Carson Chittom <carson@xxxxxxxxxx> writes:
> When I set up a machine with CentOS 8, I used the "Enterprise Login" in
> the initial setup wizard to authenticate against my FreeIPA server.
> This worked fine, and I have no issues logging in with that initial user.
>
> However, I am unable to use GDM or the console to login as any *other*
> valid user from FreeIPA. From GDM I get something like "Sorry, that
> didn't work" and "Permission denied" on the console. I've verified that
> the credentials are correct, and that I am able to manually get a ticket
> via kinit for one of those other users from this machine. With
> CentOS 7, I didn't have to do any additional configuration in this
> regard after the initial wizard.
I discovered that /etc/sssd/sssd.conf contains the line:
simple_allow_users = $, initialuser
Adding other users to this line allows them to log in. This is a very
small deployment (8 users, 4 machines), so this addresses my immediate
need, but clearly isn't really the solution. I'll dig into it some more
when I have some leisure.
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
