On Wed, May 31, 2017 at 08:56:44PM -0000, paul--- via FreeIPA-users wrote:
Hi Jakub, Thanks for clearing this out and pointing out ypbind is the wrong direction. What do you mean with 'the workaround'? Do mean use of 'authconfig --enablenis --update'? The combination of Centos 7.3 with ipa-client 4.4 and that workaround results in a hanging boot with the following errors and no login: Failed to start RealtimeKit for Policy Services Failed to start Authorization Manager Dependency failed for Dynamic System tuning deamon Failed to start Login Service Failed to start GNOME display Manager Starting terminate Plymouth boot screen
SSH works (but very slow login after 20 minutes) with the following content of /var/log/secure: May 31 22:25:26 ad02 userhelper[15096]: pam_succeed_if(ovirt-container-list:auth): requirement "user = ovirtagent" was met by user "ovirtagent" May 31 22:25:26 ad02 userhelper[15096]: running '/usr/share/ovirt-guest-agent/container-list' with root privileges on behalf of 'ovirtagent' May 31 22:30:54 ad02 userhelper[688]: pam_succeed_if(ovirt-container-list:auth): requirement "user = ovirtagent" was met by user "ovirtagent" May 31 22:31:54 ad02 userhelper[688]: running '/usr/share/ovirt-guest-agent/container-list' with root privileges on behalf of 'ovirtagent' May 31 22:34:03 ad02 userhelper[695]: pam_succeed_if(ovirt-container-list:auth): requirement "user = ovirtagent" was met by user "ovirtagent" May 31 22:35:04 ad02 userhelper[695]: running '/usr/share/ovirt-guest-agent/container-list' with root privileges on behalf of 'ovirtagent' May 31 22:35:54 ad02 userhelper[707]: pam_succeed_if(ovirt-container-list:auth): requirement "user = ovirtagent" was met by user "ovirtagent" May 31 22:36:54 ad02 userhelper[707]: running '/usr/share/ovirt-guest-agent/container-list' with root privileges on behalf of 'ovirtagent' May 31 22:37:04 ad02 userhelper[708]: pam_succeed_if(diskmapper:auth): requirement "user = ovirtagent" was met by user "ovirtagent" May 31 22:38:04 ad02 userhelper[708]: running '/usr/share/ovirt-guest-agent/diskmapper.script' with root privileges on behalf of 'ovirtagent' May 31 22:42:03 ad02 userhelper[722]: pam_succeed_if(ovirt-locksession:auth): requirement "user = ovirtagent" was met by user "ovirtagent" May 31 22:42:54 ad02 userhelper[730]: pam_succeed_if(ovirt-container-list:auth): requirement "user = ovirtagent" was met by user "ovirtagent" May 31 22:43:03 ad02 userhelper[722]: running '/usr/share/ovirt-guest-agent/LockActiveSession.py' with root privileges on behalf of 'ovirtagent' May 31 22:43:51 ad02 userhelper[730]: running '/usr/share/ovirt-guest-agent/container-list' with root privileges on behalf of 'ovirtagent' May 31 22:44:51 ad02 userhelper[841]: pam_succeed_if(diskmapper:auth): requirement "user = ovirtagent" was met by user "ovirtagent" May 31 22:44:51 ad02 userhelper[841]: running '/usr/share/ovirt-guest-agent/diskmapper.script' with root privileges on behalf of 'ovirtagent' May 31 22:45:51 ad02 userhelper[905]: pam_succeed_if(ovirt-container-list:auth): requirement "user = ovirtagent" was met by user "ovirtagent" May 31 22:45:51 ad02 userhelper[905]: running '/usr/share/ovirt-guest-agent/container-list' with root privileges on behalf of 'ovirtagent' May 31 22:47:51 ad02 userhelper[1138]: pam_succeed_if(ovirt-container-list:auth): requirement "user = ovirtagent" was met by user "ovirtagent" May 31 22:47:51 ad02 userhelper[1138]: running '/usr/share/ovirt-guest-agent/container-list' with root privileges on behalf of 'ovirtagent' May 31 22:48:22 ad02 sshd[1148]: Server listening on 0.0.0.0 port 22. May 31 22:48:22 ad02 sshd[1148]: Server listening on :: port 22. May 31 22:49:52 ad02 userhelper[2369]: pam_succeed_if(ovirt-container-list:auth): requirement "user = ovirtagent" was met by user "ovirtagent" May 31 22:49:52 ad02 userhelper[2369]: running '/usr/share/ovirt-guest-agent/container-list' with root privileges on behalf of 'ovirtagent' May 31 22:49:52 ad02 userhelper[2370]: pam_succeed_if(diskmapper:auth): requirement "user = ovirtagent" was met by user "ovirtagent" May 31 22:49:52 ad02 userhelper[2370]: running '/usr/share/ovirt-guest-agent/diskmapper.script' with root privileges on behalf of 'ovirtagent' May 31 22:50:42 ad02 sshd[2392]: Accepted keyboard-interactive/pam for root from 10.0.2.65 port 34866 ssh2 May 31 22:51:08 ad02 sshd[2392]: pam_systemd(sshd:session): Failed to create session: Activation of org.freedesktop.login1 timed out May 31 22:51:08 ad02 sshd[2392]: pam_unix(sshd:session): session opened for user root by (uid=0)
I admit I'm getting a bit out of my depth, because I've actually never tried this myself, only debugged on IRC with the engineer who hit the issue first with RHEV-M. But these messages make it look like dbus or logind failed to start for some reason. I wouldn't expect the --enablenis --update to make a difference there -- does it also change nsswitch.conf in any way? Are there any interesting logs in /var/log/messages?