Hi Sumit
 
Thanks, that was it! The freeipa user(s) did not have home directories.
 
I have now manually created the directory /home/lamb, changed the ownership to lamb with chown, and now I can login with the freeipa-user.
 
Did I miss an obvious error message in the logs?
 
Cheers
 
----- Original message -----
From: "Sumit Bose via FreeIPA-users" <freeipa-users@lists.fedorahosted.org>
To: freeipa-users@lists.fedorahosted.org
Cc: "Sumit Bose" <sbose@redhat.com>
Subject: [EXTERNAL] [Freeipa-users] Re: Cannot log in to Federoa Desktop GUI with FreeIPA user.
Date: Tue, Aug 10, 2021 12:05 PM
 
Am Tue, Aug 10, 2021 at 08:47:55AM +0000 schrieb Christopher Lamb via FreeIPA-users:
> Hi
>  
> I am attempting to set up a Single Sign On (SSO) development environment in a
> Fedora 34 Virtual Machine on my laptop.
>  
> I have successfully installed and configured freeipa-server, and can create
> freeipa users both on the CLI, and via the Web UI. —> OK.
>  
> I can both “kinit” and “su” to the freeipa users —> OK. This implies that that
> the users can be successfully authenticated, password is correct etc.
>  
> However I cannot log in to the Fedora Desktop (Gnome) of the VM running
> freeipa-server with the freeipa users. —> NOT OK.
>  
> I do get the “last log in" + date message displayed, then it returns to the
> login dialog without displaying any error message.
>  
> The “last log in” message suggests that authentication was successful, but
> something after that has a worm in it.

Hi,

are you using pam_oddjob_mkhomedir.so or have you checked if there is a
home directory for the user?

HTH

bye,
Sumit

>  
> My setup is:
> VM Fedora Linux 34, freeipa-server 4.9.6, sssd 2.5.2
> VM Host: macOS Big Sur 11.4 Parallels Desktop Pro Version 16.5.1 (49187)
>  
>  
> I found this issue https://bugzilla.redhat.com/show_bug.cgi?id=1837749  where
> the user also cannot login, but for Active Directory users. My users are  plain
> vanilla freeipa.
>  
> I have attached an extract from the sssd_acme.org.log at the time of login
> attempt (09:40:10) The user is "lamb".
>  
> Any ideas?
>  
> Chris
>
>


> _______________________________________________
> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
> To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org
> Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ 
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines 
> List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org 
> Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure 
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ 
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines 
List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org 
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure