Hello all,

I am having a very annoying problem with SSSD and AD:

I have a lab with 5 Ubuntu 16.04 LTS Desktops clients that I configured to authenticate with the University's Active Directory.

SSSD is configured with Samba and Kerberos 5.

All was working well when we used Ubuntu 14.04.

The Problem:

If one of the students never logged in before, or was away for more than a week - LightDM claims the password is incorrect - even if we know for sure it is correct.

We have two Active Directory domains, sometimes the same user succeeds in logging in, other times - not...

I am guessing it has to do with the credential cache (GPO Cache?)

1. Is there a way to check which domains SSSD authenticates against, not read it from the local configuration? 2. Is there a command to manually force an enumeration - I mean, refresh the cache from the AD to enable a student to log in at that given time?

This problem is bugging me for more than a month! It is really frustrating....

Thanks!

Amichai.

[1502369097122_erez6.png]

����� ����� - ���� ������ ������ �������� ������������

������� ����� ������ ������