Hi,
I have recently setup a test freeipa server, and sssd on a client machine. Everything
works as expected, but if the freeipa server is offline, I cannot get past the lock
screen. I can not even type the password in. To get past this I have to click login as a
different user, and than relogin with the original user.
I noticed these in the logs while trying to unlock
in /var/log/messages:
gdm: AccountsService: ActUserManager: user (null) has no username (object path:
/org/freedesktop/Accounts/User0, uid: 0)
in /var/log/secure:
gkr-pam: no password is available for user
By editing /etc/pam.d/gdm-password I can get around this.
I edited the line:
session required pam_namespace.so ignore_config_error to have the
ignore_config_error parameter added to pam_namespace.so
auth [success=done ignore=ignore default=bad] pam_selinux_permit.so
auth substack password-auth
auth optional pam_gnome_keyring.so
auth include postlogin
account required pam_nologin.so
account include password-auth
password substack password-auth
-password optional pam_gnome_keyring.so use_authtok
session required pam_selinux.so close
session required pam_loginuid.so
session optional pam_console.so
-session optional pam_ck_connector.so
session required pam_selinux.so open
session optional pam_keyinit.so force revoke
session required pam_namespace.so ignore_config_error
session include password-auth
session optional pam_gnome_keyring.so auto_start
session include postlogin
Is this an expected or normal behaviour? Is there any other way to get around this issue
other than ignoring the error message?
~