Hi,
I'm trying to authenticate with active-directory users (Windows Server 2008 R2) on my
Ubuntu 16.04 workstation.
I used the steps in "SSSD and Active Directory" from the Ubuntu documentation.
Adding the computer-account to active-directory worked.
Running id <active-directory-user> also returns the correct active-directory-groups
the user is in.
But I can't login with active-directory-user.
content of /var/log/auth.log:
pam_sss(login:auth): authentication success; logname=LOGIN uid=0 euid=0 tty=/dev/tty1
ruser= rhost= user=<active-directory-user>
pam_sss(login:account): Access denied for user<active-directory-user>: 4 (System
error)
output of "service sssd status":
sssd.service - System Security Services Daemon
Loaded: loaded (/lib/systemd/system/sssd.service; enabled; vendor preset: enabled)
Active: active (running) since Mo 2016-07-25 12:47:37 CEST; 35min ago
Process: 1913 ExecStart=/usr/sbin/sssd -D -f (code=exited, status=0/SUCCESS) Main PID:
2088 (sssd)
CGroup: /system.slice/sssd.service
├─2088 /usr/sbin/sssd -D -f
├─2092 /usr/lib/x86_64-linux-gnu/sssd/sssd_be --domain DOMAIN.LOCAL --uid 0
--gid 0 --debug-to-files
├─2131 /usr/lib/x86_64-linux-gnu/sssd/sssd_nss --uid 0 --gid 0
--debug-to-files
└─2132 /usr/lib/x86_64-linux-gnu/sssd/sssd_pam --uid 0 --gid 0
--debug-to-files
Jul 25 12:49:21 ubuntu16 sssd_be[2092]: GSSAPI client step 1
Thank you very much for any help.
Best Regards
Frank
Show replies by date