I went through doc earlier. I can change the access_provider to permit
and
it works but when set to "ad" I get a system error. I can run "id"
and
"getent" and everything works fine. In the sssd_pam.log I get this
"[sssd[pam]] [sss_dp_get_reply] (0x0010): The Data Provider returned an
error [org.freedesktop.sssd.Error.DataProvider.Offline]" when I try to
"su". I have turn debug all the way up and sssd.log is showing all
successes. The domain sssd log has quite a few errors. Most are probably
not relevant. The one it looks to have died on is
[netlogon_get_domain_info] (0x0080): No netlogon site name data available.
[ad_master_domain_netlogon_done] (0x0400): Found flat name [domain].
[ad_master_domain_netlogon_done] (0x0400): Found site [(null)].
[ad_master_domain_netlogon_done] (0x0400): Found forest [
domain.org].
[ad_gpo_site_name_retrieval_done] (0x0040): Cannot retrieve master domain
info
[ad_gpo_process_som_done] (0x0040): Unable to get som list: [2](No such
file or directory)
[sdap_id_op_destroy] (0x4000): releasing operation connection
[ad_gpo_access_done] (0x0040): GPO-based access control failed.
I remember something in the log but couldn't find again, it said something
about the home folder not able to be created but it was created when I ran
with "permitted"