[Freeipa-users] i inetgrated ipa server with AD but users AD can not loggin on server linux?

Wed, 20 Aug 2014 04:48:13 -0700 

 hi
    Having a particularly weird problem. We have moved from AD(windows 2008
R2)
    to ipa server(centos 6.5). and i integrated ipa with AD
    machine linux joined with ipa and machine windowse joined with AD.
    users AD  can loggin in cli mode in system linux (centos 6.5)
    but can not in GUI mod loggin
    error message in file /var/log/security
----------------------------------------------------------------------------------
    pam: gdm-password[2685]: pam_unix(gdm-password:auth):
    authentication failure: logname= uid=0 euid=0 tty=:0 ruser= rhost=
    rhost= user=sallea@AD
    pam: gdm-password[2685]: pam_sss(gdm-password:auth):
    user info message: your password will expire in 40 day
    pam: gdm-password[2685]:pam_sss(
gdm-password:auth):
    authenticate success:  logname= uid=0 euid=0 tty=:0 ruser= rhost=
    rhost= user=sallea@AD
    pam: gdm-password[2685]:pam_unix (gdm-password:session):
    session opened for user sallea@AD by (uid=0)
    polkitd(authority=local): Unregistered Authentication
    Agent for session /org/freedesktop/ConsoleKit/Session4 (system bus
    name :1.116 , object path /org/gnome/PolcyKit1/AuthenticationAgent,

- Ignored:
    local en_US) (disconnected from bus)

    pam: gdm-password[2685]: pam_unix (gdm-password:session):
    session closed for user sallea@AD
    ------------------------------------------------------

    and context file /etc/pam.d/password-auth
    -----------------------------------
    auth        required      pam_env.so
    auth        sufficient    pam_unix.so nullok try_first_pass
    auth        requisite     pam_succeed_if.so uid >= 500 quiet
    auth        sufficient    pam_sss.so use_first_pass
    auth        required      pam_deny.so

    account     required      pam_unix.so
    account     sufficient    pam_localuser.so
    account     sufficient    pam_succeed_if.so uid < 500 quiet
    account     [default=bad success=ok user_unknown=ignore] pam_sss.so
    account     required      pam_permit.so

    password    requisite     pam_cracklib.so try_first_pass retry=3 type=
    password    sufficient    pam_unix.so sha512 shadow nullok
    try_first_pass use_authtok
    password    sufficient    pam_sss.so use_authtok
    password    required      pam_deny.so

    session     optional      pam_keyinit.so revoke
    session     required      pam_limits.so
    session     [success=1 default=ignore] pam_succeed_if.so service in
    crond quiet use_uid
    session     required      pam_unix.so

    session     require       pam_sss.so
    --------------------------------------
    how to solve this problem?
    thanks

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project

Reply via email to