[prev in list] [next in list] [prev in thread] [next in thread] 

List:       centos
Subject:    Re: [CentOS] can't login as subsequent FreeIPA users
From:       Carson Chittom <carson () wistly ! net>
Date:       2019-11-21 14:20:31
Message-ID: pqidz2sgmhcnv4.fsf () granite ! internal ! wistly ! net
[Download RAW message or body]

Carson Chittom <carson@wistly.net> writes:

> When I set up a machine with CentOS 8, I used the "Enterprise Login" in
> the initial setup wizard to authenticate against my FreeIPA server.
> This worked fine, and I have no issues logging in with that initial user.
>
> However, I am unable to use GDM or the console to login as any *other*
> valid user from FreeIPA. From GDM I get something like "Sorry, that
> didn't work" and "Permission denied" on the console.  I've verified that
> the credentials are correct, and that I am able to manually get a ticket
> via kinit for one of those other users from this machine.  With
> CentOS 7, I didn't have to do any additional configuration in this
> regard after the initial wizard.

I discovered that /etc/sssd/sssd.conf contains the line:

simple_allow_users = $, initialuser

Adding other users to this line allows them to log in. This is a very
small deployment (8 users, 4 machines), so this addresses my immediate
need, but clearly isn't really the solution. I'll dig into it some more
when I have some leisure.

_______________________________________________
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos
[prev in list] [next in list] [prev in thread] [next in thread]