[Freeipa-users] Authenticate on GNOME display manager with freeipa

Discussion:

[Freeipa-users] Authenticate on GNOME display manager with freeipa

t***@gmail.com

2017-05-09 21:12:13 UTC

Hello everyone,

I set up my freeIPA instance and it works very well for my client
computers (Ubuntu Desktop 16.04.2 LTS), I can login via SSH using a
freeIPA managed user account.

My own HBAC rule also works for that. I disabled the "allow all" rule
and created my own one. Works fine for SSH.

But I cannot login to the GNOME 3 Desktop on the client. I used the
netinstall ISO image of Ubuntu. During installation, I have chose
"Ubuntu GNOME Desktop" as the only desktop.

So my display manager is gdm3.

I added the "gdm" and "gdm-password" services to my HBAC rule. To be on
the safe side, I rebooted the client machine. But I still can't login to
the GNOME Desktop with an account that can login via SSH.

So the services in my rule are

login, gdm, gdm-password

If you need any logs or other information, I will provide them.

Thanks in advance!

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Jason B. Nance

2017-05-09 22:11:30 UTC

Post by t***@gmail.com
But I cannot login to the GNOME 3 Desktop on the client. I used the
netinstall ISO image of Ubuntu. During installation, I have chose
"Ubuntu GNOME Desktop" as the only desktop.
So my display manager is gdm3.

It sounds as if GDM has its own PAM module that isn't configured to use SSSD. Check out /etc/pam.d/gdm or similar and see if it includes the "common-*" modules (and verify that they include the SSSD libraries in their stacks). You can compare it to the SSH module.

Regards,

j

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Jason B. Nance

2017-05-10 15:40:58 UTC

Make sure you are using "reply-all" as your replies are falling off the mailing list and coming to me only.

They do have some of these lines.

Assuming your common-* modules are setup correctly (which you can verify by looking at your ssh module and seeing if it uses common-* or if the sssd libraries are in there directly) at this point we'll need to go to logs. Tail your logs while attempting to do a GDM login and compare them to a tail when doing an SSH login.

j

#%PAM-1.0
auth requisite pam_nologin.so
auth required pam_succeed_if.so user != root quiet_success
@include common-auth
auth optional pam_gnome_keyring.so
@include common-account
# SELinux needs to be the first session rule. This ensures that any
# lingering context has been cleared. Without this it is possible
# that a module could execute code in the wrong domain.
session [success=ok ignore=ignore module_unknown=ignore
default=bad] pam_selinux.so close
session required pam_loginuid.so
# SELinux needs to intervene at login time to ensure that the process
# starts in the proper default security context. Only sessions which are
# intended to run in the user's context should be run after this.
session [success=ok ignore=ignore module_unknown=ignore
default=bad] pam_selinux.so open
session optional pam_keyinit.so force revoke
session required pam_limits.so
session required pam_env.so readenv=1
session required pam_env.so readenv=1 user_readenv=1
envfile=/etc/default/locale
@include common-session
session optional pam_gnome_keyring.so auto_start
@include common-password
#%PAM-1.0
auth requisite pam_nologin.so
auth required pam_succeed_if.so user != root quiet_success
auth required pam_permit.so
@include common-account
# SELinux needs to be the first session rule. This ensures that any
# lingering context has been cleared. Without this it is possible
# that a module could execute code in the wrong domain.
session [success=ok ignore=ignore module_unknown=ignore
default=bad] pam_selinux.so close
session required pam_loginuid.so
# SELinux needs to intervene at login time to ensure that the process
# starts in the proper default security context. Only sessions which are
# intended to run in the user's context should be run after this.
session [success=ok ignore=ignore module_unknown=ignore
default=bad] pam_selinux.so open
session optional pam_keyinit.so force revoke
session required pam_limits.so
session required pam_env.so readenv=1
session required pam_env.so readenv=1 user_readenv=1
envfile=/etc/default/locale
@include common-session
@include common-password
#%PAM-1.0
auth requisite pam_nologin.so
auth required pam_permit.so
@include common-account
session optional pam_keyinit.so force revoke
session required pam_limits.so
session required pam_env.so readenv=1
session required pam_env.so readenv=1 user_readenv=1
envfile=/etc/default/locale
@include common-session
@include common-password
Thanks already!

/etc/pam.d/gdm-autologin
/etc/pam.d/gdm-launch-environment
/etc/pam.d/gdm-password
The common-session file has a line "session optional pam_sss.so"
I don't really know what to compare to the SSH module (which I guess is
the /etc/pam.d/sshd file)

Do they only have session lines and no auth, account, or password?

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Jason B. Nance

2017-05-10 02:32:59 UTC

Post by t***@gmail.com
I set up my freeIPA instance and it works very well for my client
computers (Ubuntu Desktop 16.04.2 LTS), I can login via SSH using a
freeIPA managed user account.
But I cannot login to the GNOME 3 Desktop on the client. I used the
netinstall ISO image of Ubuntu. During installation, I have chose
"Ubuntu GNOME Desktop" as the only desktop.
So my display manager is gdm3.

Err, actually, I missed something here. You say you're running Ubuntu Desktop 16.04.2 LTS with Gnome 3 and GDM. However, that version/bundle ships with Unity and LightDM. I'm not saying it won't work but just trying to get clarity on your setup and letting you know you may be deviating from the "easy" path.

Regards,

j

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Sumit Bose

2017-05-10 19:42:16 UTC

Post by t***@gmail.com
Hello everyone,
I set up my freeIPA instance and it works very well for my client
computers (Ubuntu Desktop 16.04.2 LTS), I can login via SSH using a
freeIPA managed user account.
My own HBAC rule also works for that. I disabled the "allow all" rule
and created my own one. Works fine for SSH.
But I cannot login to the GNOME 3 Desktop on the client. I used the
netinstall ISO image of Ubuntu. During installation, I have chose
"Ubuntu GNOME Desktop" as the only desktop.
So my display manager is gdm3.
I added the "gdm" and "gdm-password" services to my HBAC rule. To be on
the safe side, I rebooted the client machine. But I still can't login to
the GNOME Desktop with an account that can login via SSH.
So the services in my rule are
login, gdm, gdm-password
If you need any logs or other information, I will provide them.

Please send sssd_pam.log and sssd_domain.name.log with debug_level=10 in
the [pam] and [domain/...] section of sssd.conf.

bye,
Sumit

Post by t***@gmail.com
Thanks in advance!
--
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

t***@gmail.com

2017-05-11 11:29:33 UTC

Hello,

I have attached the requested files.

Thanks in advance!

Post by Sumit Bose

Post by t***@gmail.com
Hello everyone,
I set up my freeIPA instance and it works very well for my client
computers (Ubuntu Desktop 16.04.2 LTS), I can login via SSH using a
freeIPA managed user account.
My own HBAC rule also works for that. I disabled the "allow all" rule
and created my own one. Works fine for SSH.
But I cannot login to the GNOME 3 Desktop on the client. I used the
netinstall ISO image of Ubuntu. During installation, I have chose
"Ubuntu GNOME Desktop" as the only desktop.
So my display manager is gdm3.
I added the "gdm" and "gdm-password" services to my HBAC rule. To be on
the safe side, I rebooted the client machine. But I still can't login to
the GNOME Desktop with an account that can login via SSH.
So the services in my rule are
login, gdm, gdm-password
If you need any logs or other information, I will provide them.

Please send sssd_pam.log and sssd_domain.name.log with debug_level=10 in
the [pam] and [domain/...] section of sssd.conf.
bye,
Sumit

Post by t***@gmail.com
Thanks in advance!
--
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Sumit Bose

2017-05-11 11:54:28 UTC

Post by t***@gmail.com
Hello,
I have attached the requested files.

The logs indicate that access was granted by SSSD and that gdm even
called pam_open_session.

Did gdm login worked with the 'allow all' rule? Are there any other
hints in the system or gdm logs with gdm might have failed?

bye,
Sumit

Post by t***@gmail.com
Thanks in advance!

Post by Sumit Bose

Post by t***@gmail.com
Hello everyone,
I set up my freeIPA instance and it works very well for my client
computers (Ubuntu Desktop 16.04.2 LTS), I can login via SSH using a
freeIPA managed user account.
My own HBAC rule also works for that. I disabled the "allow all" rule
and created my own one. Works fine for SSH.
But I cannot login to the GNOME 3 Desktop on the client. I used the
netinstall ISO image of Ubuntu. During installation, I have chose
"Ubuntu GNOME Desktop" as the only desktop.
So my display manager is gdm3.
I added the "gdm" and "gdm-password" services to my HBAC rule. To be on
the safe side, I rebooted the client machine. But I still can't login to
the GNOME Desktop with an account that can login via SSH.
So the services in my rule are
login, gdm, gdm-password
If you need any logs or other information, I will provide them.

Please send sssd_pam.log and sssd_domain.name.log with debug_level=10 in
the [pam] and [domain/...] section of sssd.conf.
bye,
Sumit

Post by t***@gmail.com
Thanks in advance!
--
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

t***@gmail.com

2017-05-11 22:50:08 UTC

I have attached the syslog with gdm debug mode enabled

Post by Sumit Bose

Post by t***@gmail.com
Hello,
I have attached the requested files.

The logs indicate that access was granted by SSSD and that gdm even
called pam_open_session.
Did gdm login worked with the 'allow all' rule? Are there any other
hints in the system or gdm logs with gdm might have failed?
bye,
Sumit

Post by t***@gmail.com
Thanks in advance!

