After an update to Ubuntu Xenial, sssd_pam always fails with a system error(4) error.
Dec 18 20:07:22 sv5cismfgcr01 sshd[27263]: pam_sss(sshd:auth): authentication success; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.11.129 user=mccanta Dec 18 20:07:22 sv5cismfgcr01 sshd[27263]: pam_sss(sshd:account): Access denied for user mccanta: 4 (System error)
I have debug_level 10 logs I can send. Didn't want to post thos to the mailing list.
Jay
You should file a bug in Ubuntu, specially if downgrading to the previous package fixes the problem for you.
On Dec 18, 2017 18:10, "Jay McCanta" J.McCanta@f5.com wrote:
After an update to Ubuntu Xenial, sssd_pam always fails with a system error(4) error.
Dec 18 20:07:22 sv5cismfgcr01 sshd[27263]: pam_sss(sshd:auth): authentication success; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.11.129 user=mccanta Dec 18 20:07:22 sv5cismfgcr01 sshd[27263]: pam_sss(sshd:account): Access denied for user mccanta: 4 (System error)
I have debug_level 10 logs I can send. Didn't want to post thos to the mailing list.
Jay
sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org
We found out it has to do with GPO. With ad_gpo_access_control = enforcing
we get failures (system error 4 with no indication in the logs it was GPO in any way).
ad_gpo_access_control = permissive
and all is well. I’ll open a ticket with Canonical.
From: Andreas Hasenack [mailto:andreas@canonical.com] Sent: Monday, December 18, 2017 2:48 PM To: End-user discussions about the System Security Services Daemon sssd-users@lists.fedorahosted.org Subject: [SSSD-users] Re: Ubuntu Xenial failures
EXTERNAL MAIL: sssd-users-bounces@lists.fedorahosted.orgmailto:sssd-users-bounces@lists.fedorahosted.org You should file a bug in Ubuntu, specially if downgrading to the previous package fixes the problem for you.
On Dec 18, 2017 18:10, "Jay McCanta" <J.McCanta@f5.commailto:J.McCanta@f5.com> wrote: After an update to Ubuntu Xenial, sssd_pam always fails with a system error(4) error.
Dec 18 20:07:22 sv5cismfgcr01 sshd[27263]: pam_sss(sshd:auth): authentication success; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.11.129 user=mccanta Dec 18 20:07:22 sv5cismfgcr01 sshd[27263]: pam_sss(sshd:account): Access denied for user mccanta: 4 (System error)
I have debug_level 10 logs I can send. Didn't want to post thos to the mailing list.
Jay
_______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.orgmailto:sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.orgmailto:sssd-users-leave@lists.fedorahosted.org
On Mon, Dec 18, 2017 at 10:51:55PM +0000, Jay McCanta wrote:
We found out it has to do with GPO. With ad_gpo_access_control = enforcing
we get failures (system error 4 with no indication in the logs it was GPO in any way).
ad_gpo_access_control = permissive
and all is well. I’ll open a ticket with Canonical.
Feel free to add the link to the ticket here, perhaps this is an upstream bug that was not fixed yet (or maybe the Canonical developers will open a bug upstream..)
sssd-users@lists.fedorahosted.org
-
Andreas Hasenack -
Jakub Hrozek -
Jay McCanta