On Thu, May 17, 2018 at 08:22:27AM +0000, JOHE (John Hearns) wrote: > I recently posted to this list regarding a very slow response when getting > the groups for a user. > > The fix was to set > > ldap_schema = rfc2307bis > > > Now 'groups' and 'id' return very quickly. As an aside, is there an easy way > to tell if rfc30172 or rfc3072bis are in operation on a given AD domain? > > > The problem is now that my account cannot log in... My account is valid, and > I can do 'id johe' and 'getent passwd johe' where johe is my account name. I > just can't log in with my password. > > I am almost 100% sure my password is valid, as I can LDAP bind to the AD > controller and perform ldap searches. > > > Any help on debugging this issue is welcome. > > BTW my sAMAccountName is JOHE but I think this is not case sensitive, from > what I can see in the sssd logs.
Please have a look at https://docs.pagure.org/SSSD.sssd/users/troubleshooting.html. In your case the most interesting log files would be sssd_pam.log and sssd_your.domain.name.log (and krb5_child.log if you use Kerberors authentication). To get the most details here add debug_level=9 to the [pam] and [domain/...] sections of sssd.conf. bye, Sumit > > > > > _______________________________________________ > sssd-users mailing list -- [email protected] > To unsubscribe send an email to [email protected] _______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected]
