On Wed, 12 Mar 2014, Longina Przybyszewska wrote:
I login from GUI (lightdm) and ssh with AD passwd - in both cases no
permissions.
SSh allows me to login to "/".
GUI throw my away.
I use AD as provider for everything
Ssh
jedi.nat.c.example.com
Last login: Wed Mar 12 09:43:32 2014 from
ariadne.a.example.org
Could not chdir to home directory /home/longina: Permission denied
-bash: /home/longina/.bash_profile: Permission denied
longina@jedi:/$ klist
Ticket cache: FILE:/tmp/krb5cc_332405654_RsFXEu
Default principal: longina(a)NAT.C.EXAMPLE.ORG
Valid starting Expires Service principal
03/12/2014 11:27:21 03/12/2014 21:27:21 krbtgt/NAT.C.EXAMPLE.ORG(a)NAT.C.EXAMPLE.ORG
renew until 03/13/2014 11:27:21
03/12/2014 11:27:22 03/12/2014 21:27:21 nfs/jota.nat.example.org(a)NAT.C.EXAMPLE.ORG
renew until 03/13/2014 11:27:21
longina@jedi:/$
Your principal is what you expect, you're getting a service principal for what
you expect to be connecting to, but you're getting permission denied at the
far end.
rpc.idmapd issues on the server?
Have you run that with debugging and seen what it's up to?
jh