Am 28.08.2014 16:44, schrieb Rowland Penny:
On 28/08/14 15:41, Stefan Schäfer wrote:
Am 28.08.2014 16:18, schrieb Lukas Slebodnik:
Could you put debug_level = 7 into domain section (in
/etc/sssd/sssd.conf)
then restart sssd; login as samba user;
You should find a reason in sssd_invis-ad.loc.log file (/var/log/sssd) why sssd returned 4 (System error)
I increased the debug_level to 7, but in the sssd_invis-ad.loc.log didn't appear a single entry.
The same is to the other log files sssd_pam.log and sssd_nss.log. The only log are these in /var/log/messages.
Seems that for sssd everything is ok and pam causes the problem?
Stefan
You need to put the debug level into each section of the sssd.conf, not just once.
Rowland
sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users
OK, look better ;-)
Here's the log extract:
(Thu Aug 28 16:51:23 2014) [sssd[be[invis-ad.loc]]] [be_get_account_info] (0x0100): Got request for [4097][1][name=hbecker] (Thu Aug 28 16:51:23 2014) [sssd[be[invis-ad.loc]]] [be_req_set_domain] (0x0400): Changing request domain from [invis-ad.loc] to [invis-ad.loc] (Thu Aug 28 16:51:23 2014) [sssd[be[invis-ad.loc]]] [sdap_search_user_next_base] (0x0400): Searching for users with base [DC=invis-ad,DC=loc] (Thu Aug 28 16:51:23 2014) [sssd[be[invis-ad.loc]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(&(sAMAccountName=hbecker)(objectclass=user)(sAMAccountName=*)(&(uidNumber=*)(!(uidNumber=0))))][DC=invis-ad,DC=loc]. (Thu Aug 28 16:51:23 2014) [sssd[be[invis-ad.loc]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [objectClass] (Thu Aug 28 16:51:23 2014) [sssd[be[invis-ad.loc]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [sAMAccountName] (Thu Aug 28 16:51:23 2014) [sssd[be[invis-ad.loc]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [unixUserPassword] (Thu Aug 28 16:51:23 2014) [sssd[be[invis-ad.loc]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [uidNumber] (Thu Aug 28 16:51:23 2014) [sssd[be[invis-ad.loc]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [gidNumber] (Thu Aug 28 16:51:23 2014) [sssd[be[invis-ad.loc]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [gecos] (Thu Aug 28 16:51:23 2014) [sssd[be[invis-ad.loc]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [unixHomeDirectory] (Thu Aug 28 16:51:23 2014) [sssd[be[invis-ad.loc]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [loginShell] (Thu Aug 28 16:51:23 2014) [sssd[be[invis-ad.loc]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [userPrincipalName] (Thu Aug 28 16:51:23 2014) [sssd[be[invis-ad.loc]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [name] (Thu Aug 28 16:51:23 2014) [sssd[be[invis-ad.loc]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [memberOf] (Thu Aug 28 16:51:23 2014) [sssd[be[invis-ad.loc]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [objectGUID] (Thu Aug 28 16:51:23 2014) [sssd[be[invis-ad.loc]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [objectSID] (Thu Aug 28 16:51:23 2014) [sssd[be[invis-ad.loc]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [primaryGroupID] (Thu Aug 28 16:51:23 2014) [sssd[be[invis-ad.loc]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [whenChanged] (Thu Aug 28 16:51:23 2014) [sssd[be[invis-ad.loc]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [uSNChanged] (Thu Aug 28 16:51:23 2014) [sssd[be[invis-ad.loc]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [accountExpires] (Thu Aug 28 16:51:23 2014) [sssd[be[invis-ad.loc]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [userAccountControl] (Thu Aug 28 16:51:23 2014) [sssd[be[invis-ad.loc]]] [sdap_parse_entry] (0x1000): OriginalDN: [CN=Heinz Becker,CN=Users,DC=invis-ad,DC=loc]. (Thu Aug 28 16:51:23 2014) [sssd[be[invis-ad.loc]]] [sdap_get_generic_ext_done] (0x0400): Search result: Success(0), no errmsg set (Thu Aug 28 16:51:23 2014) [sssd[be[invis-ad.loc]]] [sdap_search_user_process] (0x0400): Search for users, returned 1 results. (Thu Aug 28 16:51:23 2014) [sssd[be[invis-ad.loc]]] [sdap_save_user] (0x0400): Save user (Thu Aug 28 16:51:23 2014) [sssd[be[invis-ad.loc]]] [sdap_get_primary_name] (0x0400): Processing object hbecker (Thu Aug 28 16:51:23 2014) [sssd[be[invis-ad.loc]]] [sdap_save_user] (0x0400): Processing user hbecker (Thu Aug 28 16:51:23 2014) [sssd[be[invis-ad.loc]]] [sdap_save_user] (0x0400): Original memberOf is not available for [hbecker]. (Thu Aug 28 16:51:23 2014) [sssd[be[invis-ad.loc]]] [sdap_save_user] (0x0400): Adding user principal [hbecker@INVIS-AD.LOC] to attributes of [hbecker]. (Thu Aug 28 16:51:23 2014) [sssd[be[invis-ad.loc]]] [sdap_save_user] (0x0400): Storing info for user hbecker (Thu Aug 28 16:51:23 2014) [sssd[be[invis-ad.loc]]] [acctinfo_callback] (0x0100): Request processed. Returned 0,0,Success (Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]] [be_get_account_info] (0x0100): Got request for [3][1][name=hbecker] (Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]] [be_req_set_domain] (0x0400): Changing request domain from [invis-ad.loc] to [invis-ad.loc] (Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]] [sdap_get_initgr_next_base] (0x0400): Searching for users with base [DC=invis-ad,DC=loc] (Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(&(sAMAccountName=hbecker)(objectclass=user)(&(uidNumber=*)(!(uidNumber=0))))][DC=invis-ad,DC=loc]. (Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [objectClass] (Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [sAMAccountName] (Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [unixUserPassword] (Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [uidNumber] (Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [gidNumber] (Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [gecos] (Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [unixHomeDirectory] (Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [loginShell] (Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [userPrincipalName] (Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [name] (Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [memberOf] (Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [objectGUID] (Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [objectSID] (Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [primaryGroupID] (Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [whenChanged] (Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [uSNChanged] (Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [accountExpires] (Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [userAccountControl] (Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]] [sdap_parse_entry] (0x1000): OriginalDN: [CN=Heinz Becker,CN=Users,DC=invis-ad,DC=loc]. (Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]] [sdap_get_generic_ext_done] (0x0400): Search result: Success(0), no errmsg set (Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]] [sdap_save_user] (0x0400): Save user (Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]] [sdap_get_primary_name] (0x0400): Processing object hbecker (Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]] [sdap_save_user] (0x0400): Processing user hbecker (Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]] [sdap_save_user] (0x0400): Original memberOf is not available for [hbecker]. (Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]] [sdap_save_user] (0x0400): Adding user principal [hbecker@INVIS-AD.LOC] to attributes of [hbecker]. (Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]] [sdap_save_user] (0x0400): Storing info for user hbecker (Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [no filter][CN=Heinz Becker,CN=Users,DC=invis-ad,DC=loc]. (Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [tokenGroups] (Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]] [sdap_parse_entry] (0x1000): OriginalDN: [CN=Heinz Becker,CN=Users,DC=invis-ad,DC=loc]. (Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]] [sdap_get_generic_ext_done] (0x0400): Search result: Success(0), no errmsg set (Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]] [sdap_ad_tokengroups_initgr_posix_tg_done] (0x1000): Processing membership SID [S-1-5-21-2977797608-3586008738-4122126317-513] (Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]] [sdap_ad_tokengroups_initgr_posix_tg_done] (0x1000): Processing membership SID [S-1-5-32-545] (Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]] [sdap_ad_tokengroups_initgr_posix_tg_done] (0x0080): Domain not found for SID S-1-5-32-545 (Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]] [sdap_ad_tokengroups_update_members] (0x1000): Updating memberships for [hbecker] (Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]] [sdap_get_groups_next_base] (0x0400): Searching for groups with base [DC=invis-ad,DC=loc] (Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(&(gidNumber=10000)(objectclass=group)(name=*)(&(gidNumber=*)(!