Thanks for that. I'll have a look at the patch and see how I get on.
I can't figure out how the GID is retrieved (can't see either of the groups that
were giving me grief refer to 1749812073) - if I can get some advice on where the GID is
retrieved I can get the SID for you.
[mailto:firstname.lastname@example.org] On Behalf Of Jakub Hrozek
Sent: 11 February 2015 17:14
Subject: Re: [SSSD-users] sssd not authentication with user in random groups
On Wed, Feb 11, 2015 at 03:37:13PM +0100, Lukas Slebodnik wrote:
On (11/02/15 13:39), Mullan, Allan wrote:
>The logs show the following:
>(Wed Feb 11 13:36:33 2015) [sssd[be[UK.CorpLAN.net]]]
>[simple_resolve_group_done] (0x0040): Refresh failed (Wed Feb 11
>13:36:33 2015) [sssd[be[UK.CorpLAN.net]]]
>[simple_check_get_groups_next] (0x0040): Could not resolve name of
>group with GID 1749812073 (Wed Feb 11 13:36:33 2015)
>[sssd[be[UK.CorpLAN.net]]] [simple_access_check_done] (0x0040): Could
>not collect groups of user testuseramm
>The secure log is displaying the following:
>Feb 11 13:38:40 uksn-test01 sshd: pam_sss(sshd:account):
> Access denied for user testuseramm: 4 (System error)
It means unexpected error in sssd. It should not happen => it's a bug.
Error code might be result of problem with resolving groups in log file.
We would need to see your sanitized configuration file and log file
with higher debug level.
BTW: you did not mention version of sssd.
This is a known bug in the simple access provider:
The fix for #2519 is a workaround around the issue which gets rid of the problem, but
doesn't fix the root cause.
It would be nice to see what SID does the group with GID 1749812073 map to and see what is
exactly the search that SSSD performs.
sssd-users mailing list