On 04/02/2013 06:04 PM, Jakub Hrozek wrote:
On Tue, Apr 02, 2013 at 09:39:19PM +0000, Sutton, Harry (GSSE) wrote:Yes, sorry, I should have confirmed that./HarryOK, then what does /var/log/secure have to say? Do you see pam_sss contacted at all? If so, is anything interesting in /var/log/sssd/*.log ? I use cached authentication all the time here (roaming laptop) w/o any problems, so I rather suspect some configuration issue. We just need to get to the root of the cause :) _______________________________________________ sssd-users mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/sssd-users
Thanks for sticking with me on this, Jakub ;-)Okay, here are the pertinent lines from /var/log/secure from an unsuccessful login attempt when the laptop was not connected to the network:
Apr 3 07:41:52 tobyws gdm-launch-environment][1322]: pam_unix(gdm-launch-environment:session): session opened for user gdm by (uid=0) Apr 3 07:42:07 tobyws polkitd[968]: Registered Authentication Agent for unix-session:1 (system bus name :1.60 [gnome-shell --mode=gdm], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) Apr 3 07:42:36 tobyws gdm-password][1651]: pam_unix(gdm-password:auth): authentication failure; logname=(unknown) uid=0 euid=0 tty=:0 ruser= rhost= user=suttonh Apr 3 07:42:36 tobyws gdm-password][1651]: pam_sss(gdm-password:auth): authentication failure; logname=(unknown) uid=0 euid=0 tty=:0 ruser= rhost= user=suttonh Apr 3 07:42:36 tobyws gdm-password][1651]: pam_sss(gdm-password:auth): received for user suttonh: 9 (Authentication service cannot retrieve authentication info) Apr 3 07:42:36 tobyws gdm-password][1651]: pam_krb5[1651]: authentication fails for 'suttonh' ([email protected]): Authentication service cannot retrieve authentication info (Cannot resolve network address for KDC in requested realm) Here's my sssd.conf file: [sssd] services = nss, pam config_file_version = 2 domains = AMERICAS.CPQCORP.NET debug_level = 0x3780 [domain/AMERICAS.CPQCORP.NET] id_provider = ad fallback_homedir = /home/%u cache_credentials = true debug_level = 0x3780 [nss] debug_level = 0x3780 [pam] debug_level = 0x3780I can provide krb5.conf, smb.conf, and any other configuration or log files you might want to see out of band.
/Harry
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ sssd-users mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/sssd-users