(gidNumber=0))))][DC=invis-ad,DC=loc]. (Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [objectClass] (Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [name] (Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [gidNumber] (Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [member] (Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [objectGUID] (Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [objectSID] (Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [whenChanged] (Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [uSNChanged] (Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [groupType] (Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]] [sdap_parse_entry] (0x1000): OriginalDN: [CN=Domain Users,CN=Users,DC=invis-ad,DC=loc]. (Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]] [sdap_get_generic_ext_done] (0x0400): Search result: Success(0), no errmsg set (Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]] [sdap_get_groups_process] (0x0400): Search for groups, returned 1 results. (Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]] [sdap_has_deref_support] (0x0400): The server supports deref method ASQ (Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]] [sdap_nested_group_recv] (0x0400): 0 users found in the hash table (Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]] [sdap_nested_group_recv] (0x0400): 1 groups found in the hash table (Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]] [sdap_get_primary_name] (0x0400): Processing object Domain Users (Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]] [sdap_save_group] (0x0400): Processing group Domain Users (Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]] [sdap_process_ghost_members] (0x0400): The group has 0 members (Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]] [sdap_process_ghost_members] (0x0400): Group has 0 members (Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]] [sdap_save_group] (0x0400): Storing info for group Domain Users (Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]] [sdap_get_primary_name] (0x0400): Processing object Domain Users (Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]] [sdap_save_grpmem] (0x0400): Processing group Domain Users (Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]] [sdap_save_grpmem] (0x0400): Adding member users to group [Domain Users] (Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]] [acctinfo_callback] (0x0100): Request processed. Returned 0,0,Success (Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]] [be_req_set_domain] (0x0400): Changing request domain from [invis-ad.loc] to [invis-ad.loc] (Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]] [be_pam_handler] (0x0100): Got request with the following data (Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]] [pam_print_data] (0x0100): command: PAM_AUTHENTICATE (Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]] [pam_print_data] (0x0100): domain: invis-ad.loc (Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]] [pam_print_data] (0x0100): user: hbecker (Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]] [pam_print_data] (0x0100): service: login (Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]] [pam_print_data] (0x0100): tty: tty2 (Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]] [pam_print_data] (0x0100): ruser: (Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]] [pam_print_data] (0x0100): rhost: (Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]] [pam_print_data] (0x0100): authtok type: 1 (Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]] [pam_print_data] (0x0100): newauthtok type: 0 (Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]] [pam_print_data] (0x0100): priv: 1 (Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]] [pam_print_data] (0x0100): cli_pid: 18269 (Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]] [krb5_pam_handler] (0x1000): Wait queue of user [hbecker] is empty, running request immediately. (Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]] [switch_creds] (0x0200): Switch user to [10000][10000]. (Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]] [switch_creds] (0x0200): Switch user to [0][0]. (Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]] [fo_resolve_service_send] (0x0100): Trying to resolve service 'AD' (Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]] [get_server_status] (0x1000): Status of server 'invisad.invis-ad.loc' is 'working' (Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]] [get_port_status] (0x1000): Port