[Freeipa-users] ipa-client-install: please look for SELINUX=disabled

Discussion:

[Freeipa-users] ipa-client-install: please look for SELINUX=disabled

Harald Dunkel

2017-05-13 04:52:56 UTC

Hi folks,

RHEL 7.3, sssd 1.14.0:

If /etc/selinux/config says "SELINUX=disabled", then pam seems to fail
(without telling why) and users cannot login. *Extremely* painful.

Do you think ipa-client-install could add

selinux_provider = none

to the generated sssd.conf file, if selinux is disabled?

Another option might be to check at runtime.

Thanx in advance
Harri

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Lukas Slebodnik

2017-05-15 11:32:15 UTC

Post by Harald Dunkel
Hi folks,
If /etc/selinux/config says "SELINUX=disabled", then pam seems to fail
(without telling why) and users cannot login. *Extremely* painful.
Do you think ipa-client-install could add
selinux_provider = none

This is just a temporary workaround and not a solution.
And it is already fixed in upstream
https://pagure.io/SSSD/sssd/issue/3297

LS

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

1 Reply
39 Views
Permalink to this page
Disable enhanced parsing

Thread Navigation

Harald Dunkel 2017-05-13 04:52:56 UTC

Lukas Slebodnik 2017-05-15 11:32:15 UTC

about - legalese

Loading...