Post by Sumit Bose

Post by t***@gmail.com
Hello everyone,
I set up my freeIPA instance and it works very well for my client
computers (Ubuntu Desktop 16.04.2 LTS), I can login via SSH using a
freeIPA managed user account.
My own HBAC rule also works for that. I disabled the "allow all" rule
and created my own one. Works fine for SSH.
But I cannot login to the GNOME 3 Desktop on the client. I used the
netinstall ISO image of Ubuntu. During installation, I have chose
"Ubuntu GNOME Desktop" as the only desktop.
So my display manager is gdm3.
I added the "gdm" and "gdm-password" services to my HBAC rule. To be on
the safe side, I rebooted the client machine. But I still can't login to
the GNOME Desktop with an account that can login via SSH.
So the services in my rule are
login, gdm, gdm-password
If you need any logs or other information, I will provide them.

Please send sssd_pam.log and sssd_domain.name.log with debug_level=10 in
the [pam] and [domain/...] section of sssd.conf.
bye,
Sumit

Post by t***@gmail.com
Thanks in advance!
--
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Sumit Bose

2017-05-12 06:29:11 UTC

Post by t***@gmail.com
I have attached the syslog with gdm debug mode enabled

Post by Sumit Bose

Post by t***@gmail.com
Hello,
I have attached the requested files.

The logs indicate that access was granted by SSSD and that gdm even
called pam_open_session.
Did gdm login worked with the 'allow all' rule? Are there any other
hints in the system or gdm logs with gdm might have failed?
bye,
Sumit

Post by t***@gmail.com
Thanks in advance!

Post by Sumit Bose

Post by t***@gmail.com
Hello everyone,
I set up my freeIPA instance and it works very well for my client
computers (Ubuntu Desktop 16.04.2 LTS), I can login via SSH using a
freeIPA managed user account.
My own HBAC rule also works for that. I disabled the "allow all" rule
and created my own one. Works fine for SSH.
But I cannot login to the GNOME 3 Desktop on the client. I used the
netinstall ISO image of Ubuntu. During installation, I have chose
"Ubuntu GNOME Desktop" as the only desktop.
So my display manager is gdm3.
I added the "gdm" and "gdm-password" services to my HBAC rule. To be on
the safe side, I rebooted the client machine. But I still can't login to
the GNOME Desktop with an account that can login via SSH.
So the services in my rule are
login, gdm, gdm-password
If you need any logs or other information, I will provide them.

Please send sssd_pam.log and sssd_domain.name.log with debug_level=10 in
the [pam] and [domain/...] section of sssd.conf.
bye,
Sumit

Post by t***@gmail.com
Thanks in advance!
--
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

....

Post by t***@gmail.com
May 11 23:41:55 ubugdm /usr/lib/gdm3/gdm-x-session[1741]: (II) This device may have been added with another device file.
May 11 23:41:55 ubugdm gdm-x-session: Running session message bus
May 11 23:41:55 ubugdm gdm3: GdmManager: trying to register new display
May 11 23:41:55 ubugdm gdm3: GdmSession: Setting display device: /dev/tty2
May 11 23:41:55 ubugdm gdm3: using ut_user vmuser1
May 11 23:41:55 ubugdm gdm3: Writing login record
May 11 23:41:55 ubugdm gdm3: using ut_type USER_PROCESS
May 11 23:41:55 ubugdm gdm3: using ut_tv time 1494538915
May 11 23:41:55 ubugdm gdm3: using ut_pid 1741
May 11 23:41:55 ubugdm gdm3: using ut_host :1
May 11 23:41:55 ubugdm gdm3: using ut_line tty2
May 11 23:41:55 ubugdm gdm3: Writing wtmp session record to /var/log/wtmp
May 11 23:41:55 ubugdm gdm3: Adding or updating utmp record for login
May 11 23:41:55 ubugdm gdm3: GdmLocalDisplayFactory: display status changed: 2
May 11 23:41:55 ubugdm gdm-x-session: Running X session
May 11 23:41:55 ubugdm gdm-x-session: Trying script /etc/gdm3/Prime/:1
May 11 23:41:55 ubugdm gdm-x-session: script /etc/gdm3/Prime/:1 not found; skipping
May 11 23:41:55 ubugdm gdm-x-session: Trying script /etc/gdm3/Prime/Default
May 11 23:41:55 ubugdm gdm-x-session: Running process: /etc/gdm3/Prime/Default
May 11 23:41:55 ubugdm gdm-x-session: GdmSlave: script environment: DISPLAY=:1
May 11 23:41:55 ubugdm gdm-x-session: GdmSlave: script environment: SHELL=/bin/sh
May 11 23:41:55 ubugdm gdm-x-session: GdmSlave: script environment: XAUTHORITY=/run/user/126400004/gdm/Xauthority
May 11 23:41:55 ubugdm gdm-x-session: GdmSlave: script environment: RUNNING_UNDER_GDM=true
May 11 23:41:55 ubugdm gdm-x-session: GdmSlave: script environment: HOME=/
May 11 23:41:55 ubugdm gdm-x-session: GdmSlave: script environment: PWD=/
May 11 23:41:55 ubugdm gdm-x-session: GdmSlave: script environment: PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
May 11 23:41:55 ubugdm gdm-x-session: Process exit status: 0
May 11 23:41:55 ubugdm /usr/lib/gdm3/gdm-x-session[1741]: /etc/gdm3/Xsession: Beginning session setup...
May 11 23:41:55 ubugdm /usr/lib/gdm3/gdm-x-session[1741]: /etc/gdm3/Xsession: line 41: /dev/stderr: No such device or address
May 11 23:41:55 ubugdm /usr/lib/gdm3/gdm-x-session[1741]: localuser:vmuser1 being added to access control list
May 11 23:41:55 ubugdm /usr/lib/gdm3/gdm-x-session[1741]: localuser:vmuser1 being added to access control list
May 11 23:41:56 ubugdm /usr/lib/gdm3/gdm-x-session[1741]: Can't create dir /home/vmuser1/Desktop
May 11 23:41:56 ubugdm /usr/lib/gdm3/gdm-x-session[1741]: Can't create dir /home/vmuser1/Downloads
May 11 23:41:56 ubugdm /usr/lib/gdm3/gdm-x-session[1741]: Can't create dir /home/vmuser1/Templates
May 11 23:41:56 ubugdm /usr/lib/gdm3/gdm-x-session[1741]: Can't create dir /home/vmuser1/Public
May 11 23:41:56 ubugdm /usr/lib/gdm3/gdm-x-session[1741]: Can't create dir /home/vmuser1/Documents
May 11 23:41:56 ubugdm /usr/lib/gdm3/gdm-x-session[1741]: Can't create dir /home/vmuser1/Music
May 11 23:41:56 ubugdm /usr/lib/gdm3/gdm-x-session[1741]: Can't create dir /home/vmuser1/Pictures
May 11 23:41:56 ubugdm /usr/lib/gdm3/gdm-x-session[1741]: Can't create dir /home/vmuser1/Videos

