thanks for helping me out.
It works in the console. when an expired user logs in via ctl-alt-f.... he
gets all the warnings.
I will try to increase pam verbosity and report back.
2018-01-08 14:59 GMT+01:00 Jakub Hrozek <jhro...@redhat.com>:
> On Mon, Jan 08, 2018 at 11:27:47AM +0100, Johan Vermeulen wrote:
> > Hello All,
> > I "ve set up a new machine for this test and increased the log levels to
> > Config for Freeipa-client is done with ipa-client-install, I use chrony
> > stead of ntp and Selinux is enabled.
> > When user logs in /var/log/secure indicates:
> > [root@node1 ~]# tail -f /var/log/secure
> > Jan 5 09:27:17 node1 lightdm: pam_sss(lightdm:auth): received for user
> > jvanvlasselaer: 7 (Authentication failure)
> > Jan 5 09:27:29 node1 lightdm: pam_sss(lightdm:auth): authentication
> > failure; logname= uid=0 euid=0 tty=:0 ruser= rhost= user=jvanvlasselaer
> > Jan 5 09:27:29 node1 lightdm: pam_sss(lightdm:auth): received for user
> > jvanvlasselaer: 12 (Authentication token is no longer valid; new one
> > required)
> > Jan 5 09:27:29 node1 lightdm: pam_sss(lightdm:account): User info
> > Password expired. Change your password now.
> > Jan 5 09:27:29 node1 lightdm: pam_unix(lightdm:chauthtok): user
> > "jvanvlasselaer" does not exist in /etc/passwd
> > But the lightdm gui screen indicates nothing.
> > (Fri Jan 5 09:27:29 2018) [sssd[pam]] [pam_dp_process_reply] (0x0200):
> > received: [12 (Authenticatietoken is niet langer geldig; nieuwe is
> > vereist)][network.cawdekempen.be]
> > (Fri Jan 5 09:27:29 2018) [sssd[pam]] [pam_reply] (0x0200): pam_reply
> > called with result : Authenticatietoken is niet langer geldig; nieuwe
> > is vereist.
> > (Fri Jan 5 09:27:29 2018) [sssd[pam]] [filter_responses] (0x0100):
> > [pam_response_filter] not available, not fatal.
> > (Fri Jan 5 09:27:29 2018) [sssd[pam]] [pam_reply] (0x0200): blen: 39
> Here I at least see that the message did reach the sssd_pam process and I
> don't see anything that would indicate that the message was filtered out
> (OTOH, the debugging is not stellar in this area of code..)
> I've never used lightdm, did you maybe test with some other login
> method, like login to the console or su from another non-root user?
> Does it help to increase pam_verbosity in the [pam] section (see man
> sssd.conf for a description) ?
FreeIPA-users mailing list -- firstname.lastname@example.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org