Hi,
on a Red hat 7.1 machine with latest updates, sssd/realmd authentication
against AD works until I try to use simple_allow_groups, when access is
denied for all with this error:
pam_sss(sshd:account): Access denied for user testuser: 4 (System error)
Setting debug_level = 7, at the end of the log, I see:
(Mon Mar 16 16:57:52 2015) [sssd[be[CERVEDGROUP.COM]]]
[simple_resolve_group_check] (0x1000): The group is still non-POSIX
(Mon Mar 16 16:57:52 2015) [sssd[be[CERVEDGROUP.COM]]]
[simple_resolve_group_done] (0x0040): Refresh failed
(Mon Mar 16 16:57:52 2015) [sssd[be[CERVEDGROUP.COM]]]
[simple_check_get_groups_next] (0x0040): Could not resolve name of group
with GID 684028039
(Mon Mar 16 16:57:52 2015) [sssd[be[CERVEDGROUP.COM]]]
[simple_access_check_done] (0x0040): Could not collect groups of user
testuser
(Mon Mar 16 16:57:52 2015) [sssd[be[CERVEDGROUP.COM]]]
[be_pam_handler_callback] (0x0100): Backend returned: (0, 4, <NULL>)
[Success]
(Mon Mar 16 16:57:52 2015) [sssd[be[CERVEDGROUP.COM]]]
[be_pam_handler_callback] (0x0100): Sending result [
4][MYDOMAIN.COM]
(Mon Mar 16 16:57:52 2015) [sssd[be[CERVEDGROUP.COM]]]
[be_pam_handler_callback] (0x0100): Sent result [
4][MYDOMAIN.COM]
Full log is available but I need to "sanitize" it.
Any help?
Thanks in advance
--
Mimmo