I am trying to diagnose a very weird problem. I have SSSD configured to connect to my domain. I have this working.
I can log in with a bunch of accounts, but not all accounts.
For instance.
[root@bscacad3 sssd]# getent passwd andersnj01 andersnj01:*:1533736219:1533633217:andersnj01:/home/bsclogon.buffalostate.edu/andersnj01:/bin/bash
Jan 31 14:44:20 bscacad3 sshd[3641]: Accepted password for andersnj01 from 136.183.201.231 port 58620 ssh2
This accounts (andersnj01) can connect. It is in the same domain security group as the next one.
[root@bscacad3 sssd]# getent passwd kraatzn01 kraatzn01:*:1533844379:1533633217:kraatzn01:/home/bsclogon.buffalostate.edu/kraatzn01:/bin/bash
Jan 31 14:44:37 bscacad3 sshd[3687]: Failed password for kraatzn01 from 136.183.201.231 port 58624 ssh2
This account (kraatzn01) cannot log in. Again they are in the same security group.
Now to throw another layer on this. When I worked with this person directly and connected on the machine they were using, I was able to log in with his user/pass one time. As a matter of fact I could see that account was still logged in until I rebooted the machine, however when I went back to my machine it would refuse the login.
IPTABLES ports are open. All accounts in one security group can log in, some accounts in another security group cannot.
The auth line is:
ad_access_filter = (|(memberOf=CN=Linux_FacStaff,OU=Security Groups,DC=bsclogon,DC=buffalostate,DC=edu)(memberOf=CN=Linux_Student,OU=Security Groups,DC=bsclogon,DC=buffalostate,DC=edu))
both usernames above are part of the Linux_Student security group.
If you need any other conf files or any info, please let me know and I will respond as soon as i can.
sssd-users@lists.fedorahosted.org