On (05/04/19 21:47), Mike Hughes wrote: >I used realm join and experienced one successful graphical login but then >updated the system to the latest version and now cannot login. I can su to the >account, run id user on the account so AD lookups seem to be working, but >getent passwd returns only local accounts (not sure if that’s a symptom of a >problem or not). > >This is what I see in journalctl: > >journalctl -q _TRANSPORT=audit | grep "mike\"" >Apr 05 11:53:41 my-hostname.internal.domain.com audit[3352]: USER_AUTH >pid=3352 uid=0 auid=4294967295 ses=4294967295 >subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 msg='op=PAM:authentication >grantors=pam_succeed_if,pam_succeed_if,pam_sss,pam_gnome_keyring acct="mike" >exe="/usr/libexec/gdm-session-worker" hostname=my-hostname.internal.domain.com >addr=? terminal=/dev/tty1 res=success' >Apr 05 11:53:41 my-hostname.internal.domain.com audit[3352]: USER_ACCT >pid=3352 uid=0 auid=4294967295 ses=4294967295 >subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=? >acct="mike" exe="/usr/libexec/gdm-session-worker" >hostname=my-hostname.internal.domain.com addr=? terminal=/dev/tty1 res=failed' >
Access control failed here. You should find more info in sssd.log files after increasing debug_level in domain section of ssd.conf https://docs.pagure.org/SSSD.sssd/users/troubleshooting.html#troubleshooting-general-authentication-problems LS _______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
