Login loop for FreeIPA users

jerrb

2/13/23, 4:31 PM

I am running into an issue with one of my newly configured freeipa clients where all of the ipa users that try to log into the computer go through a login loop. New users, and users with their passwords reset, can change their passwords but are sent right back to the login screen after authenticating. I have four freeipa clients, all of which are running Ubuntu 20.04.3. The three that work just fine are hand-built systems, and the client that doesn't work is a Dell. I can SSH into the Dell client using ipa credentials though.

My freeipa server is on a VM running CentOS 7, and the home directories for the ipa users are on an NFS server running Ubuntu 20.04.3.

I have tried looking at Xauthority and /tmp file permissions, but the Xauthority file doesn't exist in the ipa user's home directory, and the permissions of /tmp look okay from what I can see. I've never implemented LDAP authentication before, but since the issue is isolated to just one client, it makes me think this is a client-side issue rather than an LDAP one.

113

0 + 0

ubuntu

ldap

freeipa

Tomek

2/13/23, 4:59 PM

Is selinux enabled on the new client? If yes - is `use_nfs_home_dirs` set to `on`?

jerrb

2/13/23, 5:04 PM

I don't think so. sestatus isn't a found command on the client.

natxo asenjo

2/15/23, 2:44 PM

so what's in the log files? You may consider simplifyiing the setup to rule out things first, so no nfs mounts, local homedirs. Does it work? Then try nfs, and so on

jerrb

2/15/23, 3:20 PM

which log files should I check? should I start on my ldap server or the local client?

natxo asenjo

2/15/23, 3:31 PM

You are having a client issue. I suppose ubuntu uses sssd too, so this would be a good place https://sssd.io/troubleshooting/basics.html

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Login loop for FreeIPA users

TH: เข้าสู่ระบบวนซ้ำสำหรับผู้ใช้ FreeIPA

RO: Bucla de conectare pentru utilizatorii FreeIPA

RU: Цикл входа для пользователей FreeIPA

VI: Vòng đăng nhập cho người dùng FreeIPA

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.