Add required PAM rule after pam_systemd.so #2074
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Coverage report
This PR does not seem to contain any modification to coverable code. |
|
The PAM configuration file looks correct dshadmin@shm-daimyo-sre-oda-vm-workspace-01:~$ cat /etc/pam.d/common-session
#
# Updated by Ansible - 2024-08-02T15:26:32.746577
# /etc/pam.d/common-session - session-related modules common to all services
#
# This file is included from other service-specific PAM config files,
# and should contain a list of modules that define tasks to be performed
# at the start and end of interactive sessions.
#
# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
# To take advantage of this, it is recommended that you configure any
# local modules either before or after the default block, and use
# pam-auth-update to manage selection of other modules. See
# pam-auth-update(8) for details.
# here are the per-package modules (the "Primary" block)
session [default=1] pam_permit.so
# here's the fallback if no module succeeds
session requisite pam_deny.so
# prime the stack with a positive return value if there isn't one already;
# this avoids us returning an error just because nothing sets a success code
# since the modules above will each just jump around
session required pam_permit.so
# The pam_umask module will set the umask according to the system default in
# /etc/login.defs and user settings, solving the problem of different
# umask settings with different shells, display managers, remote sessions etc.
# See "man pam_umask".
session optional pam_umask.so
# and here are more per-package modules (the "Additional" block)
session required pam_unix.so
session [success=ok default=ignore] pam_ldap.so minimum_uid=1000
session optional pam_systemd.so
session optional pam_mkhomedir.so skel=/etc/skel umask=0022 |
|
In testing, I can't see any workspaces on Guacamole when logged in with a registered user. Ansible has run without error, so I would assume LDAP is configured correctly (at least in the same was as on develop). The deployment ran without errors so I would hope Apricot, Entra, Guac are configured correctly. Possible problems,
(@craddm @jemrobinson for your information) |
|
Can you check for any suspicious log output in the I think that the remote desktop container needs to be restarted in order to get Guacamole to read updated data from the database - this should be done as part of |
|
I just deployed
|
|
Great @craddm 🎉 Does works absolutely fine mean,
Oh, could that be related to the changes in #2054 @jemrobinson ? |
|
Yes, confirm both: I can login as a Guacamole user, and the contents of |
|
Added a new user to I added a new user to Bunch of |
|
@craddm It seems to be working then, could you review? |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
✅ Checklist
Enable foobar integrationrather than515 foobar).develop.🚦 Depends on
🌂 Related issues
Closes #2051
🔬 Tests