--
Thank you,
Dmitri Pal
Sr. Engineering Manager for IdM portfolio
Red Hat Inc.
-------------------------------
Looking to carve out IT costs?
<a class="moz-txt-link-abbreviated" href="http://www.redhat.com/carveoutcosts/">www.redhat.com/carveoutcosts/</a>
</pre>
</body>
</html>