On Wed, May 31, 2017 at 10:18:46AM -0000, paul--- via FreeIPA-users wrote:
Hi, I have boot problem when i combine a ipa-client-install with 'authconfig --enablenis --update' According to the ovirt/RHEV docs [1] I have to do this to make SSO to the VM possible.
Messages during boot are: Failed to start RealtimeKit for Policy Services Failed to start Authorization Manager Dependency failed for Dynamic System tuning deamon
My setup is: All systems Centos 7.3(1611) oVirt 4.1 IPA server 4.4 IPA client 4.4
If i use an old VM with Centos 7.2(1511) and ipa-client 4.2 there are no problems and SSO is working so oVirt and IPA seem to be configured correct.
My findings so far:
- Centos 7.3 does not include ypbind. If i install manually it sometimes boots (but takes a long time) but the other times stops at same point as mentioned before. This could imply some kind of race condition during boot.
Please note that the --enablenis switch has (confusingly) not much to do with NIS. It 'just' configures the PAM stack so that the options are a bit different and the password is passed through to pam_sss.
What you are really hitting is https://bugzilla.redhat.com/show_bug.cgi?id=1327085
which will be fixed in 7.4.
But I'm not sure why wouldn't the workaround work. Installing ypbind is definitely not the right thing to do and it's actually what causes the issues during boot. The problem is really in the PAM stack.
If you don't install ypbind, but run the workaround, is there anything in /var/log/secure coming from gdm-ovirtcred?
- I tried different versions of ipa-client (ipa-client-4.4.0-12.el7.centos.x86_64 up to ipa-client-4.4.0-14.el7.centos.7.x86_64) none worked. Older versions i could not find anymore.
Can anyone comfirm my findings or point me in some direction?
Kind regards,
Paul
[1]https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.1/htm... _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org