On Fri, Sep 08, 2017 at 07:26:03AM -0000, Sam Weston wrote: > Hi Lukas, > > Sorry for the lack of detail. I was hoping I'd just done something stupid in > the config. I've put it on debug level 6. > > For a successful login (with the network cable connected): > sssd_pam.log: > (Fri Sep 8 08:12:15 2017) [sssd[pam]] [accept_fd_handler] (0x0400): Client > connected to privileged pipe! > (Fri Sep 8 08:12:15 2017) [sssd[pam]] [sss_cmd_get_version] (0x0200): > Received client version [3]. > (Fri Sep 8 08:12:15 2017) [sssd[pam]] [sss_cmd_get_version] (0x0200): > Offered version [3]. > (Fri Sep 8 08:12:15 2017) [sssd[pam]] [pam_cmd_acct_mgmt] (0x0100): entering > pam_cmd_acct_mgmt > (Fri Sep 8 08:12:15 2017) [sssd[pam]] [sss_parse_name_for_domains] (0x0200): > name 'sweston' matched without domain, user is sweston > (Fri Sep 8 08:12:15 2017) [sssd[pam]] [pam_print_data] (0x0100): command: > SSS_PAM_ACCT_MGMT
Is this really the first message in the logs you see for the login attempt? SSS_PAM_ACCT_MGMT is the access control step after a successful authentication. There should be a SSS_PAM_AUTHENTICATE step before because during this step the password is validated and cached. If there is no SSS_PAM_AUTHENTICATE the password is validate by a different pam module. Please check the system logs which pam module might be used here. Are there by chance pam_winbind or pam_krb5 in the pam configuration for gdm-password? bye, Sumit > (Fri Sep 8 08:12:15 2017) [sssd[pam]] [pam_print_data] (0x0100): domain: not > set > (Fri Sep 8 08:12:15 2017) [sssd[pam]] [pam_print_data] (0x0100): user: > sweston > (Fri Sep 8 08:12:15 2017) [sssd[pam]] [pam_print_data] (0x0100): service: > gdm-password > (Fri Sep 8 08:12:15 2017) [sssd[pam]] [pam_print_data] (0x0100): tty: > /dev/tty1 > (Fri Sep 8 08:12:15 2017) [sssd[pam]] [pam_print_data] (0x0100): ruser: not > set > (Fri Sep 8 08:12:15 2017) [sssd[pam]] [pam_print_data] (0x0100): rhost: not > set > (Fri Sep 8 08:12:15 2017) [sssd[pam]] [pam_print_data] (0x0100): authtok > type: 0 > (Fri Sep 8 08:12:15 2017) [sssd[pam]] [pam_print_data] (0x0100): newauthtok > type: 0 > (Fri Sep 8 08:12:15 2017) [sssd[pam]] [pam_print_data] (0x0100): priv: 1 > (Fri Sep 8 08:12:15 2017) [sssd[pam]] [pam_print_data] (0x0100): cli_pid: > 6687 > (Fri Sep 8 08:12:15 2017) [sssd[pam]] [pam_print_data] (0x0100): logon name: > sweston > (Fri Sep 8 08:12:15 2017) [sssd[pam]] [cache_req_send] (0x0400): CR #1: New > request 'Initgroups by name' > (Fri Sep 8 08:12:15 2017) [sssd[pam]] [cache_req_process_input] (0x0400): CR > #1: Parsing input name [sweston] _______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected]
