On Wed, Dec 14, 2016 at 08:55:15PM +0000, Thomas Beaudry wrote:
Hi Everyone,
i have been able to get sssd to work so i can login with my AD credentials to a workstation and through ssh, however I am running into a problem. Whenever a new user tries to login to a ubuntu workstation for the first time it doesn't allow them. I am guessing the login screen doesn't contact the windows AD to check credentials (so maybe sssd hasn't been started yet). I currently have sssd managing the following services: pam, ssh, autofs, and nss. The workaround that I have found is to ssh to that machine from another machine with the AD credentials that I would like to use, and then when I reset the machine i am able to use those credentials at the login screen. Is there a better way?
Do I get it correctly that you can't login through a graphical login manager but you can login with the same user with ssh and then you can login with the gui manager as well?
I'm not sure I can answer without seeing some logs but the things I would look for would be: - is pam_sss contacted at all when you log in with the gui login manager? - what kind of error does pam_sss return if you log in with the gui manager? - what is in sssd logs in that case?