On 11/06/2014 09:02 AM, Lukas Slebodnik wrote:
On (06/11/14 08:35), Joschi Brauchle wrote:
> Hello,
>
> trying to log into Xdm on a box with SSSD 1.12.1 with sssd-ad configured and
> a *wrong* passwort results in a "A critical error occured" dialog box, see
> attached screenshot.
>
> This looks very much like SSSD is returning the wrong exit code to PAM (i.e.
> PAM_SYSTEM_ERR instead of PAM_AUTH_ERR like here:
>
https://bugzilla.novell.com/show_bug.cgi?id=779246 for the case of empty
> passwords)
>
PAM_SYSTEM_ERR could be returned from sssd in case of problems with GPO.
By default is GPO in permissive mode, but if rules cannot be downloaded (or any
other problem with GPO) sssd will returned PAM_SYSTEM_ERR. (which was wrong)
The problem is fixed in 1.12.2, but I would need to see sssd log files to be
sure you have the same issue.
LS
I updated the machine to 1.12.2 and tested with
1) ad_gpo_access_control = permissive (i.e. default)
2) ad_gpo_access_control = false
but the problem persists when entering a wrong password.
I will send log files with debug_level=9 off-list as I dont want them in
the list archive...
J Brauchle