I'm having an issue where using SSSD it will not bring up a full desktop when using GDM. It seems to get to where it appears to be loading the desktop, then X crashes/stops then reloads GDM.
If i login via SSH or console, it works fine, i can even drop to runlevel 3, and then run startx as the (AD) user, and i get a full GUI.
Local accounts can login fine via GDM, and domain accounts can login fine via SSH/Console.
At first I suspected SELinux, however after running in permissive, re-labelling, etc. there seems to be no change at all.
Interestingly enough, i previously was just using winbind + krb5 for authentication to AD, and even reverting back from SSSD to plain winbind/krb5 gives the same issue, while before enabling SSSD it worked fine. [edit1] I was able to figure out that having SSS in my nsswitch.conf before winbind was causing this, and switching back to winbind as a source worked fine. just having sss as a provider in nsswitch horked it up. 🙁
[edit2]
It appears to only show up when i add sss as a provider in /etc/nsswitch.conf . If i use winbind there, SSS will perform PAM authentication, but the primary reason for me using SSSD(cached AD authentication) is circumvented.
The following lines in /var/log/secure seem pertinent(and shows authentication was successful), but I've been unable to get any answers from the oracle.
pam: gdm-password: pam_unix(gdm-password:session): session opened for user {USER} by (uid=0)
polkitd(authority=local): Unregistered Authentication Agent for session /org/freedesktop/ConsoleKit/Session1 (system bus name :1.27, object path /org/gnome/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) (disconnected from bus)
pam: gdm-password: pam_unix(gdm-password:session): session closed for user {USER}
Best Answer
For some reason I can't comment on your question...
Make sure your SSSD is up to date. I had lots of problems with SSSD being not up to date on RHEL (including some strange issues with
su).