It does appear to be GPO access, from the gpo_child.log (getting a tarball up somewhere to
download also).
(Mon Mar 6 13:18:13 2017) [[sssd[gpo_child[24538]]]] [main] (0x0400): gpo_child started.
(Mon Mar 6 13:18:13 2017) [[sssd[gpo_child[24538]]]] [main] (0x0400): context
initialized
(Mon Mar 6 13:18:13 2017) [[sssd[gpo_child[24538]]]] [unpack_buffer] (0x0400):
cached_gpt_version: 327788
(Mon Mar 6 13:18:13 2017) [[sssd[gpo_child[24538]]]] [main] (0x0400): performing smb
operations
(Mon Mar 6 13:18:13 2017) [[sssd[gpo_child[24538]]]] [copy_smb_file_to_gpo_cache]
(0x0400): smb_uri:
smb://dc2.internal.example.domain/sysvol/internal.example.domain/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}/GPT.INI
(Mon Mar 6 13:18:13 2017) [[sssd[gpo_child[24538]]]] [copy_smb_file_to_gpo_cache]
(0x0020): smbc_getFunctionOpen failed [2][No such file or directory]
(Mon Mar 6 13:18:13 2017) [[sssd[gpo_child[24538]]]] [perform_smb_operations] (0x0020):
copy_smb_file_to_gpo_cache failed [2][No such file or directory]
(Mon Mar 6 13:18:13 2017) [[sssd[gpo_child[24538]]]] [main] (0x0020):
perform_smb_operations failed.[2][No such file or directory].
(Mon Mar 6 13:18:13 2017) [[sssd[gpo_child[24538]]]] [main] (0x0020): gpo_child failed!
--
Brenden
On Mar 1, 2017, at 02:30, Sumit Bose <sbose(a)redhat.com> wrote:
On Tue, Feb 28, 2017 at 09:23:47PM +0100, Jakub Hrozek wrote:
> On Tue, Feb 28, 2017 at 01:05:19PM -0600, Brenden Morgenthaler wrote:
>> We have multiple linux servers configured with SSSD/realmd for authentication to
Active Directory. The systems are configured without winbind so using Kerberos to
authenticate to the domain. Once SMBv1 was disabled on the domain controller none of the
machines could authenticate users. Any idea on why this would happen when we should be
configured for kerberos authentication?
>
> No idea, the authentication uses, as you said, Kerberos. Did you already
> look into SSSD debug logs?
It might be related to reading the GPO files for access control, please
check the system logs which PAM step (auth, acct) failed. As Jakub said
SSSD debug logs will have more details as well, please see
https://fedorahosted.org/sssd/wiki/Troubleshooting for details.
HTH
bye,
Sumit
> _______________________________________________
> sssd-users mailing list -- sssd-users(a)lists.fedorahosted.org
> To unsubscribe send an email to sssd-users-leave(a)lists.fedorahosted.org
_______________________________________________
sssd-users mailing list -- sssd-users(a)lists.fedorahosted.org
To unsubscribe send an email to sssd-users-leave(a)lists.fedorahosted.org