On (16/01/15 07:23), Chris Price wrote: > >Jakub, > >I have two unprivileged accounts configured on this test AD domain I am >using, 'test1' and 'test2'. > >test1's 'unix attributes' tab in AD is set to : uid 10000, gid is 10000 >test2's 'unix attributes' tab in AD is set to : uid 10001, gid is 10000 > >tested scenarios: > >1) Login via ssh with test1 account and run 'su -' or 'su - root' and >supplying the root password when prompted the commands fail with 'incorrect >password'. >2) Login via ssh with test2 account and run 'su -' or 'su - root' and >supplying the root password when prompted the commands fail with 'incorrect >password'. root is not handled by sssd. Are you sure you are using right password? If you are using right password then problem will probably not be in sssd.
>3)Login via ssh with test1 and run 'su - test2' and supply the test2 password >when prompted the command fails with 'incorrect password'. >4) Login via ssh with test2 and run 'su - test1' and supply the test1 >password when prompted the command fails with 'incorrect password' > Did you change file /etc/pam.d/su-l ? Could you attach that file? Is there something interesting in syslog and sssd log files? LS _______________________________________________ sssd-users mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/sssd-users
