On (11/02/15 13:20), Mullan, Allan wrote:
Good afternoon,
I've been playing around with sssd for a while not and it's been great but I've just run into a really weird problem. If I have a user specified in the 'simple_allow_users' configuration directive it works absolutely fine BUT I've got (at least) 2 groups that, for some reason, if the user is a member of these groups the account can't authenticate on my boxes. The groups that I'm having problems with are nothing to do with any simple_allow_groups - they're just normal AD security groups...
Can someone please point me in the right direction on this one or let me know how I can best find out why these groups are affecting sssd? I've been trawling logs but can't seem to find anything obvious.
Which version of sssd do you use?
Which pam return code was returned?
I would suggest to start debugging with small debug level (0x00F0) and then you can increase to full debug level (0xFFF0)
If you have alredy log files with full debug level it is easy to filter the most critical with grep command.
grep -E "(0x00[1-9]0)" sssd_domain.log
LS