On Thu, Nov 20, 2014 at 01:46:29AM -0800, Karim wrote: > Hi Team, > i have two forests both working fine in terms of authentication. > I added a user to sudoers from one of the domains and he is getting access > denied. > the user is able to login with no problem, sudo is not working. > in the secure log it shows "account is expired" > > in the SSSD logs it shows error > "attempting to kinit for realm xxxxxx" then > "clients credentials has been revoked" > > i checked the account and it is not expired nor locked. > additionally: I have another account on the same forest which i used to join > to the domain and it is working fine on both authentication and sudoers. > > I also tried ldap_user_principal = no suchattribute and > krb5_use_enterprise_principal = false > but the problem remains. > > what could be the reason behind being able to access and later getting > clients credential revoked for sudoes? > > Thanks > >
I suspect sssd just logged you in offline. Can you run kinit from the command line? _______________________________________________ sssd-users mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/sssd-users
