On Thu, Nov 06, 2014 at 05:08:35PM +0100, Joschi Brauchle wrote: > On 11/06/2014 09:02 AM, Lukas Slebodnik wrote: > >On (06/11/14 08:35), Joschi Brauchle wrote: > >>Hello, > >> > >>trying to log into Xdm on a box with SSSD 1.12.1 with sssd-ad configured and > >>a *wrong* passwort results in a "A critical error occured" dialog box, see > >>attached screenshot. > >> > >>This looks very much like SSSD is returning the wrong exit code to PAM (i.e. > >>PAM_SYSTEM_ERR instead of PAM_AUTH_ERR like here: > >>https://bugzilla.novell.com/show_bug.cgi?id=779246 for the case of empty > >>passwords) > >> > >PAM_SYSTEM_ERR could be returned from sssd in case of problems with GPO. > >By default is GPO in permissive mode, but if rules cannot be downloaded (or > >any > >other problem with GPO) sssd will returned PAM_SYSTEM_ERR. (which was wrong) > > > >The problem is fixed in 1.12.2, but I would need to see sssd log files to be > >sure you have the same issue. > > > >LS > > I updated the machine to 1.12.2 and tested with > > 1) ad_gpo_access_control = permissive (i.e. default) > 2) ad_gpo_access_control = false > > but the problem persists when entering a wrong password. > > I will send log files with debug_level=9 off-list as I dont want them in the > list archive... > > J Brauchle >
Thank you for the logs! This thread sounds a bit similar and also you reminded me to take a look into it again as we're changing the krb5_child code anyway: https://patchwork.acksyn.org/patch/7382/ _______________________________________________ sssd-users mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/sssd-users
