It seems that issuing command kinit -k COMPUTER$@DOMAIN helped on sssd startup problem.
I am very pleased to notice that I could successfully change passwd online (during ssh session!) which expired for Aduser .
I can login from GUI as localuser 'longina' I can 'su - ADuser' as 'longina' I terminal.
I can not login from GUI as ADuser!!
testuser@a.example.com a\testuser
From auth.log: Jan 27 16:14:48 longina-nb lightdm: pam_unix(lightdm:session): session closed for user longina Jan 27 16:14:49 longina-nb lightdm: pam_unix(lightdm-greeter:session): session opened for user lightdm by (uid=0) Jan 27 16:15:09 longina-nb lightdm: pam_succeed_if(lightdm:auth): requirement "user ingroup nopasswdlogin" not met by user "testuser@a.example.com " Jan 27 16:15:19 longina-nb lightdm: pam_unix(lightdm:auth): authentication failure; logname= uid=0 euid=0 tty=:0 ruser= rhost= user=testuser@a.example.com Jan 27 16:15:20 longina-nb lightdm: pam_sss(lightdm:auth): authentication success; logname= uid=0 euid=0 tty=:0 ruser= rhost= user=testuser@a.example.com ...... Jan 27 16:15:20 longina-nb lightdm: pam_unix(lightdm-greeter:session): session closed for user lightdm Jan 27 16:15:20 longina-nb lightdm: pam_unix(lightdm:session): session opened for user testuser@a.example.com by (uid=0) Jan 27 16:15:20 longina-nb lightdm: pam_unix(lightdm-greeter:session): session opened for user lightdm by (uid=0) Jan 27 16:15:36 longina-nb lightdm: pam_succeed_if(lightdm:auth): requirement "user ingroup nopasswdlogin" not met by user "a\testuser" Jan 27 16:15:46 longina-nb lightdm: pam_unix(lightdm:auth): authentication failure; logname= uid=0 euid=0 tty=:0 ruser= rhost= user=a\testuser Jan 27 16:15:46 longina-nb lightdm: pam_sss(lightdm:auth): authentication success; logname= uid=0 euid=0 tty=:0 ruser= rhost= user=a\testuser Jan 27 16:15:47 longina-nb lightdm: pam_unix(lightdm-greeter:session): session closed for user lightdm Jan 27 16:15:47 longina-nb lightdm: pam_unix(lightdm:session): session opened for user a\testuser by (uid=0) Jan 27 16:15:47 longina-nb lightdm: pam_unix(lightdm-greeter:session): session opened for user lightdm by (uid=0) Jan 27 16:16:14 longina-nb login[1238]: pam_unix(login:session): session opened for user longina by LOGIN(uid=0) Jan 27 16:16:35 longina-nb su[5160]: pam_unix(su:auth): authentication failure; logname=longina uid=1001 euid=0 tty=/dev/tty1 ruser=longina rhost= user=testuser@a.example.com Jan 27 16:16:35 longina-nb su[5160]: pam_sss(su:auth): authentication success; logname=longina uid=1001 euid=0 tty=/dev/tty1 ruser=longina rhost= user=testuser@a.example.con Jan 27 16:16:35 longina-nb su[5160]: Successful su for testuser@a.example.com by longina Jan 27 16:16:35 longina-nb su[5160]: + /dev/tty1 alongina:testuser@a.example.com Jan 27 16:16:35 longina-nb su[5160]: pam_unix(su:session): session opened for user testuser@a.example.com by longina(uid=1001) Jan 27 16:17:01 longina-nb CRON[5203]: pam_unix(cron:session): session opened for user root by (uid=0) Jan 27 16:17:01 longina-nb CRON[5203]: pam_unix(cron:session): session closed for user root
Sssd_pam.log: l(Mon Jan 27 16:42:58 2014) [sssd[pam]] [pam_check_user_search] (0x0400): Returning info for user [testuser@a.example.com] (Mon Jan 27 16:42:58 2014) [sssd[pam]] [pam_dp_send_req] (0x0100): Sending request with the following data: (Mon Jan 27 16:42:58 2014) [sssd[pam]] [pam_print_data] (0x0100): command: PAM_OPEN_SESSION (Mon Jan 27 16:42:58 2014) [sssd[pam]] [pam_print_data] (0x0100): domain: a.example.com (Mon Jan 27 16:42:58 2014) [sssd[pam]] [pam_print_data] (0x0100): user: testuser (Mon Jan 27 16:42:58 2014) [sssd[pam]] [pam_print_data] (0x0100): service: lightdm (Mon Jan 27 16:42:58 2014) [sssd[pam]] [pam_print_data] (0x0100): tty: :0 (Mon Jan 27 16:42:58 2014) [sssd[pam]] [pam_print_data] (0x0100): ruser: not set (Mon Jan 27 16:42:58 2014) [sssd[pam]] [pam_print_data] (0x0100): rhost: not set (Mon Jan 27 16:42:58 2014) [sssd[pam]] [pam_print_data] (0x0100): authtok type: 0 (Mon Jan 27 16:42:58 2014) [sssd[pam]] [pam_print_data] (0x0100): newauthtok type: 0 (Mon Jan 27 16:42:58 2014) [sssd[pam]] [pam_print_data] (0x0100): priv: 1 (Mon Jan 27 16:42:58 2014) [sssd[pam]] [pam_print_data] (0x0100): cli_pid: 5363 (Mon Jan 27 16:42:58 2014) [sssd[pam]] [sbus_add_timeout] (0x2000): 0x12211a0
