Thankyou Sumit. I am increasing the log level and am looking at the logs as a login attempt is made.
I am sure there is something simple I need to adjust here. ________________________________ From: Sumit Bose <sb...@redhat.com> Sent: 17 May 2018 10:35:09 To: sssd-users@lists.fedorahosted.org Subject: [SSSD-users] Re: Help with AD password On Thu, May 17, 2018 at 08:22:27AM +0000, JOHE (John Hearns) wrote: > I recently posted to this list regarding a very slow response when getting > the groups for a user. > > The fix was to set > > ldap_schema = rfc2307bis > > > Now 'groups' and 'id' return very quickly. As an aside, is there an easy way > to tell if rfc30172 or rfc3072bis are in operation on a given AD domain? > > > The problem is now that my account cannot log in... My account is valid, and > I can do 'id johe' and 'getent passwd johe' where johe is my account name. I > just can't log in with my password. > > I am almost 100% sure my password is valid, as I can LDAP bind to the AD > controller and perform ldap searches. > > > Any help on debugging this issue is welcome. > > BTW my sAMAccountName is JOHE but I think this is not case sensitive, from > what I can see in the sssd logs. Please have a look at https://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocs.pagure.org%2FSSSD.sssd%2Fusers%2Ftroubleshooting.html&data=01%7C01%7Cjohe%40novozymes.com%7Ca5aa5f9ffd85454921f908d5bbd1211f%7C43d5f49ee03a4d22a2285684196bb001%7C0&sdata=EuZ72a8oJKi9%2FtbmzHpP7aDdc7bGV3%2FNsBLdLaN5HvE%3D&reserved=0. In your case the most interesting log files would be sssd_pam.log and sssd_your.domain.name.log (and krb5_child.log if you use Kerberors authentication). To get the most details here add debug_level=9 to the [pam] and [domain/...] sections of sssd.conf. bye, Sumit > > > > > _______________________________________________ > sssd-users mailing list -- sssd-users@lists.fedorahosted.org > To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org _______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org
_______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org