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Post by t***@gmail.com
May 11 23:41:56 ubugdm /usr/lib/gdm3/gdm-x-session[1741]: openConnection: connect: No such file or directory
May 11 23:41:56 ubugdm /usr/lib/gdm3/gdm-x-session[1741]: cannot connect to brltty at :0
May 11 23:41:56 ubugdm /usr/lib/gdm3/gdm-x-session[1741]: dbus-update-activation-environment: systemd --user not found, ignoring --systemd argument
May 11 23:41:56 ubugdm /usr/lib/gdm3/gdm-x-session[1741]: dbus-update-activation-environment: setting CLUTTER_IM_MODULE=xim
May 11 23:41:56 ubugdm /usr/lib/gdm3/gdm-x-session[1741]: dbus-update-activation-environment: setting SHELL=/bin/sh
May 11 23:41:56 ubugdm /usr/lib/gdm3/gdm-x-session[1741]: dbus-update-activation-environment: setting QT_LINUX_ACCESSIBILITY_ALWAYS_ON=1
May 11 23:41:56 ubugdm /usr/lib/gdm3/gdm-x-session[1741]: dbus-update-activation-environment: setting GTK_MODULES=gail:atk-bridge
May 11 23:41:56 ubugdm /usr/lib/gdm3/gdm-x-session[1741]: dbus-update-activation-environment: setting USER=vmuser1
May 11 23:41:56 ubugdm /usr/lib/gdm3/gdm-x-session[1741]: dbus-update-activation-environment: setting QT_ACCESSIBILITY=1
May 11 23:41:56 ubugdm /usr/lib/gdm3/gdm-x-session[1741]: dbus-update-activation-environment: setting DEFAULTS_PATH=/usr/share/gconf/gnome.default.path
May 11 23:41:56 ubugdm /usr/lib/gdm3/gdm-x-session[1741]: dbus-update-activation-environment: setting USERNAME=vmuser1
May 11 23:41:56 ubugdm /usr/lib/gdm3/gdm-x-session[1741]: dbus-update-activation-environment: setting XDG_CONFIG_DIRS=/etc/xdg/xdg-gnome:/etc/xdg
May 11 23:41:56 ubugdm /usr/lib/gdm3/gdm-x-session[1741]: dbus-update-activation-environment: setting DESKTOP_SESSION=gnome
May 11 23:41:56 ubugdm /usr/lib/gdm3/gdm-x-session[1741]: dbus-update-activation-environment: setting PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin
May 11 23:41:56 ubugdm /usr/lib/gdm3/gdm-x-session[1741]: dbus-update-activation-environment: setting QT_IM_MODULE=ibus
May 11 23:41:56 ubugdm /usr/lib/gdm3/gdm-x-session[1741]: dbus-update-activation-environment: setting PWD=/
May 11 23:41:56 ubugdm /usr/lib/gdm3/gdm-x-session[1741]: dbus-update-activation-environment: setting XDG_SESSION_TYPE=x11
May 11 23:41:56 ubugdm /usr/lib/gdm3/gdm-x-session[1741]: dbus-update-activation-environment: setting LANG=en_US.UTF-8
May 11 23:41:56 ubugdm /usr/lib/gdm3/gdm-x-session[1741]: dbus-update-activation-environment: setting MANDATORY_PATH=/usr/share/gconf/gnome.mandatory.path
May 11 23:41:56 ubugdm /usr/lib/gdm3/gdm-x-session[1741]: dbus-update-activation-environment: setting IM_CONFIG_PHASE=1
May 11 23:41:56 ubugdm /usr/lib/gdm3/gdm-x-session[1741]: dbus-update-activation-environment: setting GDMSESSION=gnome
May 11 23:41:56 ubugdm /usr/lib/gdm3/gdm-x-session[1741]: dbus-update-activation-environment: setting KRB5CCNAME=KEYRING:persistent:126400004
May 11 23:41:56 ubugdm /usr/lib/gdm3/gdm-x-session[1741]: dbus-update-activation-environment: setting SHLVL=1
May 11 23:41:56 ubugdm /usr/lib/gdm3/gdm-x-session[1741]: dbus-update-activation-environment: setting HOME=/home/vmuser1
May 11 23:41:56 ubugdm /usr/lib/gdm3/gdm-x-session[1741]: dbus-update-activation-environment: setting XDG_SESSION_DESKTOP=gnome
May 11 23:41:56 ubugdm /usr/lib/gdm3/gdm-x-session[1741]: dbus-update-activation-environment: setting LOGNAME=vmuser1
May 11 23:41:56 ubugdm /usr/lib/gdm3/gdm-x-session[1741]: dbus-update-activation-environment: setting QT4_IM_MODULE=xim
May 11 23:41:56 ubugdm /usr/lib/gdm3/gdm-x-session[1741]: dbus-update-activation-environment: setting XDG_DATA_DIRS=/usr/share/gnome:/usr/local/share/:/usr/share/:/var/lib/snapd/desktop
May 11 23:41:56 ubugdm /usr/lib/gdm3/gdm-x-session[1741]: dbus-update-activation-environment: setting DBUS_SESSION_BUS_ADDRESS=unix:abstract=/tmp/dbus-sIl0NbD3YZ,guid=ce7f419f97490ed005e5a7275914daa3
May 11 23:41:56 ubugdm /usr/lib/gdm3/gdm-x-session[1741]: dbus-update-activation-environment: setting WINDOWPATH=2
May 11 23:41:56 ubugdm /usr/lib/gdm3/gdm-x-session[1741]: dbus-update-activation-environment: setting DISPLAY=:1
May 11 23:41:56 ubugdm /usr/lib/gdm3/gdm-x-session[1741]: dbus-update-activation-environment: setting XDG_RUNTIME_DIR=/run/user/126400004
May 11 23:41:56 ubugdm /usr/lib/gdm3/gdm-x-session[1741]: dbus-update-activation-environment: setting GTK_IM_MODULE=ibus
May 11 23:41:56 ubugdm /usr/lib/gdm3/gdm-x-session[1741]: dbus-update-activation-environment: setting XDG_CURRENT_DESKTOP=GNOME
May 11 23:41:56 ubugdm /usr/lib/gdm3/gdm-x-session[1741]: dbus-update-activation-environment: setting XAUTHORITY=/run/user/126400004/gdm/Xauthority
May 11 23:41:56 ubugdm /usr/lib/gdm3/gdm-x-session[1741]: dbus-update-activation-environment: setting _=/usr/bin/dbus-update-activation-environment
May 11 23:41:56 ubugdm /usr/lib/gdm3/gdm-x-session[1741]: Activating service name='org.a11y.Bus'
May 11 23:41:56 ubugdm gdm-launch-environment]: AccountsService: ActUserManager: sending user-changed signal for user user
May 11 23:41:56 ubugdm gdm-launch-environment]: AccountsService: ActUserManager: sent user-changed signal for user user
May 11 23:41:56 ubugdm gdm-launch-environment]: AccountsService: ActUserManager: updating user user
May 11 23:41:56 ubugdm gdm-password]: AccountsService: ActUserManager: sending user-changed signal for user user
May 11 23:41:56 ubugdm gdm-password]: AccountsService: ActUserManager: sent user-changed signal for user user
May 11 23:41:56 ubugdm gdm-password]: AccountsService: ActUserManager: updating user user
May 11 23:41:56 ubugdm gdm-launch-environment]: AccountsService: ActUserManager: sending user-changed signal for user vmuser1
May 11 23:41:56 ubugdm gdm-launch-environment]: AccountsService: ActUserManager: sent user-changed signal for user vmuser1
May 11 23:41:56 ubugdm gdm-launch-environment]: AccountsService: ActUserManager: updating user vmuser1
May 11 23:41:56 ubugdm gdm-password]: AccountsService: ActUserManager: sending user-changed signal for user vmuser1
May 11 23:41:56 ubugdm gdm-password]: AccountsService: ActUserManager: sent user-changed signal for user vmuser1
May 11 23:41:56 ubugdm gdm-password]: AccountsService: ActUserManager: updating user vmuser1
May 11 23:41:56 ubugdm /usr/lib/gdm3/gdm-x-session[1741]: Successfully activated service 'org.a11y.Bus'
May 11 23:41:56 ubugdm org.a11y.Bus[1748]: ** (process:1839): WARNING **: Failed to register client: GDBus.Error:org.freedesktop.DBus.Error.ServiceUnknown: The name org.gnome.SessionManager was not provided by any .service files
May 11 23:41:56 ubugdm org.a11y.Bus[1748]: Activating service name='org.a11y.atspi.Registry'
May 11 23:41:56 ubugdm /usr/lib/gdm3/gdm-x-session[1741]: Activating service name='org.gtk.vfs.Daemon'
May 11 23:41:56 ubugdm org.a11y.Bus[1748]: Successfully activated service 'org.a11y.atspi.Registry'
May 11 23:41:56 ubugdm org.a11y.atspi.Registry[1845]: SpiRegistry daemon is running with well-known name - org.a11y.atspi.Registry
May 11 23:41:56 ubugdm /usr/lib/gdm3/gdm-x-session[1741]: Successfully activated service 'org.gtk.vfs.Daemon'
May 11 23:41:56 ubugdm gnome-session[1751]: gnome-session-is-accelerated: llvmpipe detected.
May 11 23:41:56 ubugdm gnome-session[1751]: gnome-session-binary[1751]: WARNING: IceLockAuthFile failed: No such file or directory
May 11 23:41:56 ubugdm gnome-session-binary[1751]: WARNING: IceLockAuthFile failed: No such file or directory

^^^^^^^^^^^^^^^^^^^^^^^^^

Does the user have a home directory and permissions to write into it?
Maybe you have to add pam_oddjob_mkhomedir.so or similar to your PAM
configuration to create it automatically?

