It does appear to be GPO access, from the gpo_child.log (getting a tarball up somewhere to download also).
(Mon Mar 6 13:18:13 2017) [[sssd[gpo_child[24538]]]] [main] (0x0400): gpo_child started. (Mon Mar 6 13:18:13 2017) [[sssd[gpo_child[24538]]]] [main] (0x0400): context initialized (Mon Mar 6 13:18:13 2017) [[sssd[gpo_child[24538]]]] [unpack_buffer] (0x0400): cached_gpt_version: 327788 (Mon Mar 6 13:18:13 2017) [[sssd[gpo_child[24538]]]] [main] (0x0400): performing smb operations (Mon Mar 6 13:18:13 2017) [[sssd[gpo_child[24538]]]] [copy_smb_file_to_gpo_cache] (0x0400): smb_uri: smb://dc2.internal.example.domain/sysvol/internal.example.domain/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}/GPT.INI (Mon Mar 6 13:18:13 2017) [[sssd[gpo_child[24538]]]] [copy_smb_file_to_gpo_cache] (0x0020): smbc_getFunctionOpen failed [2][No such file or directory] (Mon Mar 6 13:18:13 2017) [[sssd[gpo_child[24538]]]] [perform_smb_operations] (0x0020): copy_smb_file_to_gpo_cache failed [2][No such file or directory] (Mon Mar 6 13:18:13 2017) [[sssd[gpo_child[24538]]]] [main] (0x0020): perform_smb_operations failed.[2][No such file or directory]. (Mon Mar 6 13:18:13 2017) [[sssd[gpo_child[24538]]]] [main] (0x0020): gpo_child failed!
-- Brenden
On Mar 1, 2017, at 02:30, Sumit Bose sbose@redhat.com wrote:
On Tue, Feb 28, 2017 at 09:23:47PM +0100, Jakub Hrozek wrote:
On Tue, Feb 28, 2017 at 01:05:19PM -0600, Brenden Morgenthaler wrote:
We have multiple linux servers configured with SSSD/realmd for authentication to Active Directory. The systems are configured without winbind so using Kerberos to authenticate to the domain. Once SMBv1 was disabled on the domain controller none of the machines could authenticate users. Any idea on why this would happen when we should be configured for kerberos authentication?
No idea, the authentication uses, as you said, Kerberos. Did you already look into SSSD debug logs?
It might be related to reading the GPO files for access control, please check the system logs which PAM step (auth, acct) failed. As Jakub said SSSD debug logs will have more details as well, please see https://fedorahosted.org/sssd/wiki/Troubleshooting for details.
HTH
bye, Sumit
sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org
sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org