status of port 0 for server 'invisad.invis-ad.loc' is 'working' (Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]] [get_server_status] (0x1000): Status of server 'invisad.invis-ad.loc' is 'working' (Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]] [be_resolve_server_process] (0x1000): Saving the first resolved server (Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]] [be_resolve_server_process] (0x0200): Found address for server invisad.invis-ad.loc: [192.168.201.10] TTL 7200 (Thu Aug 28 16:51:27 2014) [sssd[be[invis-ad.loc]]] [write_pipe_handler] (0x0400): All data has been sent! (Thu Aug 28 16:51:28 2014) [sssd[be[invis-ad.loc]]] [read_pipe_handler] (0x0400): EOF received, client finished (Thu Aug 28 16:51:28 2014) [sssd[be[invis-ad.loc]]] [check_wait_queue] (0x1000): Wait queue for user [hbecker] is empty. (Thu Aug 28 16:51:28 2014) [sssd[be[invis-ad.loc]]] [be_pam_handler_callback] (0x0100): Backend returned: (0, 4, <NULL>) [Success] (Thu Aug 28 16:51:28 2014) [sssd[be[invis-ad.loc]]] [be_pam_handler_callback] (0x0100): Sending result [4][invis-ad.loc] (Thu Aug 28 16:51:28 2014) [sssd[be[invis-ad.loc]]] [be_pam_handler_callback] (0x0100): Sent result [4][invis-ad.loc] (Thu Aug 28 16:51:28 2014) [sssd[be[invis-ad.loc]]] [be_req_set_domain] (0x0400): Changing request domain from [invis-ad.loc] to [invis-ad.loc] (Thu Aug 28 16:51:28 2014) [sssd[be[invis-ad.loc]]] [be_pam_handler] (0x0100): Got request with the following data (Thu Aug 28 16:51:28 2014) [sssd[be[invis-ad.loc]]] [pam_print_data] (0x0100): command: PAM_ACCT_MGMT (Thu Aug 28 16:51:28 2014) [sssd[be[invis-ad.loc]]] [pam_print_data] (0x0100): domain: invis-ad.loc (Thu Aug 28 16:51:28 2014) [sssd[be[invis-ad.loc]]] [pam_print_data] (0x0100): user: hbecker (Thu Aug 28 16:51:28 2014) [sssd[be[invis-ad.loc]]] [pam_print_data] (0x0100): service: login (Thu Aug 28 16:51:28 2014) [sssd[be[invis-ad.loc]]] [pam_print_data] (0x0100): tty: tty2 (Thu Aug 28 16:51:28 2014) [sssd[be[invis-ad.loc]]] [pam_print_data] (0x0100): ruser: (Thu Aug 28 16:51:28 2014) [sssd[be[invis-ad.loc]]] [pam_print_data] (0x0100): rhost: (Thu Aug 28 16:51:28 2014) [sssd[be[invis-ad.loc]]] [pam_print_data] (0x0100): authtok type: 0 (Thu Aug 28 16:51:28 2014) [sssd[be[invis-ad.loc]]] [pam_print_data] (0x0100): newauthtok type: 0 (Thu Aug 28 16:51:28 2014) [sssd[be[invis-ad.loc]]] [pam_print_data] (0x0100): priv: 1 (Thu Aug 28 16:51:28 2014) [sssd[be[invis-ad.loc]]] [pam_print_data] (0x0100): cli_pid: 18269 (Thu Aug 28 16:51:28 2014) [sssd[be[invis-ad.loc]]] [sdap_access_send] (0x0400): Performing access check for user [hbecker] (Thu Aug 28 16:51:28 2014) [sssd[be[invis-ad.loc]]] [sdap_account_expired_ad] (0x0400): Performing AD access check for user [hbecker] (Thu Aug 28 16:51:28 2014) [sssd[be[invis-ad.loc]]] [ad_gpo_connect_done] (0x0400): sam_account_name is invisad.invis-ad.loc$ (Thu Aug 28 16:51:28 2014) [sssd[be[invis-ad.loc]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(&(objectclass=user)(sAMAccountName=invisad.invis-ad.loc$))][dc=invis-ad,dc=loc]. (Thu Aug 28 16:51:28 2014) [sssd[be[invis-ad.loc]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [distinguishedName] (Thu Aug 28 16:51:28 2014) [sssd[be[invis-ad.loc]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [userAccountControl] (Thu Aug 28 16:51:28 2014) [sssd[be[invis-ad.loc]]] [sdap_get_generic_ext_done] (0x0400): Search result: Success(0), no errmsg set (Thu Aug 28 16:51:28 2014) [sssd[be[invis-ad.loc]]] [ad_gpo_target_dn_retrieval_done] (0x0040): No DN retrieved for policy target. (Thu Aug 28 16:51:28 2014) [sssd[be[invis-ad.loc]]] [ad_gpo_access_done] (0x0040): GPO-based access control failed. (Thu Aug 28 16:51:28 2014) [sssd[be[invis-ad.loc]]] [be_pam_handler_callback] (0x0100): Backend returned: (3, 4, No such file or directory) [Internal Error (System error)] (Thu Aug 28 16:51:28 2014) [sssd[be[invis-ad.loc]]] [be_pam_handler_callback] (0x0100): Sending result [4][invis-ad.loc] (Thu Aug 28 16:51:28 2014) [sssd[be[invis-ad.loc]]] [be_pam_handler_callback] (0x0100): Sent result [4][invis-ad.loc] (Thu Aug 28 16:51:28 2014) [sssd[be[invis-ad.loc]]] [child_sig_handler] (0x1000): Waiting for child [18288]. (Thu Aug 28 16:51:28 2014) [sssd[be[invis-ad.loc]]] [child_sig_handler] (0x0100): child [18288] finished successfully.
Seems that there is a problem with Group-Policies. I haven’t set any Group-Policies.
Any Idea how to get this working?
Stefan