On 11/07/2013 12:59 PM, Dean Hunter wrote: > On Thu, 2013-11-07 at 12:36 -0500, Dmitri Pal wrote: >> On 11/07/2013 12:21 PM, Dean Hunter wrote: >>> On Thu, 2013-11-07 at 09:44 +0200, Alexander Bokovoy wrote: >>>> On Wed, 06 Nov 2013, Dean Hunter wrote: >>>> >>>> >After building a new VM and configuring the IPA 3.3.2 client, Gnome >>>> >seems to only perform a local log-in until the system is rebooted. SSH >>>> >works with IPA, but not Gnome. Is this correct? Is there anything less >>>> >disruptive than a reboot that I can do? >>> >>>> Restart gdm.service? >>>> I'm not sure how gdm handles PAM auth. >>> >>> I have tried: >>> >>> ipa-client-install ... >>> systemctl restart gdm.service >>> >>> but the behavior remains the same. The Gnome log in screen accepts >>> the user name, pauses about 25 seconds, then displays the log in >>> screen again without any messages or indication of a problem. This >>> is the same behavior I see when entering an incorrect local user >>> name before configuring IPA. >>> >>> >>> >>> _______________________________________________ >>> Freeipa-users mailing list >>> [email protected] <mailto:[email protected]> >>> https://www.redhat.com/mailman/listinfo/freeipa-users >> Can it be a DIR cache issue and the fact that the directory can't is >> not created at proper time? > > Which directory, please?
If you are hitting the DIR cache issue (which I am not sure is the case this is why I asked about AVCs) then the directory we are talking about is /var/run/usr/<uid> This directory should be created by kerberos library when it tries to authenticate a user. But it might not be able to since a parent directory /var/run/usr might not be created yet. This is one of the reasons why we decided not to continue the path of DIR cache but switched to using Kernel based ccache. > >> Do you see any AVCs? Question still stands. >> >> -- >> Thank you, >> Dmitri Pal >> >> Sr. Engineering Manager for IdM portfolio >> Red Hat Inc. >> >> >> ------------------------------- >> Looking to carve out IT costs? >> www.redhat.com/carveoutcosts/ <http://www.redhat.com/carveoutcosts/> >> >> >> _______________________________________________ >> Freeipa-users mailing list >> [email protected] <mailto:[email protected]> >> https://www.redhat.com/mailman/listinfo/freeipa-users > -- Thank you, Dmitri Pal Sr. Engineering Manager for IdM portfolio Red Hat Inc. ------------------------------- Looking to carve out IT costs? www.redhat.com/carveoutcosts/
_______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
