On (28/01/18 10:19), Amichai Rotman wrote:
I am having a very annoying problem with SSSD and AD:
I have a lab with 5 Ubuntu 16.04 LTS Desktops clients that I configured to authenticate
with the University's Active Directory.
SSSD is configured with Samba and Kerberos 5.
All was working well when we used Ubuntu 14.04.
If one of the students never logged in before, or was away for more than a week - LightDM
claims the password is incorrect - even if we know for sure it is correct.
I would recommend to check log files based on out troubleshooting page
We have two Active Directory domains, sometimes the same user succeeds
in logging in, other times - not...
I am guessing it has to do with the credential cache (GPO Cache?)
1. Is there a way to check which domains SSSD authenticates against, not read it from
the local configuration?
Not easily with version which is in Ubuntu 16.04 LTS.
You might check ldap connection between sssd and LDAP server with following
lsof -i TCP | grep sssd_be