HTH

bye,
Sumit

Post by t***@gmail.com
May 11 23:41:56 ubugdm gdm-x-session: session exited with status 1
May 11 23:41:56 ubugdm org.a11y.atspi.Registry[1845]: XIO: fatal IO error 11 (Resource temporarily unavailable) on X server ":1"
May 11 23:41:56 ubugdm org.a11y.atspi.Registry[1845]: after 21 requests (21 known processed) with 0 events remaining.
May 11 23:41:56 ubugdm /usr/lib/gdm3/gdm-x-session[1741]: (II) evdev: TPPS/2 IBM TrackPoint: Close
May 11 23:41:56 ubugdm org.gtk.vfs.Daemon[1748]: A connection to the bus can't be made
May 11 23:41:56 ubugdm /usr/lib/gdm3/gdm-x-session[1741]: (II) UnloadModule: "evdev"
May 11 23:41:56 ubugdm /usr/lib/gdm3/gdm-x-session[1741]: (II) systemd-logind: releasing fd for 13:67
May 11 23:41:56 ubugdm /usr/lib/gdm3/gdm-x-session[1741]: (II) evdev: AT Translated Set 2 keyboard: Close
May 11 23:41:56 ubugdm /usr/lib/gdm3/gdm-x-session[1741]: (II) UnloadModule: "evdev"
May 11 23:41:56 ubugdm /usr/lib/gdm3/gdm-x-session[1741]: (II) systemd-logind: releasing fd for 13:65
May 11 23:41:56 ubugdm /usr/lib/gdm3/gdm-x-session[1741]: (II) evdev: AT Translated Set 2 keyboard: Close
May 11 23:41:56 ubugdm /usr/lib/gdm3/gdm-x-session[1741]: (II) UnloadModule: "evdev"
May 11 23:41:56 ubugdm /usr/lib/gdm3/gdm-x-session[1741]: (II) systemd-logind: releasing fd for 13:68
May 11 23:41:56 ubugdm /usr/lib/gdm3/gdm-x-session[1741]: (II) evdev: Power Button: Close
May 11 23:41:56 ubugdm /usr/lib/gdm3/gdm-x-session[1741]: (II) UnloadModule: "evdev"
May 11 23:41:56 ubugdm /usr/lib/gdm3/gdm-x-session[1741]: (II) systemd-logind: releasing fd for 13:64
May 11 23:41:56 ubugdm /usr/lib/gdm3/gdm-x-session[1741]: (II) evdev: Microsoft Vmbus HID-compliant Mouse: Close
May 11 23:41:56 ubugdm /usr/lib/gdm3/gdm-x-session[1741]: (II) UnloadModule: "evdev"
May 11 23:41:56 ubugdm /usr/lib/gdm3/gdm-x-session[1741]: (II) systemd-logind: releasing fd for 13:66
May 11 23:41:56 ubugdm /usr/lib/gdm3/gdm-x-session[1741]: (II) Server terminated successfully (0). Closing log file.
May 11 23:41:56 ubugdm gdm-password]: GdmSessionWorker: child (pid:1741) done (status:1)
May 11 23:41:56 ubugdm gdm-password]: GdmSessionWorker: uninitializing PAM
May 11 23:41:56 ubugdm gdm-password]: GdmSessionWorker: jumping to VT 7
May 11 23:41:56 ubugdm gdm-password]: GdmSessionWorker: couldn't finalize jump to VT 7: Interrupted system call
May 11 23:41:56 ubugdm /usr/lib/gdm3/gdm-x-session[1194]: gnome-session-binary[1204]: DEBUG(+): emitting SessionIsActive
May 11 23:41:56 ubugdm gdm-password]: GdmSessionWorker: state NONE
May 11 23:41:56 ubugdm gnome-session-binary[1204]: DEBUG(+): emitting SessionIsActive
May 11 23:41:56 ubugdm gdm3: GdmSession: Emitting 'session-exited' signal with exit code '1'
May 11 23:41:56 ubugdm /usr/lib/gdm3/gdm-x-session[1194]: (II) systemd-logind: got resume for 13:68
May 11 23:41:56 ubugdm gdm3: GdmManager: session exited with status 1
May 11 23:41:57 ubugdm gdm3: Writing logout record
May 11 23:41:57 ubugdm gdm3: using ut_type DEAD_PROCESS
May 11 23:41:57 ubugdm gdm3: using ut_tv time 1494538917
May 11 23:41:57 ubugdm gdm3: using ut_pid 1741
May 11 23:41:57 ubugdm gdm3: using ut_host :1
May 11 23:41:57 ubugdm /usr/lib/gdm3/gdm-x-session[1194]: (gnome-settings-daemon:1225): color-plugin-WARNING **: unable to get EDID for xrandr-default: unable to get EDID for output
May 11 23:41:57 ubugdm gdm3: using ut_line tty2
May 11 23:41:57 ubugdm gdm3: Writing wtmp logout record to /var/log/wtmp
May 11 23:41:57 ubugdm gdm-password]: Trying script /etc/gdm3/PostSession
May 11 23:41:57 ubugdm /usr/lib/gdm3/gdm-x-session[1194]: (WW) FBDEV(0): FBIOPAN_DISPLAY: Invalid argument
May 11 23:41:57 ubugdm /usr/lib/gdm3/gdm-x-session[1194]: (II) systemd-logind: got resume for 13:67
May 11 23:41:57 ubugdm gdm-password]: script /etc/gdm3/PostSession not found; skipping
May 11 23:41:57 ubugdm /usr/lib/gdm3/gdm-x-session[1194]: (II) systemd-logind: got resume for 13:66
May 11 23:41:57 ubugdm /usr/lib/gdm3/gdm-x-session[1194]: (II) systemd-logind: got resume for 13:65
May 11 23:41:57 ubugdm /usr/lib/gdm3/gdm-x-session[1194]: (II) systemd-logind: got resume for 13:64
May 11 23:41:57 ubugdm gdm-password]: Trying script /etc/gdm3/PostSession/Default
May 11 23:41:57 ubugdm gdm-password]: Running process: /etc/gdm3/PostSession/Default
May 11 23:41:57 ubugdm gdm-password]: GdmSlave: script environment: DISPLAY=
May 11 23:41:57 ubugdm gdm-password]: GdmSlave: script environment: HOME=/home/vmuser1
May 11 23:41:57 ubugdm gdm-password]: GdmSlave: script environment: RUNNING_UNDER_GDM=true
May 11 23:41:57 ubugdm gdm-password]: GdmSlave: script environment: LOGNAME=vmuser1
May 11 23:41:57 ubugdm gdm-password]: GdmSlave: script environment: XAUTHORITY=
May 11 23:41:57 ubugdm gdm-password]: GdmSlave: script environment: USERNAME=vmuser1
May 11 23:41:57 ubugdm gdm-password]: GdmSlave: script environment: PWD=/home/vmuser1
May 11 23:41:57 ubugdm gdm-password]: GdmSlave: script environment: USER=vmuser1
May 11 23:41:57 ubugdm gdm-password]: GdmSlave: script environment: SHELL=/bin/sh
May 11 23:41:57 ubugdm gdm-password]: GdmSlave: script environment: PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
May 11 23:41:57 ubugdm gdm3: Adding or updating utmp record for logout
May 11 23:41:57 ubugdm gdm3: GdmDisplay: unmanage display
May 11 23:41:57 ubugdm gdm3: GdmDisplay: display lasted 1.615491 seconds
May 11 23:41:57 ubugdm gdm3: GdmLocalDisplayFactory: display status changed: 4
May 11 23:41:57 ubugdm gdm3: GdmDisplayStore: Unreffing display: 0x9eb8868
May 11 23:41:57 ubugdm gdm3: GdmLocalDisplayFactory: display status changed: 3
May 11 23:41:57 ubugdm gdm3: GdmDisplay: finish display
May 11 23:41:57 ubugdm gdm3: GdmSession: Closing session
May 11 23:41:57 ubugdm gdm3: GdmSession: Stopping all conversations
May 11 23:41:57 ubugdm gdm3: GdmSessionWorkerJob: Stopping job pid:1731
May 11 23:41:57 ubugdm gdm3: GdmCommon: sending signal 15 to process 1731
May 11 23:41:57 ubugdm gdm3: GdmSessionWorkerJob: Waiting on process 1731
May 11 23:41:57 ubugdm gdm-password]: Process exit status: 0
May 11 23:41:57 ubugdm gdm-password]: Worker finished
May 11 23:41:57 ubugdm gdm3: GdmCommon: process (pid:1731) done (status:0)
May 11 23:41:57 ubugdm gdm3: GdmSessionWorkerJob: SessionWorkerJob died
May 11 23:41:57 ubugdm /usr/lib/gdm3/gdm-x-session[1194]: > Warning: Type "ONE_LEVEL" has 1 levels, but <RALT> has 2 symbols
May 11 23:41:57 ubugdm /usr/lib/gdm3/gdm-x-session[1194]: > Ignoring extra symbols
May 11 23:41:57 ubugdm /usr/lib/gdm3/gdm-x-session[1194]: Errors from xkbcomp are not fatal to the X server
May 11 23:41:57 ubugdm /usr/lib/gdm3/gdm-x-session[1194]: > Warning: Type "ONE_LEVEL" has 1 levels, but <RALT> has 2 symbols
May 11 23:41:57 ubugdm /usr/lib/gdm3/gdm-x-session[1194]: > Ignoring extra symbols
May 11 23:41:57 ubugdm /usr/lib/gdm3/gdm-x-session[1194]: Errors from xkbcomp are not fatal to the X server
May 11 23:41:57 ubugdm /usr/lib/gdm3/gdm-x-session[1194]: > Warning: Type "ONE_LEVEL" has 1 levels, but <RALT> has 2 symbols
May 11 23:41:57 ubugdm /usr/lib/gdm3/gdm-x-session[1194]: > Ignoring extra symbols
May 11 23:41:57 ubugdm /usr/lib/gdm3/gdm-x-session[1194]: Errors from xkbcomp are not fatal to the X server
May 11 23:41:57 ubugdm gdm3: GdmManager: trying to open new session
May 11 23:41:57 ubugdm gdm3: GdmDBusServer: new connection 0x9e9bad8
May 11 23:41:57 ubugdm gdm3: GdmSession: Handling new connection from outside
May 11 23:41:57 ubugdm gdm3: GdmManager: client connected
May 11 23:41:57 ubugdm gdm3: GdmDisplay: Got timed login details for display: 0
May 11 23:41:57 ubugdm gdm-launch-environment]: AccountsService: ActUserManager: sending user-changed signal for user user
May 11 23:41:57 ubugdm gdm-launch-environment]: AccountsService: ActUserManager: sent user-changed signal for user user
May 11 23:41:57 ubugdm gdm-launch-environment]: AccountsService: ActUserManager: updating user user
May 11 23:41:57 ubugdm gdm-launch-environment]: AccountsService: ActUserManager: sending user-changed signal for user vmuser1
May 11 23:41:57 ubugdm gdm-launch-environment]: AccountsService: ActUserManager: sent user-changed signal for user vmuser1
May 11 23:41:57 ubugdm gdm-launch-environment]: AccountsService: ActUserManager: updating user vmuser1
May 11 23:41:59 ubugdm systemd[1]: Time has been changed
May 11 23:41:59 ubugdm systemd[1]: snapd.refresh.timer: Adding 5h 14min 24.101040s random time.
May 11 23:41:59 ubugdm systemd[1]: snapd.refresh.timer: Adding 1h 49min 37.111737s random time.
May 11 23:41:59 ubugdm systemd[1]: apt-daily.timer: Adding 41min 17.722076s random time.
May 11 23:41:59 ubugdm systemd[1387]: Time has been changed
May 11 23:41:59 ubugdm systemd[1189]: Time has been changed
May 11 23:42:00 ubugdm /usr/lib/gdm3/gdm-x-session[1194]: gnome-session-binary[1204]: DEBUG(+): emitting SessionIsActive
May 11 23:42:00 ubugdm gnome-session-binary[1204]: DEBUG(+): emitting SessionIsActive
May 11 23:42:00 ubugdm /usr/lib/gdm3/gdm-x-session[1194]: (gnome-shell:1243): Clutter-CRITICAL **: clutter_input_device_get_device_id: assertion 'CLUTTER_IS_INPUT_DEVICE (device)' failed
May 11 23:42:00 ubugdm /usr/lib/gdm3/gdm-x-session[1194]: (gnome-shell:1243): Clutter-CRITICAL **: clutter_input_device_get_device_id: assertion 'CLUTTER_IS_INPUT_DEVICE (device)' failed
May 11 23:42:00 ubugdm /usr/lib/gdm3/gdm-x-session[1194]: (II) systemd-logind: got pause for 13:68
May 11 23:42:00 ubugdm /usr/lib/gdm3/gdm-x-session[1194]: (II) systemd-logind: got pause for 13:67
May 11 23:42:00 ubugdm /usr/lib/gdm3/gdm-x-session[1194]: (II) systemd-logind: got pause for 13:66
May 11 23:42:00 ubugdm /usr/lib/gdm3/gdm-x-session[1194]: (II) systemd-logind: got pause for 13:65
May 11 23:42:00 ubugdm /usr/lib/gdm3/gdm-x-session[1194]: (II) systemd-logind: got pause for 13:64
May 11 23:42:00 ubugdm /usr/lib/gdm3/gdm-x-session[1194]: (gnome-shell:1243): Clutter-CRITICAL **: clutter_input_device_get_device_id: assertion 'CLUTTER_IS_INPUT_DEVICE (device)' failed
May 11 23:42:04 ubugdm systemd[1189]: Time has been changed
May 11 23:42:04 ubugdm systemd[1387]: Time has been changed
May 11 23:42:04 ubugdm systemd[1]: Time has been changed
May 11 23:42:04 ubugdm systemd[1]: snapd.refresh.timer: Adding 1h 1min 38.593189s random time.
May 11 23:42:04 ubugdm systemd[1]: snapd.refresh.timer: Adding 5h 41min 21.874821s random time.
May 11 23:42:04 ubugdm systemd[1]: apt-daily.timer: Adding 5h 39min 55.997378s random time.
May 11 23:42:09 ubugdm systemd[1]: Time has been changed
May 11 23:42:09 ubugdm systemd[1]: snapd.refresh.timer: Adding 2h 33min 11.994432s random time.
May 11 23:42:09 ubugdm systemd[1]: snapd.refresh.timer: Adding 4h 23min 50.841896s random time.
May 11 23:42:09 ubugdm systemd[1]: apt-daily.timer: Adding 3h 23min 33.465902s random time.
May 11 23:42:09 ubugdm systemd[1387]: Time has been changed
May 11 23:42:09 ubugdm systemd[1189]: Time has been changed
--
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

