Hello,
thanks for your help.
I have set the debug_level to 10 in /etc/sssd/sssd.conf, restarted the machine and tried
to login with a domain user.
In /var/log/sssd are now generated log-files (sssd_<DOMAIN>.log, sssd_pam.log, ....)
but all are empty except sssd.log.
sssd.log is attached.
Kind regards.
Frank
-----Ursprüngliche Nachricht-----
Von: Justin Stephenson [mailto:jstephen@redhat.com]
Gesendet: Donnerstag, 28. Juli 2016 17:07
An: End-user discussions about the System Security Services Daemon
Betreff: [SSSD-users] Re: sssd System error
Hello,
We will need to see sssd debug logs of the failed login attempt to diagnose further.
https://fedorahosted.org/sssd/wiki/Troubleshooting
As a general suggestion, you can look for log messages similar to this in
/var/log/sssd/sssd_<domain> and then look just prior to this in the logs for errors.
A message like 'Got request for...<user>' in the logs is when the request
hits the backend and the message below is when the response from the backend is sent back
to the client(PAM)
[be_pam_handler_callback] (0x0100): Backend returned: (0, 4,
<NULL>) [Success]
Kind regards,
Justin Stephenson
On 07/28/2016 10:21 AM, Schiller Frank wrote:
Hi,
I'm trying to authenticate with active-directory users (Windows Server 2008 R2) on my
Ubuntu 16.04 workstation.
I used the steps in "SSSD and Active Directory" from the Ubuntu
documentation.
Adding the computer-account to active-directory worked.
Running id <active-directory-user> also returns the correct active-directory-groups
the user is in.
But I can't login with active-directory-user.
content of /var/log/auth.log:
pam_sss(login:auth): authentication success; logname=LOGIN uid=0
euid=0 tty=/dev/tty1 ruser= rhost= user=<active-directory-user>
pam_sss(login:account): Access denied for user<active-directory-user>:
4 (System error)
output of "service sssd status":
sssd.service - System Security Services Daemon
Loaded: loaded (/lib/systemd/system/sssd.service; enabled; vendor preset: enabled)
Active: active (running) since Mo 2016-07-25 12:47:37 CEST; 35min ago
Process: 1913 ExecStart=/usr/sbin/sssd -D -f (code=exited, status=0/SUCCESS) Main PID:
2088 (sssd)
CGroup: /system.slice/sssd.service
├─2088 /usr/sbin/sssd -D -f
├─2092 /usr/lib/x86_64-linux-gnu/sssd/sssd_be --domain DOMAIN.LOCAL --uid 0
--gid 0 --debug-to-files
├─2131 /usr/lib/x86_64-linux-gnu/sssd/sssd_nss --uid 0 --gid 0
--debug-to-files
└─2132 /usr/lib/x86_64-linux-gnu/sssd/sssd_pam --uid 0
--gid 0 --debug-to-files
Jul 25 12:49:21 ubuntu16 sssd_be[2092]: GSSAPI client step 1
Thank you very much for any help.
Best Regards
Frank
_______________________________________________
sssd-users mailing list
sssd-users(a)lists.fedorahosted.org
https://lists.fedorahosted.org/admin/lists/sssd-users@lists.fedorahost
ed.org
_______________________________________________
sssd-users mailing list
sssd-users(a)lists.fedorahosted.org
https://lists.fedorahosted.org/admin/lists/sssd-users@lists.fedorahosted.org