openstack VM (similar to amazon ec2)
Running GDM3 (apt-get install gnome-shell) w/ NX Server to xorg-server-dummy package (since vm is headless)
LDAP Authentication w/ SSSD Package
Once I connect to the server, I am able to log in the first time using my ldap account. Also since i already have a home folder (PAM mkhomedir) my LDAP 'firstName' and 'lastName' actually show up on the GDM3 login screen. Which was a pleasant surprise.
however, once locked. I'm getting the error in /var/log/auth.log:
Jan 8 05:19:10 onr-geoserver gdm-password][12480]: pam_succeed_if(gdm-password:auth): requirement "user ingroup nopasswdlogin" not met by user "cott"
Jan 8 05:19:17 onr-geoserver gdm-password][12480]: pam_unix(gdm-password:auth): authentication failure; logname=cott uid=0 euid=0 tty=:0 ruser= rhost= user=cott
Jan 8 05:19:19 onr-geoserver gdm-password][12480]: pam_sss(gdm-password:auth): authentication success; logname=cott uid=0 euid=0 tty=:0 ruser= rhost= user=cott
Jan 8 05:19:19 onr-geoserver gdm-password][12480]: gkr-pam: unlocked login keyring
Jan 8 05:19:19 onr-geoserver systemd-logind[1359]: Removed session 3.
Jan 8 05:19:19 onr-geoserver gdm-password][12708]: pam_succeed_if(gdm-password:auth): requirement "user ingroup nopasswdlogin" not met by user "cott"
it seems 'pam_sss' is happy (auth. success), but 'pam_unix' is not.
This is all purely package installs from ubuntu 14.04 cloud image. no custom configs except for the dummy monitor in xorg.conf. which i doubt is related.
confirming on my setup as well.
openstack VM (similar to amazon ec2)
Running GDM3 (apt-get install gnome-shell) w/ NX Server to xorg-server-dummy package (since vm is headless)
LDAP Authentication w/ SSSD Package
Once I connect to the server, I am able to log in the first time using my ldap account. Also since i already have a home folder (PAM mkhomedir) my LDAP 'firstName' and 'lastName' actually show up on the GDM3 login screen. Which was a pleasant surprise.
however, once locked. I'm getting the error in /var/log/auth.log: [12480] : pam_succeed_ if(gdm- password: auth): requirement "user ingroup nopasswdlogin" not met by user "cott" [12480] : pam_unix( gdm-password: auth): authentication failure; logname=cott uid=0 euid=0 tty=:0 ruser= rhost= user=cott [12480] : pam_sss( gdm-password: auth): authentication success; logname=cott uid=0 euid=0 tty=:0 ruser= rhost= user=cott [12480] : gkr-pam: unlocked login keyring logind[ 1359]: Removed session 3. [12708] : pam_succeed_ if(gdm- password: auth): requirement "user ingroup nopasswdlogin" not met by user "cott"
Jan 8 05:19:10 onr-geoserver gdm-password]
Jan 8 05:19:17 onr-geoserver gdm-password]
Jan 8 05:19:19 onr-geoserver gdm-password]
Jan 8 05:19:19 onr-geoserver gdm-password]
Jan 8 05:19:19 onr-geoserver systemd-
Jan 8 05:19:19 onr-geoserver gdm-password]
it seems 'pam_sss' is happy (auth. success), but 'pam_unix' is not.
This is all purely package installs from ubuntu 14.04 cloud image. no custom configs except for the dummy monitor in xorg.conf. which i doubt is related.