On Wed, Feb 11, 2015 at 01:20:10PM +0000, Mullan, Allan wrote: > Good afternoon, > > I've been playing around with sssd for a while not and it's been great but > I've just run into a really weird problem. If I have a user specified in the > 'simple_allow_users' configuration directive it works absolutely fine BUT > I've got (at least) 2 groups that, for some reason, if the user is a member > of these groups the account can't authenticate on my boxes. The groups that > I'm having problems with are nothing to do with any simple_allow_groups - > they're just normal AD security groups... > > Can someone please point me in the right direction on this one or let me know > how I can best find out why these groups are affecting sssd? I've been > trawling logs but can't seem to find anything obvious. > > Thanks, > Allan
Did you verify it's actually the pam account phase that's kicking you out? If yes, then increasing debug_level in the domain section is a good start. Do the groups show up in the "id" output for the groups? _______________________________________________ sssd-users mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/sssd-users
