Hi Jakub, Thanks for that. I'll have a look at the patch and see how I get on.
I can't figure out how the GID is retrieved (can't see either of the groups that were giving me grief refer to 1749812073) - if I can get some advice on where the GID is retrieved I can get the SID for you. -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Jakub Hrozek Sent: 11 February 2015 17:14 To: [email protected] Subject: Re: [SSSD-users] sssd not authentication with user in random groups On Wed, Feb 11, 2015 at 03:37:13PM +0100, Lukas Slebodnik wrote: > On (11/02/15 13:39), Mullan, Allan wrote: > >The logs show the following: > > > >(Wed Feb 11 13:36:33 2015) [sssd[be[UK.CorpLAN.net]]] > >[simple_resolve_group_done] (0x0040): Refresh failed (Wed Feb 11 > >13:36:33 2015) [sssd[be[UK.CorpLAN.net]]] > >[simple_check_get_groups_next] (0x0040): Could not resolve name of > >group with GID 1749812073 (Wed Feb 11 13:36:33 2015) > >[sssd[be[UK.CorpLAN.net]]] [simple_access_check_done] (0x0040): Could > >not collect groups of user testuseramm > > > >The secure log is displaying the following: > > > >Feb 11 13:38:40 uksn-test01 sshd[25114]: pam_sss(sshd:account): > > Access denied for user testuseramm: 4 (System error) > ^^^^^^^^^^^^^^^ > It means unexpected error in sssd. It should not happen => it's a bug. > Error code might be result of problem with resolving groups in log file. > > We would need to see your sanitized configuration file and log file > with higher debug level. > > BTW: you did not mention version of sssd. This is a known bug in the simple access provider: https://fedorahosted.org/sssd/ticket/2519 The fix for #2519 is a workaround around the issue which gets rid of the problem, but doesn't fix the root cause. It would be nice to see what SID does the group with GID 1749812073 map to and see what is exactly the search that SSSD performs. _______________________________________________ sssd-users mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/sssd-users _______________________________________________ sssd-users mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/sssd-users