(Mon Jan 27 16:42:58 2014) [sssd[pam]] [pam_dom_forwarder] (0x0100): pam_dp_send_req returned 0 (Mon Jan 27 16:42:58 2014) [sssd[pam]] [sbus_remove_timeout] (0x2000): 0x12211a0 (Mon Jan 27 16:42:58 2014) [sssd[pam]] [sbus_dispatch] (0x4000): dbus conn: 0x1223050 (Mon Jan 27 16:42:58 2014) [sssd[pam]] [sbus_dispatch] (0x4000): Dispatching. (Mon Jan 27 16:42:58 2014) [sssd[pam]] [pam_dp_process_reply] (0x0100): received: [0][a.example.com] (Mon Jan 27 16:42:58 2014) [sssd[pam]] [pam_reply] (0x0200): pam_reply called with result [0]. (Mon Jan 27 16:42:58 2014) [sssd[pam]] [pam_reply] (0x0200): blen: 29 (Mon Jan 27 16:42:58 2014) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x122d7f0][18] (Mon Jan 27 16:42:58 2014) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x122d7f0][18] (Mon Jan 27 16:42:58 2014) [sssd[pam]] [client_recv] (0x0200): Client disconnected! (Mon Jan 27 16:42:58 2014) [sssd[pam]] [client_destructor] (0x2000): Terminated client [0x122d7f0][18] (Mon Jan 27 16:42:58 2014) [sssd[pam]] [get_client_cred] (0x4000): Client creds: euid[0] egid[0] pid[5616]. (Mon Jan 27 16:42:58 2014) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x121fa20][18] (Mon Jan 27 16:42:58 2014) [sssd[pam]] [accept_fd_handler] (0x0400): Client connected to privileged pipe! (Mon Jan 27 16:42:58 2014) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x121fa20][18] (Mon Jan 27 16:42:58 2014) [sssd[pam]] [sss_cmd_get_version] (0x0200): Received client version [3]. (Mon Jan 27 16:42:58 2014) [sssd[pam]] [sss_cmd_get_version] (0x0200): Offered version [3]. : (Mon Jan 27 16:42:58 2014) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x121fa20][18] (Mon Jan 27 16:42:58 2014) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x121fa20][18] (Mon Jan 27 16:42:58 2014) [sssd[pam]] [pam_cmd_open_session] (0x0100): entering pam_cmd_open_session (Mon Jan 27 16:42:58 2014) [sssd[pam]] [sss_parse_name_for_domains] (0x0200): name 'lightdm' matched without domain, user is lightdm (Mon Jan 27 16:42:58 2014) [sssd[pam]] [sss_parse_name_for_domains] (0x0200): using default domain [(null)] (Mon Jan 27 16:42:58 2014) [sssd[pam]] [pam_print_data] (0x0100): command: PAM_OPEN_SESSION (Mon Jan 27 16:42:58 2014) [sssd[pam]] [pam_print_data] (0x0100): domain: not set (Mon Jan 27 16:42:58 2014) [sssd[pam]] [pam_print_data] (0x0100): user: lightdm (Mon Jan 27 16:42:58 2014) [sssd[pam]] [pam_print_data] (0x0100): service: lightdm-greeter (Mon Jan 27 16:42:58 2014) [sssd[pam]] [pam_print_data] (0x0100): tty: :0 (Mon Jan 27 16:42:58 2014) [sssd[pam]] [pam_print_data] (0x0100): ruser: not set (Mon Jan 27 16:42:58 2014) [sssd[pam]] [pam_print_data] (0x0100): rhost: not set (Mon Jan 27 16:42:58 2014) [sssd[pam]] [pam_print_data] (0x0100): authtok type: 0 (Mon Jan 27 16:42:58 2014) [sssd[pam]] [pam_print_data] (0x0100): newauthtok type: 0 (Mon Jan 27 16:42:58 2014) [sssd[pam]] [pam_print_data] (0x0100): priv: 1 (Mon Jan 27 16:42:58 2014) [sssd[pam]] [pam_print_data] (0x0100): cli_pid: 5616 (Mon Jan 27 16:42:58 2014) [sssd[pam]] [pam_reply] (0x0200): pam_reply called with result [10]. (Mon Jan 27 16:42:58 2014) [sssd[pam]] [pam_reply] (0x0200): blen: 8 (Mon Jan 27 16:42:58 2014) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer e-set for client [0x121fa20][18] (Mon Jan 27 16:42:59 2014) [sssd[pam]] [sbus_dispatch] (0x4000): dbus conn: 0x1220b60 (Mon Jan 27 16:42:59 2014) [sssd[pam]] [sbus_dispatch] (0x4000): Dispatching. (Mon Jan 27 16:42:59 2014) [sssd[pam]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Mon Jan 27 16:43:02 2014) [sssd[pam]] [pam_initgr_cache_remove] (0x2000): [testuser] removed from PAM initgroup cache
Best, Longina
sssd-users@lists.fedorahosted.org