> > I think the most important log would be the one from the
back end,
> > generated by including debug_level in the [domain] section.
>
> Ok. Will try it.
Attached. Log contains sssd restart as well as a single login attempt. All I see is
"success".
In case DS.FS.FED.US is the correct Kerberos realm, then I'd
suggest to set
the principal to an attribute that doesn't exist. Then the SSSD will try to
'guess' the principal as $username@$realm
Thanks! Changed that too. But for the current test case, I'm using ldap for
authentication.
Bryce
This electronic message contains information generated by the USDA solely for the intended
recipients. Any unauthorized interception of this message or the use or disclosure of the
information it contains may violate the law and subject the violator to civil or criminal
penalties. If you believe you have received this message in error, please notify the
sender and delete the email immediately.