On (19/08/17 10:57), Lukas Slebodnik wrote:
>I think it would be better to start from scratch:
>
>Please answer to following question:
>Is your local password the same as kerberos password?
>
>And much simpler would be to test without gdm.
BTW here is the most important part of my_journal_output.log>
>Please open one console as *root* and run following command
> sh# journalctl -f > my_journal_output.log
>
>Open another console as *ordinary user* and run following commands just with you user:
>
> sh$ date
> Sat Aug 19 10:41:36 CEST 2017
>
> sh$ kdestroy -A
>
> # use kerberos password for test_user
> sh$ su - test_user
> Password:
>
> sh$ klist
> Ticket cache: FILE:/tmp/ccache_gjwisq
> Default principal: test_user@EXAMPLE.COM
>
> Valid starting Expires Service principal
> 08/19/2017 10:42:17 08/19/2017 20:42:17 krbtgt/EXAMPLE.COM@EXAMPLE.COM
>
> sh$ date
> Sat Aug 19 10:42:21 CEST 2017
>
>
>
>Then jump to the 1st terminal and stop command (ctrl-c).
>+ run following command
> sh# ps aux | grep ss[s]
> root 29712 0.0 0.0 277304 9672 ? Ss Aug18 0:00 /usr/sbin/sssd -i -f
> root 29715 0.0 0.0 296268 13240 ? S Aug18 0:00 /usr/libexec/sssd/sssd_be --domain files.example --uid 0 --gid 0 --debug-to-files
> root 29717 0.0 0.2 282388 33156 ? S Aug18 0:00 /usr/libexec/sssd/sssd_nss --uid 0 --gid 0 --debug-to-files
> root 29718 0.0 0.0 262040 8624 ? S Aug18 0:00 /usr/libexec/sssd/sssd_pam --uid 0 --gid 0 --debug-to-files
>
>
>And then attach sssd.conf, my_journal_output.log and sssd log files.
>
on my system.
Aug 19 10:59:19 host.example.com su[32502]: pam_unix(su-l:auth): authentication failure; logname=test_user uid=1000 euid=0 tty=pts/18 ruser=test_user rhost= user=test_user
Aug 19 10:59:20 host.example.com su[32502]: pam_sss(su-l:auth): authentication success; logname=test_user uid=1000 euid=0 tty=pts/18 ruser=test_user rhost= user=test_user
LS
_______________________________________________
sssd-users mailing list -- sssd-users@lists.fedorahosted.org
To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org