On (19/08/17 10:57), Lukas Slebodnik wrote: >I think it would be better to start from scratch: > >Please answer to following question: >Is your local password the same as kerberos password? > >And much simpler would be to test without gdm. > >Please open one console as *root* and run following command > sh# journalctl -f > my_journal_output.log > >Open another console as *ordinary user* and run following commands just with >you user: > > sh$ date > Sat Aug 19 10:41:36 CEST 2017 > > sh$ kdestroy -A > > # use kerberos password for test_user > sh$ su - test_user > Password: > > sh$ klist > Ticket cache: FILE:/tmp/ccache_gjwisq > Default principal: [email protected] > > Valid starting Expires Service principal > 08/19/2017 10:42:17 08/19/2017 20:42:17 krbtgt/[email protected] > > sh$ date > Sat Aug 19 10:42:21 CEST 2017 > > > >Then jump to the 1st terminal and stop command (ctrl-c). >+ run following command > sh# ps aux | grep ss[s] > root 29712 0.0 0.0 277304 9672 ? Ss Aug18 0:00 > /usr/sbin/sssd -i -f > root 29715 0.0 0.0 296268 13240 ? S Aug18 0:00 > /usr/libexec/sssd/sssd_be --domain files.example --uid 0 --gid 0 > --debug-to-files > root 29717 0.0 0.2 282388 33156 ? S Aug18 0:00 > /usr/libexec/sssd/sssd_nss --uid 0 --gid 0 --debug-to-files > root 29718 0.0 0.0 262040 8624 ? S Aug18 0:00 > /usr/libexec/sssd/sssd_pam --uid 0 --gid 0 --debug-to-files > > >And then attach sssd.conf, my_journal_output.log and sssd log files. >
BTW here is the most important part of my_journal_output.log on my system. Aug 19 10:59:19 host.example.com su[32502]: pam_unix(su-l:auth): authentication failure; logname=test_user uid=1000 euid=0 tty=pts/18 ruser=test_user rhost= user=test_user Aug 19 10:59:20 host.example.com su[32502]: pam_sss(su-l:auth): authentication success; logname=test_user uid=1000 euid=0 tty=pts/18 ruser=test_user rhost= user=test_user LS _______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected]
