I am trying to diagnose a very weird problem. I have SSSD configured to connect to my domain. I have this working.
I can log in with a bunch of accounts, but not all accounts.
[root@bscacad3 sssd]# getent passwd andersnj01
Jan 31 14:44:20 bscacad3 sshd: Accepted password for andersnj01 from 18.104.22.168 port 58620 ssh2
This accounts (andersnj01) can connect. It is in the same domain security group as the next one.
[root@bscacad3 sssd]# getent passwd kraatzn01
Jan 31 14:44:37 bscacad3 sshd: Failed password for kraatzn01 from 22.214.171.124 port 58624 ssh2
This account (kraatzn01) cannot log in. Again they are in the same security group.
Now to throw another layer on this. When I worked with this person directly and connected on the machine they were using, I was able to log in with his user/pass one time. As a matter of fact I could see that account was still logged in until I rebooted the machine, however when I went back to my machine it would refuse the login.
IPTABLES ports are open. All accounts in one security group can log in, some accounts in another security group cannot.
The auth line is:
ad_access_filter = (|(memberOf=CN=Linux_FacStaff,OU=Security Groups,DC=bsclogon,DC=buffalostate,DC=edu)(memberOf=CN=Linux_Student,OU=Security Groups,DC=bsclogon,DC=buffalostate,DC=edu))
both usernames above are part of the Linux_Student security group.
If you need any other conf files or any info, please let me know and I will respond as soon as i can.
Edit: I am sending this again, I am sorry about this. IT says i didnt post anything, and I do not see it in the list of posted. It this is moderated and it is posted 2 times, please disregard this one. Again new user, posting on website, sorry for the inconvenience.