t***@gmail.com

2017-05-12 09:25:04 UTC

Thanks!

I followed this manual:
https://help.ubuntu.com/lts/serverguide/sssd-ad.html#sssd-ad-mkhomedir

added the line

session required pam_mkhomedir.so skel=/etc/skel/ umask=0022

to the file /etc/pam.d/common-session (find attached)

Post by Sumit Bose

Post by t***@gmail.com
I have attached the syslog with gdm debug mode enabled

Post by Sumit Bose

Post by t***@gmail.com
Hello,
I have attached the requested files.

The logs indicate that access was granted by SSSD and that gdm even
called pam_open_session.
Did gdm login worked with the 'allow all' rule? Are there any other
hints in the system or gdm logs with gdm might have failed?
bye,
Sumit

Post by t***@gmail.com
Thanks in advance!

Post by Sumit Bose

Post by t***@gmail.com
Hello everyone,
I set up my freeIPA instance and it works very well for my client
computers (Ubuntu Desktop 16.04.2 LTS), I can login via SSH using a
freeIPA managed user account.
My own HBAC rule also works for that. I disabled the "allow all" rule
and created my own one. Works fine for SSH.
But I cannot login to the GNOME 3 Desktop on the client. I used the
netinstall ISO image of Ubuntu. During installation, I have chose
"Ubuntu GNOME Desktop" as the only desktop.
So my display manager is gdm3.
I added the "gdm" and "gdm-password" services to my HBAC rule. To be on
the safe side, I rebooted the client machine. But I still can't login to
the GNOME Desktop with an account that can login via SSH.
So the services in my rule are
login, gdm, gdm-password
If you need any logs or other information, I will provide them.

Please send sssd_pam.log and sssd_domain.name.log with debug_level=10 in
the [pam] and [domain/...] section of sssd.conf.
bye,
Sumit

Post by t***@gmail.com
Thanks in advance!
--
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

....

Post by t***@gmail.com
May 11 23:41:55 ubugdm /usr/lib/gdm3/gdm-x-session[1741]: (II) This device may have been added with another device file.
May 11 23:41:55 ubugdm gdm-x-session: Running session message bus
May 11 23:41:55 ubugdm gdm3: GdmManager: trying to register new display
May 11 23:41:55 ubugdm gdm3: GdmSession: Setting display device: /dev/tty2
May 11 23:41:55 ubugdm gdm3: using ut_user vmuser1
May 11 23:41:55 ubugdm gdm3: Writing login record
May 11 23:41:55 ubugdm gdm3: using ut_type USER_PROCESS
May 11 23:41:55 ubugdm gdm3: using ut_tv time 1494538915
May 11 23:41:55 ubugdm gdm3: using ut_pid 1741
May 11 23:41:55 ubugdm gdm3: using ut_host :1
May 11 23:41:55 ubugdm gdm3: using ut_line tty2
May 11 23:41:55 ubugdm gdm3: Writing wtmp session record to /var/log/wtmp
May 11 23:41:55 ubugdm gdm3: Adding or updating utmp record for login
May 11 23:41:55 ubugdm gdm3: GdmLocalDisplayFactory: display status changed: 2
May 11 23:41:55 ubugdm gdm-x-session: Running X session
May 11 23:41:55 ubugdm gdm-x-session: Trying script /etc/gdm3/Prime/:1
May 11 23:41:55 ubugdm gdm-x-session: script /etc/gdm3/Prime/:1 not found; skipping
May 11 23:41:55 ubugdm gdm-x-session: Trying script /etc/gdm3/Prime/Default
May 11 23:41:55 ubugdm gdm-x-session: Running process: /etc/gdm3/Prime/Default
May 11 23:41:55 ubugdm gdm-x-session: GdmSlave: script environment: DISPLAY=:1
May 11 23:41:55 ubugdm gdm-x-session: GdmSlave: script environment: SHELL=/bin/sh
May 11 23:41:55 ubugdm gdm-x-session: GdmSlave: script environment: XAUTHORITY=/run/user/126400004/gdm/Xauthority
May 11 23:41:55 ubugdm gdm-x-session: GdmSlave: script environment: RUNNING_UNDER_GDM=true
May 11 23:41:55 ubugdm gdm-x-session: GdmSlave: script environment: HOME=/
May 11 23:41:55 ubugdm gdm-x-session: GdmSlave: script environment: PWD=/
May 11 23:41:55 ubugdm gdm-x-session: GdmSlave: script environment: PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
May 11 23:41:55 ubugdm gdm-x-session: Process exit status: 0
May 11 23:41:55 ubugdm /usr/lib/gdm3/gdm-x-session[1741]: /etc/gdm3/Xsession: Beginning session setup...
May 11 23:41:55 ubugdm /usr/lib/gdm3/gdm-x-session[1741]: /etc/gdm3/Xsession: line 41: /dev/stderr: No such device or address
May 11 23:41:55 ubugdm /usr/lib/gdm3/gdm-x-session[1741]: localuser:vmuser1 being added to access control list
May 11 23:41:55 ubugdm /usr/lib/gdm3/gdm-x-session[1741]: localuser:vmuser1 being added to access control list
May 11 23:41:56 ubugdm /usr/lib/gdm3/gdm-x-session[1741]: Can't create dir /home/vmuser1/Desktop
May 11 23:41:56 ubugdm /usr/lib/gdm3/gdm-x-session[1741]: Can't create dir /home/vmuser1/Downloads
May 11 23:41:56 ubugdm /usr/lib/gdm3/gdm-x-session[1741]: Can't create dir /home/vmuser1/Templates
May 11 23:41:56 ubugdm /usr/lib/gdm3/gdm-x-session[1741]: Can't create dir /home/vmuser1/Public
May 11 23:41:56 ubugdm /usr/lib/gdm3/gdm-x-session[1741]: Can't create dir /home/vmuser1/Documents
May 11 23:41:56 ubugdm /usr/lib/gdm3/gdm-x-session[1741]: Can't create dir /home/vmuser1/Music
May 11 23:41:56 ubugdm /usr/lib/gdm3/gdm-x-session[1741]: Can't create dir /home/vmuser1/Pictures
May 11 23:41:56 ubugdm /usr/lib/gdm3/gdm-x-session[1741]: Can't create dir /home/vmuser1/Videos

