On Tue, Mar 17, 2015 at 12:08:50PM +0100, Domenico Viggiani wrote: > Hi, > on a Red hat 7.1 machine with latest updates, sssd/realmd authentication > against AD works until I try to use simple_allow_groups, when access is > denied for all with this error: > > pam_sss(sshd:account): Access denied for user testuser: 4 (System error) > > Setting debug_level = 7, at the end of the log, I see: > > (Mon Mar 16 16:57:52 2015) [sssd[be[CERVEDGROUP.COM]]] > [simple_resolve_group_check] (0x1000): The group is still non-POSIX > (Mon Mar 16 16:57:52 2015) [sssd[be[CERVEDGROUP.COM]]] > [simple_resolve_group_done] (0x0040): Refresh failed > (Mon Mar 16 16:57:52 2015) [sssd[be[CERVEDGROUP.COM]]] > [simple_check_get_groups_next] (0x0040): Could not resolve name of group > with GID 684028039 > (Mon Mar 16 16:57:52 2015) [sssd[be[CERVEDGROUP.COM]]] > [simple_access_check_done] (0x0040): Could not collect groups of user > testuser > (Mon Mar 16 16:57:52 2015) [sssd[be[CERVEDGROUP.COM]]] > [be_pam_handler_callback] (0x0100): Backend returned: (0, 4, <NULL>) > [Success] > (Mon Mar 16 16:57:52 2015) [sssd[be[CERVEDGROUP.COM]]] > [be_pam_handler_callback] (0x0100): Sending result [4][MYDOMAIN.COM] > (Mon Mar 16 16:57:52 2015) [sssd[be[CERVEDGROUP.COM]]] > [be_pam_handler_callback] (0x0100): Sent result [4][MYDOMAIN.COM] > > Full log is available but I need to "sanitize" it. > > Any help? > Thanks in advance
I thought we solved this bug by ignoring the failures..Pavel, is your patch in 7.1 ? _______________________________________________ sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users
