0

Hopefully there is something simple I am missing here.

I have FreeIPA 4.6.6 (can not update at this time), Centos 7 and Centos 6 systems.

SELinux is in permissive mode. Logins on the Centos 6 system are as expected, using the context configured/provided by FreeIPA. Logins on the Centos 7 system are always unconfined. ( this is not the the default provided by FreeIPA.

I have debugging on for the pam modules, and I am seeing logs, just no errors. The logs between CentOS 6 and 7 are the same, but the context supplied for CentOS 7 is incorrect. I have been unable to locate a reason for this.

It seems like the user context is not being processed and/or received correctly by CenOS 7. We authenticate through FreeIPA only and do not have any local users configured.

There are no errors in secure or audit.log. Authentication shows as successful, but contex I can not find anyone else having this type of issue.

Wydnesdae
  • 1
  • The way this is worded is a bit confusing. Do you mean that you did not intend for users to be unconfined on CentOS 7 machines? In this case check the host groups you have assigned in your SELinux user maps. – Michael Hampton Sep 01 '20 at 19:32
  • Did you clean the client's cache with sss_cache -E? – Andreas Rogge Sep 11 '20 at 11:02

0 Answers0