I went through doc earlier. I can change the access_provider to permit and
it works but when set to "ad" I get a system error. I can run "id"
and
"getent" and everything works fine. In the sssd_pam.log I get this
"[sssd[pam]] [sss_dp_get_reply] (0x0010): The Data Provider returned an
error [org.freedesktop.sssd.Error.DataProvider.Offline]" when I try to
"su". I have turn debug all the way up and sssd.log is showing all
successes. The domain sssd log has quite a few errors. Most are probably
not relevant. The one it looks to have died on is
[netlogon_get_domain_info] (0x0080): No netlogon site name data available.
[ad_master_domain_netlogon_done] (0x0400): Found flat name [domain].
[ad_master_domain_netlogon_done] (0x0400): Found site [(null)].
[ad_master_domain_netlogon_done] (0x0400): Found forest [
domain.org].
[ad_gpo_site_name_retrieval_done] (0x0040): Cannot retrieve master domain
info
[ad_gpo_process_som_done] (0x0040): Unable to get som list: [2](No such
file or directory)
[sdap_id_op_destroy] (0x4000): releasing operation connection
[ad_gpo_access_done] (0x0040): GPO-based access control failed.
I remember something in the log but couldn't find again, it said something
about the home folder not able to be created but it was created when I ran
with "permitted"
On Mon, Jul 29, 2019 at 12:18 PM Lukas Slebodnik <lslebodn(a)redhat.com>
wrote:
On (29/07/19 12:10), Sherman Lilly wrote:
>I am getting an System Error message when I try to su to an user. I am
>using Ubuntu 18.04 and version 1.16.1-1ubuntu1.3
>
>Jul 29 11:55:17 su[8658]: pam_sss(su:auth): authentication success;
>logname= uid=1000 euid=0 tty=/dev/pts/0 ruser=**** rhost= user=*****
>Jul 29 11:55:17 su[8658]: pam_sss(su:account): Access denied for user
>*****: 4 (System error)
>Jul 29 11:55:17 su[8658]: pam_acct_mgmt: System error
>Jul 29 11:55:17 su[8658]: FAILED su for ***** by *****
The pamm error code 4 (System error) usually means unhandled "exception" in
sssd. There should be more context in sssd log files.
https://docs.pagure.org/SSSD.sssd/users/troubleshooting.html
https://docs.pagure.org/SSSD.sssd/users/troubleshooting.html#troubleshoot...
LS
_______________________________________________
sssd-users mailing list -- sssd-users(a)lists.fedorahosted.org
To unsubscribe send an email to sssd-users-leave(a)lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahoste...