This sounds like a bug, could you follow
https://docs.pagure.org/SSSD.sssd/users/troubleshooting.html, gather logs from
the pam and domain sections and post them here? If the password is expired,
then pam_sss should send a message to the login manager which the login manager
The logs would at least show if the deamon is sending the message to pam_sss…
> On 21 Dec 2017, at 09:39, Johan Vermeulen via FreeIPA-users
> <firstname.lastname@example.org> wrote:
> Hello All,
> We run some 200 Centos7/Mate laptops, since last year they authenticate
> against freeipa.
> Lightdm/Mate are installed using epel repo.
> On Centos7.3/Lightdm 1.10.6-4.el7 things were al right, when a password
> expired, users would get the passwd expired field, the "new password" field
> en warnings if the made a mistake.
> Since upgrading to Centos7.4/Lightdm 1.25.0-1.el7 things go terribly wrong.
> Users very often get no warning if a password expired, just an authentication
> Or they get no message at all.
> If at that point you got to tty....and log in you do get the warnings on the
> command line.
> The log files /var/log/secure also give clear password expired messages, only
> the user sees nothing.
> This is a big problem because users cannot login and cannot work without
> Many thanks for any help.
> Greetings, J.
> FreeIPA-users mailing list -- email@example.com
> To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
FreeIPA-users mailing list -- firstname.lastname@example.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org