On Thu, Nov 06, 2014 at 05:08:35PM +0100, Joschi Brauchle wrote:
On 11/06/2014 09:02 AM, Lukas Slebodnik wrote:
>On (06/11/14 08:35), Joschi Brauchle wrote:
>>Hello,
>>
>>trying to log into Xdm on a box with SSSD 1.12.1 with sssd-ad configured and
>>a *wrong* passwort results in a "A critical error occured" dialog box,
see
>>attached screenshot.
>>
>>This looks very much like SSSD is returning the wrong exit code to PAM (i.e.
>>PAM_SYSTEM_ERR instead of PAM_AUTH_ERR like here:
>>https://bugzilla.novell.com/show_bug.cgi?id=779246 for the case of empty
>>passwords)
>>
>PAM_SYSTEM_ERR could be returned from sssd in case of problems with GPO.
>By default is GPO in permissive mode, but if rules cannot be downloaded (or any
>other problem with GPO) sssd will returned PAM_SYSTEM_ERR. (which was wrong)
>
>The problem is fixed in 1.12.2, but I would need to see sssd log files to be
>sure you have the same issue.
>
>LS
I updated the machine to 1.12.2 and tested with
1) ad_gpo_access_control = permissive (i.e. default)
2) ad_gpo_access_control = false
but the problem persists when entering a wrong password.
I will send log files with debug_level=9 off-list as I dont want them in the
list archive...
J Brauchle
Thank you for the logs!
This thread sounds a bit similar and also you reminded me to take a look
into it again as we're changing the krb5_child code anyway:
https://patchwork.acksyn.org/patch/7382/