Hi,
I'm trying to authenticate with active-directory users (Windows Server 2008 R2) on my Ubuntu 16.04 workstation.
I used the steps in "SSSD and Active Directory" from the Ubuntu documentation.
Adding the computer-account to active-directory worked.
Running id <active-directory-user> also returns the correct active-directory-groups the user is in.
But I can't login with active-directory-user.
content of /var/log/auth.log:
pam_sss(login:auth): authentication success; logname=LOGIN uid=0 euid=0 tty=/dev/tty1 ruser= rhost= user=<active-directory-user>
pam_sss(login:account): Access denied for user<active-directory-user>: 4 (System error)
output of "service sssd status":
sssd.service - System Security Services Daemon Loaded: loaded (/lib/systemd/system/sssd.service; enabled; vendor preset: enabled) Active: active (running) since Mo 2016-07-25 12:47:37 CEST; 35min ago Process: 1913 ExecStart=/usr/sbin/sssd -D -f (code=exited, status=0/SUCCESS) Main PID: 2088 (sssd) CGroup: /system.slice/sssd.service ├─2088 /usr/sbin/sssd -D -f ├─2092 /usr/lib/x86_64-linux-gnu/sssd/sssd_be --domain DOMAIN.LOCAL --uid 0 --gid 0 --debug-to-files ├─2131 /usr/lib/x86_64-linux-gnu/sssd/sssd_nss --uid 0 --gid 0 --debug-to-files └─2132 /usr/lib/x86_64-linux-gnu/sssd/sssd_pam --uid 0 --gid 0 --debug-to-files
Jul 25 12:49:21 ubuntu16 sssd_be[2092]: GSSAPI client step 1
Thank you very much for any help.
Best Regards Frank