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Post by t***@gmail.com
May 11 23:41:56 ubugdm /usr/lib/gdm3/gdm-x-session[1741]: openConnection: connect: No such file or directory
May 11 23:41:56 ubugdm /usr/lib/gdm3/gdm-x-session[1741]: cannot connect to brltty at :0
May 11 23:41:56 ubugdm /usr/lib/gdm3/gdm-x-session[1741]: dbus-update-activation-environment: systemd --user not found, ignoring --systemd argument
May 11 23:41:56 ubugdm /usr/lib/gdm3/gdm-x-session[1741]: dbus-update-activation-environment: setting CLUTTER_IM_MODULE=xim
May 11 23:41:56 ubugdm /usr/lib/gdm3/gdm-x-session[1741]: dbus-update-activation-environment: setting SHELL=/bin/sh
May 11 23:41:56 ubugdm /usr/lib/gdm3/gdm-x-session[1741]: dbus-update-activation-environment: setting QT_LINUX_ACCESSIBILITY_ALWAYS_ON=1
May 11 23:41:56 ubugdm /usr/lib/gdm3/gdm-x-session[1741]: dbus-update-activation-environment: setting GTK_MODULES=gail:atk-bridge
May 11 23:41:56 ubugdm /usr/lib/gdm3/gdm-x-session[1741]: dbus-update-activation-environment: setting USER=vmuser1
May 11 23:41:56 ubugdm /usr/lib/gdm3/gdm-x-session[1741]: dbus-update-activation-environment: setting QT_ACCESSIBILITY=1
May 11 23:41:56 ubugdm /usr/lib/gdm3/gdm-x-session[1741]: dbus-update-activation-environment: setting DEFAULTS_PATH=/usr/share/gconf/gnome.default.path
May 11 23:41:56 ubugdm /usr/lib/gdm3/gdm-x-session[1741]: dbus-update-activation-environment: setting USERNAME=vmuser1
May 11 23:41:56 ubugdm /usr/lib/gdm3/gdm-x-session[1741]: dbus-update-activation-environment: setting XDG_CONFIG_DIRS=/etc/xdg/xdg-gnome:/etc/xdg
May 11 23:41:56 ubugdm /usr/lib/gdm3/gdm-x-session[1741]: dbus-update-activation-environment: setting DESKTOP_SESSION=gnome
May 11 23:41:56 ubugdm /usr/lib/gdm3/gdm-x-session[1741]: dbus-update-activation-environment: setting PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin
May 11 23:41:56 ubugdm /usr/lib/gdm3/gdm-x-session[1741]: dbus-update-activation-environment: setting QT_IM_MODULE=ibus
May 11 23:41:56 ubugdm /usr/lib/gdm3/gdm-x-session[1741]: dbus-update-activation-environment: setting PWD=/
May 11 23:41:56 ubugdm /usr/lib/gdm3/gdm-x-session[1741]: dbus-update-activation-environment: setting XDG_SESSION_TYPE=x11
May 11 23:41:56 ubugdm /usr/lib/gdm3/gdm-x-session[1741]: dbus-update-activation-environment: setting LANG=en_US.UTF-8
May 11 23:41:56 ubugdm /usr/lib/gdm3/gdm-x-session[1741]: dbus-update-activation-environment: setting MANDATORY_PATH=/usr/share/gconf/gnome.mandatory.path
May 11 23:41:56 ubugdm /usr/lib/gdm3/gdm-x-session[1741]: dbus-update-activation-environment: setting IM_CONFIG_PHASE=1
May 11 23:41:56 ubugdm /usr/lib/gdm3/gdm-x-session[1741]: dbus-update-activation-environment: setting GDMSESSION=gnome
May 11 23:41:56 ubugdm /usr/lib/gdm3/gdm-x-session[1741]: dbus-update-activation-environment: setting KRB5CCNAME=KEYRING:persistent:126400004
May 11 23:41:56 ubugdm /usr/lib/gdm3/gdm-x-session[1741]: dbus-update-activation-environment: setting SHLVL=1
May 11 23:41:56 ubugdm /usr/lib/gdm3/gdm-x-session[1741]: dbus-update-activation-environment: setting HOME=/home/vmuser1
May 11 23:41:56 ubugdm /usr/lib/gdm3/gdm-x-session[1741]: dbus-update-activation-environment: setting XDG_SESSION_DESKTOP=gnome
May 11 23:41:56 ubugdm /usr/lib/gdm3/gdm-x-session[1741]: dbus-update-activation-environment: setting LOGNAME=vmuser1
May 11 23:41:56 ubugdm /usr/lib/gdm3/gdm-x-session[1741]: dbus-update-activation-environment: setting QT4_IM_MODULE=xim
May 11 23:41:56 ubugdm /usr/lib/gdm3/gdm-x-session[1741]: dbus-update-activation-environment: setting XDG_DATA_DIRS=/usr/share/gnome:/usr/local/share/:/usr/share/:/var/lib/snapd/desktop
May 11 23:41:56 ubugdm /usr/lib/gdm3/gdm-x-session[1741]: dbus-update-activation-environment: setting DBUS_SESSION_BUS_ADDRESS=unix:abstract=/tmp/dbus-sIl0NbD3YZ,guid=ce7f419f97490ed005e5a7275914daa3
May 11 23:41:56 ubugdm /usr/lib/gdm3/gdm-x-session[1741]: dbus-update-activation-environment: setting WINDOWPATH=2
May 11 23:41:56 ubugdm /usr/lib/gdm3/gdm-x-session[1741]: dbus-update-activation-environment: setting DISPLAY=:1
May 11 23:41:56 ubugdm /usr/lib/gdm3/gdm-x-session[1741]: dbus-update-activation-environment: setting XDG_RUNTIME_DIR=/run/user/126400004
May 11 23:41:56 ubugdm /usr/lib/gdm3/gdm-x-session[1741]: dbus-update-activation-environment: setting GTK_IM_MODULE=ibus
May 11 23:41:56 ubugdm /usr/lib/gdm3/gdm-x-session[1741]: dbus-update-activation-environment: setting XDG_CURRENT_DESKTOP=GNOME
May 11 23:41:56 ubugdm /usr/lib/gdm3/gdm-x-session[1741]: dbus-update-activation-environment: setting XAUTHORITY=/run/user/126400004/gdm/Xauthority
May 11 23:41:56 ubugdm /usr/lib/gdm3/gdm-x-session[1741]: dbus-update-activation-environment: setting _=/usr/bin/dbus-update-activation-environment
May 11 23:41:56 ubugdm /usr/lib/gdm3/gdm-x-session[1741]: Activating service name='org.a11y.Bus'
May 11 23:41:56 ubugdm gdm-launch-environment]: AccountsService: ActUserManager: sending user-changed signal for user user
May 11 23:41:56 ubugdm gdm-launch-environment]: AccountsService: ActUserManager: sent user-changed signal for user user
May 11 23:41:56 ubugdm gdm-launch-environment]: AccountsService: ActUserManager: updating user user
May 11 23:41:56 ubugdm gdm-password]: AccountsService: ActUserManager: sending user-changed signal for user user
May 11 23:41:56 ubugdm gdm-password]: AccountsService: ActUserManager: sent user-changed signal for user user
May 11 23:41:56 ubugdm gdm-password]: AccountsService: ActUserManager: updating user user
May 11 23:41:56 ubugdm gdm-launch-environment]: AccountsService: ActUserManager: sending user-changed signal for user vmuser1
May 11 23:41:56 ubugdm gdm-launch-environment]: AccountsService: ActUserManager: sent user-changed signal for user vmuser1
May 11 23:41:56 ubugdm gdm-launch-environment]: AccountsService: ActUserManager: updating user vmuser1
May 11 23:41:56 ubugdm gdm-password]: AccountsService: ActUserManager: sending user-changed signal for user vmuser1
May 11 23:41:56 ubugdm gdm-password]: AccountsService: ActUserManager: sent user-changed signal for user vmuser1
May 11 23:41:56 ubugdm gdm-password]: AccountsService: ActUserManager: updating user vmuser1
May 11 23:41:56 ubugdm /usr/lib/gdm3/gdm-x-session[1741]: Successfully activated service 'org.a11y.Bus'
May 11 23:41:56 ubugdm org.a11y.Bus[1748]: ** (process:1839): WARNING **: Failed to register client: GDBus.Error:org.freedesktop.DBus.Error.ServiceUnknown: The name org.gnome.SessionManager was not provided by any .service files
May 11 23:41:56 ubugdm org.a11y.Bus[1748]: Activating service name='org.a11y.atspi.Registry'
May 11 23:41:56 ubugdm /usr/lib/gdm3/gdm-x-session[1741]: Activating service name='org.gtk.vfs.Daemon'
May 11 23:41:56 ubugdm org.a11y.Bus[1748]: Successfully activated service 'org.a11y.atspi.Registry'
May 11 23:41:56 ubugdm org.a11y.atspi.Registry[1845]: SpiRegistry daemon is running with well-known name - org.a11y.atspi.Registry
May 11 23:41:56 ubugdm /usr/lib/gdm3/gdm-x-session[1741]: Successfully activated service 'org.gtk.vfs.Daemon'
May 11 23:41:56 ubugdm gnome-session[1751]: gnome-session-is-accelerated: llvmpipe detected.
May 11 23:41:56 ubugdm gnome-session[1751]: gnome-session-binary[1751]: WARNING: IceLockAuthFile failed: No such file or directory
May 11 23:41:56 ubugdm gnome-session-binary[1751]: WARNING: IceLockAuthFile failed: No such file or directory

^^^^^^^^^^^^^^^^^^^^^^^^^
Does the user have a home directory and permissions to write into it?
Maybe you have to add pam_oddjob_mkhomedir.so or similar to your PAM
configuration to create it automatically?
HTH
bye,
Sumit

