On Tue, May 09, 2017 at 11:12:13PM +0200, tuxderlinuxfuch...@gmail.com wrote: > Hello everyone, > > I set up my freeIPA instance and it works very well for my client > computers (Ubuntu Desktop 16.04.2 LTS), I can login via SSH using a > freeIPA managed user account. > > My own HBAC rule also works for that. I disabled the "allow all" rule > and created my own one. Works fine for SSH. > > But I cannot login to the GNOME 3 Desktop on the client. I used the > netinstall ISO image of Ubuntu. During installation, I have chose > "Ubuntu GNOME Desktop" as the only desktop. > > So my display manager is gdm3. > > I added the "gdm" and "gdm-password" services to my HBAC rule. To be on > the safe side, I rebooted the client machine. But I still can't login to > the GNOME Desktop with an account that can login via SSH. > > So the services in my rule are > > login, gdm, gdm-password > > If you need any logs or other information, I will provide them.
Please send sssd_pam.log and sssd_domain.name.log with debug_level=10 in the [pam] and [domain/...] section of sssd.conf. bye, Sumit > > > Thanks in advance! > > > > > -- > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > Go to http://freeipa.org for more info on the project -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project