It’s hard to guess without seeing your system: * pam should be set to check both local password and sssd. If the first fails you need to go on * /etc/nsswitch.conf should probably put files before sss * user info in /etc/passwd should be the same as in IPA. If the UID or group is different I could imagine weird effects
> On Jun 29, 2019, at 4:46 PM, Christian Reiss via FreeIPA-users > <freeipa-users@lists.fedorahosted.org> wrote: > > Hey folks, > > after testing servers, replications et all (all with awesome success) I > am getting to test with clients. > > Everything is working except Fedora 30 (Workstation, not Server). I can > do the usual ipa-client-install dance, which will create the kerberos > information. I can get a kerberos ticket using kinit as well as logging > in from a remote host to this one. > > However, it is not possible to do a local (gdm) login with valid IPA > account. Neither with "Other User" nor via normal Linux Console (tty*). > sudo denies everything but the local login. > > Hint: I am trying to login into the machine that has an existing user > account. Wait, what? > > > [ 10 Minutes later ] > > > I created a new user in IPA and logged in from that one. Worked like > magic. So no non-existent users. > > So assuming that there might be some users that might have accounts > (read: all and everyone) -- what's the smartest way to mitigate or migrate? > > Thanks! > -Chris. > > -- > Christian Reiss - em...@christian-reiss.de /"\ ASCII Ribbon > supp...@alpha-labs.net \ / Campaign > X against HTML > WEB alpha-labs.net / \ in eMails > > GPG Retrieval https://gpg.christian-reiss.de > GPG ID ABCD43C5, 0x44E29126ABCD43C5 > GPG fingerprint = 9549 F537 2596 86BA 733C A4ED 44E2 9126 ABCD 43C5 > > "It's better to reign in hell than to serve in heaven.", > John Milton, Paradise lost. > > _______________________________________________ > FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org > To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