Post by t***@gmail.com
May 11 23:41:56 ubugdm gdm-x-session: session exited with status 1
May 11 23:41:56 ubugdm org.a11y.atspi.Registry[1845]: XIO: fatal IO error 11 (Resource temporarily unavailable) on X server ":1"
May 11 23:41:56 ubugdm org.a11y.atspi.Registry[1845]: after 21 requests (21 known processed) with 0 events remaining.
May 11 23:41:56 ubugdm /usr/lib/gdm3/gdm-x-session[1741]: (II) evdev: TPPS/2 IBM TrackPoint: Close
May 11 23:41:56 ubugdm org.gtk.vfs.Daemon[1748]: A connection to the bus can't be made
May 11 23:41:56 ubugdm /usr/lib/gdm3/gdm-x-session[1741]: (II) UnloadModule: "evdev"
May 11 23:41:56 ubugdm /usr/lib/gdm3/gdm-x-session[1741]: (II) systemd-logind: releasing fd for 13:67
May 11 23:41:56 ubugdm /usr/lib/gdm3/gdm-x-session[1741]: (II) evdev: AT Translated Set 2 keyboard: Close
May 11 23:41:56 ubugdm /usr/lib/gdm3/gdm-x-session[1741]: (II) UnloadModule: "evdev"
May 11 23:41:56 ubugdm /usr/lib/gdm3/gdm-x-session[1741]: (II) systemd-logind: releasing fd for 13:65
May 11 23:41:56 ubugdm /usr/lib/gdm3/gdm-x-session[1741]: (II) evdev: AT Translated Set 2 keyboard: Close
May 11 23:41:56 ubugdm /usr/lib/gdm3/gdm-x-session[1741]: (II) UnloadModule: "evdev"
May 11 23:41:56 ubugdm /usr/lib/gdm3/gdm-x-session[1741]: (II) systemd-logind: releasing fd for 13:68
May 11 23:41:56 ubugdm /usr/lib/gdm3/gdm-x-session[1741]: (II) evdev: Power Button: Close
May 11 23:41:56 ubugdm /usr/lib/gdm3/gdm-x-session[1741]: (II) UnloadModule: "evdev"
May 11 23:41:56 ubugdm /usr/lib/gdm3/gdm-x-session[1741]: (II) systemd-logind: releasing fd for 13:64
May 11 23:41:56 ubugdm /usr/lib/gdm3/gdm-x-session[1741]: (II) evdev: Microsoft Vmbus HID-compliant Mouse: Close
May 11 23:41:56 ubugdm /usr/lib/gdm3/gdm-x-session[1741]: (II) UnloadModule: "evdev"
May 11 23:41:56 ubugdm /usr/lib/gdm3/gdm-x-session[1741]: (II) systemd-logind: releasing fd for 13:66
May 11 23:41:56 ubugdm /usr/lib/gdm3/gdm-x-session[1741]: (II) Server terminated successfully (0). Closing log file.
May 11 23:41:56 ubugdm gdm-password]: GdmSessionWorker: child (pid:1741) done (status:1)
May 11 23:41:56 ubugdm gdm-password]: GdmSessionWorker: uninitializing PAM
May 11 23:41:56 ubugdm gdm-password]: GdmSessionWorker: jumping to VT 7
May 11 23:41:56 ubugdm gdm-password]: GdmSessionWorker: couldn't finalize jump to VT 7: Interrupted system call
May 11 23:41:56 ubugdm /usr/lib/gdm3/gdm-x-session[1194]: gnome-session-binary[1204]: DEBUG(+): emitting SessionIsActive
May 11 23:41:56 ubugdm gdm-password]: GdmSessionWorker: state NONE
May 11 23:41:56 ubugdm gnome-session-binary[1204]: DEBUG(+): emitting SessionIsActive
May 11 23:41:56 ubugdm gdm3: GdmSession: Emitting 'session-exited' signal with exit code '1'
May 11 23:41:56 ubugdm /usr/lib/gdm3/gdm-x-session[1194]: (II) systemd-logind: got resume for 13:68
May 11 23:41:56 ubugdm gdm3: GdmManager: session exited with status 1
May 11 23:41:57 ubugdm gdm3: Writing logout record
May 11 23:41:57 ubugdm gdm3: using ut_type DEAD_PROCESS
May 11 23:41:57 ubugdm gdm3: using ut_tv time 1494538917
May 11 23:41:57 ubugdm gdm3: using ut_pid 1741
May 11 23:41:57 ubugdm gdm3: using ut_host :1
May 11 23:41:57 ubugdm /usr/lib/gdm3/gdm-x-session[1194]: (gnome-settings-daemon:1225): color-plugin-WARNING **: unable to get EDID for xrandr-default: unable to get EDID for output
May 11 23:41:57 ubugdm gdm3: using ut_line tty2
May 11 23:41:57 ubugdm gdm3: Writing wtmp logout record to /var/log/wtmp
May 11 23:41:57 ubugdm gdm-password]: Trying script /etc/gdm3/PostSession
May 11 23:41:57 ubugdm /usr/lib/gdm3/gdm-x-session[1194]: (WW) FBDEV(0): FBIOPAN_DISPLAY: Invalid argument
May 11 23:41:57 ubugdm /usr/lib/gdm3/gdm-x-session[1194]: (II) systemd-logind: got resume for 13:67
May 11 23:41:57 ubugdm gdm-password]: script /etc/gdm3/PostSession not found; skipping
May 11 23:41:57 ubugdm /usr/lib/gdm3/gdm-x-session[1194]: (II) systemd-logind: got resume for 13:66
May 11 23:41:57 ubugdm /usr/lib/gdm3/gdm-x-session[1194]: (II) systemd-logind: got resume for 13:65
May 11 23:41:57 ubugdm /usr/lib/gdm3/gdm-x-session[1194]: (II) systemd-logind: got resume for 13:64
May 11 23:41:57 ubugdm gdm-password]: Trying script /etc/gdm3/PostSession/Default
May 11 23:41:57 ubugdm gdm-password]: Running process: /etc/gdm3/PostSession/Default
May 11 23:41:57 ubugdm gdm-password]: GdmSlave: script environment: DISPLAY=
May 11 23:41:57 ubugdm gdm-password]: GdmSlave: script environment: HOME=/home/vmuser1
May 11 23:41:57 ubugdm gdm-password]: GdmSlave: script environment: RUNNING_UNDER_GDM=true
May 11 23:41:57 ubugdm gdm-password]: GdmSlave: script environment: LOGNAME=vmuser1
May 11 23:41:57 ubugdm gdm-password]: GdmSlave: script environment: XAUTHORITY=
May 11 23:41:57 ubugdm gdm-password]: GdmSlave: script environment: USERNAME=vmuser1
May 11 23:41:57 ubugdm gdm-password]: GdmSlave: script environment: PWD=/home/vmuser1
May 11 23:41:57 ubugdm gdm-password]: GdmSlave: script environment: USER=vmuser1
May 11 23:41:57 ubugdm gdm-password]: GdmSlave: script environment: SHELL=/bin/sh
May 11 23:41:57 ubugdm gdm-password]: GdmSlave: script environment: PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
May 11 23:41:57 ubugdm gdm3: Adding or updating utmp record for logout
May 11 23:41:57 ubugdm gdm3: GdmDisplay: unmanage display
May 11 23:41:57 ubugdm gdm3: GdmDisplay: display lasted 1.615491 seconds
May 11 23:41:57 ubugdm gdm3: GdmLocalDisplayFactory: display status changed: 4
May 11 23:41:57 ubugdm gdm3: GdmDisplayStore: Unreffing display: 0x9eb8868
May 11 23:41:57 ubugdm gdm3: GdmLocalDisplayFactory: display status changed: 3
May 11 23:41:57 ubugdm gdm3: GdmDisplay: finish display
May 11 23:41:57 ubugdm gdm3: GdmSession: Closing session
May 11 23:41:57 ubugdm gdm3: GdmSession: Stopping all conversations
May 11 23:41:57 ubugdm gdm3: GdmSessionWorkerJob: Stopping job pid:1731
May 11 23:41:57 ubugdm gdm3: GdmCommon: sending signal 15 to process 1731
May 11 23:41:57 ubugdm gdm3: GdmSessionWorkerJob: Waiting on process 1731
May 11 23:41:57 ubugdm gdm-password]: Process exit status: 0
May 11 23:41:57 ubugdm gdm-password]: Worker finished
May 11 23:41:57 ubugdm gdm3: GdmCommon: process (pid:1731) done (status:0)
May 11 23:41:57 ubugdm gdm3: GdmSessionWorkerJob: SessionWorkerJob died
May 11 23:41:57 ubugdm /usr/lib/gdm3/gdm-x-session[1194]: > Warning: Type "ONE_LEVEL" has 1 levels, but <RALT> has 2 symbols
May 11 23:41:57 ubugdm /usr/lib/gdm3/gdm-x-session[1194]: > Ignoring extra symbols
May 11 23:41:57 ubugdm /usr/lib/gdm3/gdm-x-session[1194]: Errors from xkbcomp are not fatal to the X server
May 11 23:41:57 ubugdm /usr/lib/gdm3/gdm-x-session[1194]: > Warning: Type "ONE_LEVEL" has 1 levels, but <RALT> has 2 symbols
May 11 23:41:57 ubugdm /usr/lib/gdm3/gdm-x-session[1194]: > Ignoring extra symbols
May 11 23:41:57 ubugdm /usr/lib/gdm3/gdm-x-session[1194]: Errors from xkbcomp are not fatal to the X server
May 11 23:41:57 ubugdm /usr/lib/gdm3/gdm-x-session[1194]: > Warning: Type "ONE_LEVEL" has 1 levels, but <RALT> has 2 symbols
May 11 23:41:57 ubugdm /usr/lib/gdm3/gdm-x-session[1194]: > Ignoring extra symbols
May 11 23:41:57 ubugdm /usr/lib/gdm3/gdm-x-session[1194]: Errors from xkbcomp are not fatal to the X server
May 11 23:41:57 ubugdm gdm3: GdmManager: trying to open new session
May 11 23:41:57 ubugdm gdm3: GdmDBusServer: new connection 0x9e9bad8
May 11 23:41:57 ubugdm gdm3: GdmSession: Handling new connection from outside
May 11 23:41:57 ubugdm gdm3: GdmManager: client connected
May 11 23:41:57 ubugdm gdm3: GdmDisplay: Got timed login details for display: 0
May 11 23:41:57 ubugdm gdm-launch-environment]: AccountsService: ActUserManager: sending user-changed signal for user user
May 11 23:41:57 ubugdm gdm-launch-environment]: AccountsService: ActUserManager: sent user-changed signal for user user
May 11 23:41:57 ubugdm gdm-launch-environment]: AccountsService: ActUserManager: updating user user
May 11 23:41:57 ubugdm gdm-launch-environment]: AccountsService: ActUserManager: sending user-changed signal for user vmuser1
May 11 23:41:57 ubugdm gdm-launch-environment]: AccountsService: ActUserManager: sent user-changed signal for user vmuser1
May 11 23:41:57 ubugdm gdm-launch-environment]: AccountsService: ActUserManager: updating user vmuser1
May 11 23:41:59 ubugdm systemd[1]: Time has been changed
May 11 23:41:59 ubugdm systemd[1]: snapd.refresh.timer: Adding 5h 14min 24.101040s random time.
May 11 23:41:59 ubugdm systemd[1]: snapd.refresh.timer: Adding 1h 49min 37.111737s random time.
May 11 23:41:59 ubugdm systemd[1]: apt-daily.timer: Adding 41min 17.722076s random time.
May 11 23:41:59 ubugdm systemd[1387]: Time has been changed
May 11 23:41:59 ubugdm systemd[1189]: Time has been changed
May 11 23:42:00 ubugdm /usr/lib/gdm3/gdm-x-session[1194]: gnome-session-binary[1204]: DEBUG(+): emitting SessionIsActive
May 11 23:42:00 ubugdm gnome-session-binary[1204]: DEBUG(+): emitting SessionIsActive
May 11 23:42:00 ubugdm /usr/lib/gdm3/gdm-x-session[1194]: (gnome-shell:1243): Clutter-CRITICAL **: clutter_input_device_get_device_id: assertion 'CLUTTER_IS_INPUT_DEVICE (device)' failed
May 11 23:42:00 ubugdm /usr/lib/gdm3/gdm-x-session[1194]: (gnome-shell:1243): Clutter-CRITICAL **: clutter_input_device_get_device_id: assertion 'CLUTTER_IS_INPUT_DEVICE (device)' failed
May 11 23:42:00 ubugdm /usr/lib/gdm3/gdm-x-session[1194]: (II) systemd-logind: got pause for 13:68
May 11 23:42:00 ubugdm /usr/lib/gdm3/gdm-x-session[1194]: (II) systemd-logind: got pause for 13:67
May 11 23:42:00 ubugdm /usr/lib/gdm3/gdm-x-session[1194]: (II) systemd-logind: got pause for 13:66
May 11 23:42:00 ubugdm /usr/lib/gdm3/gdm-x-session[1194]: (II) systemd-logind: got pause for 13:65
May 11 23:42:00 ubugdm /usr/lib/gdm3/gdm-x-session[1194]: (II) systemd-logind: got pause for 13:64
May 11 23:42:00 ubugdm /usr/lib/gdm3/gdm-x-session[1194]: (gnome-shell:1243): Clutter-CRITICAL **: clutter_input_device_get_device_id: assertion 'CLUTTER_IS_INPUT_DEVICE (device)' failed
May 11 23:42:04 ubugdm systemd[1189]: Time has been changed
May 11 23:42:04 ubugdm systemd[1387]: Time has been changed
May 11 23:42:04 ubugdm systemd[1]: Time has been changed
May 11 23:42:04 ubugdm systemd[1]: snapd.refresh.timer: Adding 1h 1min 38.593189s random time.
May 11 23:42:04 ubugdm systemd[1]: snapd.refresh.timer: Adding 5h 41min 21.874821s random time.
May 11 23:42:04 ubugdm systemd[1]: apt-daily.timer: Adding 5h 39min 55.997378s random time.
May 11 23:42:09 ubugdm systemd[1]: Time has been changed
May 11 23:42:09 ubugdm systemd[1]: snapd.refresh.timer: Adding 2h 33min 11.994432s random time.
May 11 23:42:09 ubugdm systemd[1]: snapd.refresh.timer: Adding 4h 23min 50.841896s random time.
May 11 23:42:09 ubugdm systemd[1]: apt-daily.timer: Adding 3h 23min 33.465902s random time.
May 11 23:42:09 ubugdm systemd[1387]: Time has been changed
May 11 23:42:09 ubugdm systemd[1189]: Time has been changed
--
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Sumit Bose

