On Wed, Feb 11, 2015 at 01:20:10PM +0000, Mullan, Allan wrote:
Good afternoon,
I've been playing around with sssd for a while not and it's been great but I've just run into a really weird problem. If I have a user specified in the 'simple_allow_users' configuration directive it works absolutely fine BUT I've got (at least) 2 groups that, for some reason, if the user is a member of these groups the account can't authenticate on my boxes. The groups that I'm having problems with are nothing to do with any simple_allow_groups - they're just normal AD security groups...
Can someone please point me in the right direction on this one or let me know how I can best find out why these groups are affecting sssd? I've been trawling logs but can't seem to find anything obvious.
Thanks, Allan
Did you verify it's actually the pam account phase that's kicking you out?
If yes, then increasing debug_level in the domain section is a good start.
Do the groups show up in the "id" output for the groups?