On Thu, May 17, 2018 at 08:22:27AM +0000, JOHE (John Hearns) wrote:
> I recently posted to this list regarding a very slow response when getting 
> the groups for a user.
> 
> The fix was to set
> 
> ldap_schema = rfc2307bis
> 
> 
> Now 'groups' and 'id' return very quickly.  As an aside, is there an easy way 
> to tell if rfc30172 or rfc3072bis are in operation on a given AD domain?
> 
> 
> The problem is now that my account cannot log in... My account is valid, and 
> I can do 'id johe' and 'getent passwd johe' where johe is my account name. I 
> just can't log in with my password.
> 
> I am almost 100% sure my password is valid, as I can LDAP bind to the AD 
> controller and perform ldap searches.
> 
> 
> Any help on debugging this issue is welcome.
> 
> BTW my sAMAccountName is JOHE  but I think this is not case sensitive, from 
> what I can see in the sssd logs.

Please have a look at
https://docs.pagure.org/SSSD.sssd/users/troubleshooting.html.

In your case the most interesting log files would be sssd_pam.log and
sssd_your.domain.name.log (and krb5_child.log if you use Kerberors
authentication). To get the most details here add debug_level=9 to the
[pam] and [domain/...] sections of sssd.conf.

bye,
Sumit

> 
> 
> 
> 

> _______________________________________________
> sssd-users mailing list -- sssd-users@lists.fedorahosted.org
> To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org
_______________________________________________
sssd-users mailing list -- sssd-users@lists.fedorahosted.org
To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org

Reply via email to