2017-05-12 09:48:50 UTC

Post by t***@gmail.com
Thanks!
https://help.ubuntu.com/lts/serverguide/sssd-ad.html#sssd-ad-mkhomedir
added the line
session required pam_mkhomedir.so skel=/etc/skel/ umask=0022
to the file /etc/pam.d/common-session (find attached)

Have you checked if /home/vmuser1 exists and has the right permissions
so that the user can create files in the directory?

bye,
Sumit

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

t***@gmail.com

2017-05-12 10:11:28 UTC

The directory didn't exist

Post by Sumit Bose

Post by t***@gmail.com
Thanks!
https://help.ubuntu.com/lts/serverguide/sssd-ad.html#sssd-ad-mkhomedir
added the line
session required pam_mkhomedir.so skel=/etc/skel/ umask=0022
to the file /etc/pam.d/common-session (find attached)

Have you checked if /home/vmuser1 exists and has the right permissions
so that the user can create files in the directory?
bye,
Sumit

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Sumit Bose

2017-05-12 10:52:02 UTC

Post by t***@gmail.com
The directory didn't exist

Then I guess that the process doesn't has the needed permissions during
the session phase anymore. Please try to replace pam_mkhomedir by
pam_oddjob_mkhomedir. This will try to create the directory via oddjobd
which runs with higher privileges.

HTH

bye,
Sumit

Post by t***@gmail.com

Post by Sumit Bose

Post by t***@gmail.com
Thanks!
https://help.ubuntu.com/lts/serverguide/sssd-ad.html#sssd-ad-mkhomedir
added the line
session required pam_mkhomedir.so skel=/etc/skel/ umask=0022
to the file /etc/pam.d/common-session (find attached)

Have you checked if /home/vmuser1 exists and has the right permissions
so that the user can create files in the directory?
bye,
Sumit

--
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

t***@gmail.com

2017-05-12 13:00:42 UTC

It worked with pam_mkhomedir. So I don't see anything left to do at the
moment

Post by Sumit Bose

Post by t***@gmail.com
The directory didn't exist

Then I guess that the process doesn't has the needed permissions during
the session phase anymore. Please try to replace pam_mkhomedir by
pam_oddjob_mkhomedir. This will try to create the directory via oddjobd
which runs with higher privileges.
HTH
bye,
Sumit

Post by t***@gmail.com

Post by Sumit Bose

Post by t***@gmail.com
Thanks!
https://help.ubuntu.com/lts/serverguide/sssd-ad.html#sssd-ad-mkhomedir
added the line
session required pam_mkhomedir.so skel=/etc/skel/ umask=0022
to the file /etc/pam.d/common-session (find attached)

Have you checked if /home/vmuser1 exists and has the right permissions
so that the user can create files in the directory?
bye,
Sumit

--
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Sumit Bose

2017-05-12 13:26:56 UTC

Post by t***@gmail.com
It worked with pam_mkhomedir. So I don't see anything left to do at the
moment

ah, I thought ...

Post by t***@gmail.com

Post by Sumit Bose

Post by t***@gmail.com
The directory didn't exist

... meant that pam_mkhomedir didn't create the directory properly. Glad
it works for you now.

bye,
Sumit

Post by t***@gmail.com

Post by Sumit Bose
Then I guess that the process doesn't has the needed permissions during
the session phase anymore. Please try to replace pam_mkhomedir by
pam_oddjob_mkhomedir. This will try to create the directory via oddjobd
which runs with higher privileges.
HTH
bye,
Sumit

Post by t***@gmail.com

Post by Sumit Bose

Post by t***@gmail.com
Thanks!
https://help.ubuntu.com/lts/serverguide/sssd-ad.html#sssd-ad-mkhomedir
added the line
session required pam_mkhomedir.so skel=/etc/skel/ umask=0022
to the file /etc/pam.d/common-session (find attached)

Have you checked if /home/vmuser1 exists and has the right permissions
so that the user can create files in the directory?
bye,
Sumit

--
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

--
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Timo Aaltonen

2017-05-15 07:47:36 UTC

Post by t***@gmail.com
Thanks!
https://help.ubuntu.com/lts/serverguide/sssd-ad.html#sssd-ad-mkhomedir
added the line
session required pam_mkhomedir.so skel=/etc/skel/ umask=0022
to the file /etc/pam.d/common-session (find attached)

Don't add it manually, it'll get removed next time pam-auth-update is
run. Instead run pam-auth-update yourself and enable "create home
directory on login".

--
t
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

15 Replies
1108 Views
Permalink to this page
Disable enhanced parsing

Thread Navigation

t***@gmail.com 2017-05-09 21:12:13 UTC

Jason B. Nance 2017-05-09 22:11:30 UTC

Jason B. Nance 2017-05-10 15:40:58 UTC

Jason B. Nance 2017-05-10 02:32:59 UTC

Sumit Bose 2017-05-10 19:42:16 UTC

t***@gmail.com 2017-05-11 11:29:33 UTC

Sumit Bose 2017-05-11 11:54:28 UTC

t***@gmail.com 2017-05-11 22:50:08 UTC

Sumit Bose 2017-05-12 06:29:11 UTC

t***@gmail.com 2017-05-12 09:25:04 UTC

Sumit Bose 2017-05-12 09:48:50 UTC

t***@gmail.com 2017-05-12 10:11:28 UTC

Sumit Bose 2017-05-12 10:52:02 UTC

t***@gmail.com 2017-05-12 13:00:42 UTC

Sumit Bose 2017-05-12 13:26:56 UTC

Timo Aaltonen 2017-05-15 07:47:36 UTC

about - legalese

Loading...