It does appear to be GPO access, from the gpo_child.log (getting a tarball up
somewhere to download also).
(Mon Mar 6 13:18:13 2017) [[sssd[gpo_child[24538]]]] [main] (0x0400):
gpo_child started.
(Mon Mar 6 13:18:13 2017) [[sssd[gpo_child[24538]]]] [main] (0x0400): context
initialized
(Mon Mar 6 13:18:13 2017) [[sssd[gpo_child[24538]]]] [unpack_buffer] (0x0400):
cached_gpt_version: 327788
(Mon Mar 6 13:18:13 2017) [[sssd[gpo_child[24538]]]] [main] (0x0400):
performing smb operations
(Mon Mar 6 13:18:13 2017) [[sssd[gpo_child[24538]]]]
[copy_smb_file_to_gpo_cache] (0x0400): smb_uri:
smb://dc2.internal.example.domain/sysvol/internal.example.domain/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}/GPT.INI
(Mon Mar 6 13:18:13 2017) [[sssd[gpo_child[24538]]]]
[copy_smb_file_to_gpo_cache] (0x0020): smbc_getFunctionOpen failed [2][No such
file or directory]
(Mon Mar 6 13:18:13 2017) [[sssd[gpo_child[24538]]]] [perform_smb_operations]
(0x0020): copy_smb_file_to_gpo_cache failed [2][No such file or directory]
(Mon Mar 6 13:18:13 2017) [[sssd[gpo_child[24538]]]] [main] (0x0020):
perform_smb_operations failed.[2][No such file or directory].
(Mon Mar 6 13:18:13 2017) [[sssd[gpo_child[24538]]]] [main] (0x0020):
gpo_child failed!
--
Brenden
> On Mar 1, 2017, at 02:30, Sumit Bose <[email protected]> wrote:
>
> On Tue, Feb 28, 2017 at 09:23:47PM +0100, Jakub Hrozek wrote:
>> On Tue, Feb 28, 2017 at 01:05:19PM -0600, Brenden Morgenthaler wrote:
>>> We have multiple linux servers configured with SSSD/realmd for
>>> authentication to Active Directory. The systems are configured without
>>> winbind so using Kerberos to authenticate to the domain. Once SMBv1 was
>>> disabled on the domain controller none of the machines could authenticate
>>> users. Any idea on why this would happen when we should be configured for
>>> kerberos authentication?
>>
>> No idea, the authentication uses, as you said, Kerberos. Did you already
>> look into SSSD debug logs?
>
> It might be related to reading the GPO files for access control, please
> check the system logs which PAM step (auth, acct) failed. As Jakub said
> SSSD debug logs will have more details as well, please see
> https://fedorahosted.org/sssd/wiki/Troubleshooting for details.
>
> HTH
>
> bye,
> Sumit
>
>> _______________________________________________
>> sssd-users mailing list -- [email protected]
>> To unsubscribe send an email to [email protected]
> _______________________________________________
> sssd-users mailing list -- [email protected]
> To unsubscribe send an email to [email protected]
_______________________________________________
sssd-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
