freeipa domain account lightdm login yields black screen then back to login screen

Asked by robwdux on 2016-03-24

Fresh install Ubuntu 15.10

freeipa-client 4.1.4-1

sudo ipa-client-install \
      --unattended \
      --force-ntpd \
       --domain DOMAIN.COM
       --enable-dns-updates \
       --hostname $(hostname).DOMAIN.COM
       --mkhomedir \
       --principal <XXXX> \
       --password <XXXX>

+ modified pam config so --mkhomedir works as expected

echo "session required pam_mkhomedir.so skel=/etc/skel umask=0022" >> /etc/pam.d/common-session

+ Successfully joined ipa domain, getent succeeds as well as su to domain user

+ Configured lightdm based on: 6.2.1. Login Manager Configuration -
https://help.ubuntu.com/community/SingleSignOn / https://wiki.ubuntu.com/LightDM

[SeatDefaults]
user-session=ubuntu
greeter-session=unity-greeter
greeter-show-manual-login=true
allow-guest=false

+ Attempting to login through lightdm after providing password yeilds a black screen... background appears briefly then kicks back out to login screen.

+ auth.log entries - succeed with pam_sss but fails with pam_unix:

Mar 23 19:24:14 2383p12 lightdm: pam_unix(lightdm:auth): authentication failure; logname= uid=0 euid=0 tty=:1 ruser= rhost= user=<USER>
Mar 23 19:24:15 2383p12 lightdm: pam_sss(lightdm:auth): authentication success; logname= uid=0 euid=0 tty=:1 ruser= rhost= user=<USER>

+ add libpam_krb5 and attempt again, auth.log entries:

Mar 23 19:44:01 2383p12 lightdm: pam_succeed_if(lightdm:auth): requirement "user ingroup nopasswdlogin" not met by user "<USER>"
Mar 23 19:44:05 2383p12 lightdm: pam_krb5(lightdm:auth): user <USER> authenticated as <USER>@<DOMAIN.COM>
Mar 23 19:44:06 2383p12 lightdm: pam_unix(lightdm-greeter:session): session closed for user lightdm
Mar 23 19:44:06 2383p12 lightdm: pam_unix(lightdm:session): session opened for user <USER> by (uid=0)
Mar 23 19:44:06 2383p12 systemd-logind[1025]: New session c12 of user rob.
Mar 23 19:44:06 2383p12 systemd: pam_unix(systemd-user:session): session opened for user <USER> by (uid=0)
Mar 23 19:44:06 2383p12 gnome-keyring-daemon[7547]: couldn't access control socket: /run/user/<UID>/keyring/control: No such file or directory
Mar 23 19:44:12 2383p12 lightdm: pam_unix(lightdm:session): session closed for user <USER>

++ Please advise to troubleshoot further. Should I consider GDM as a potential work around? ++

Question information

Language:
English Edit question
Status:
Open
For:
Ubuntu freeipa Edit question
Assignee:
No assignee Edit question
Last query:
2016-03-24
Last reply:

Can you help with this problem?

Provide an answer of your own, or ask robwdux for more information if necessary.

To post a message you must log in.