On Thu, May 23, 2019 at 12:04:45PM -0400, Jason Pleau wrote: > Hi. > > Some info: > > OS: Linux Mint 18 (Ubuntu 16.04) > > SSSD version: 1.13.4-1ubuntu1.13 (Downgraded from 1.13.4-1ubuntu1.14 > to test is their new update broke something) > > AD is on Windows Server (not sure which version). > > Everything was working fine until this morning, I'm not aware if > anything changed on the Windows server. > > Situation: > > If I try to login with an AD user: su [email protected] > > I see this in log (/var/log/auth.log) > > pam_sss(su:auth): authentication success; logname= uid=1005 euid=0 > tty=/dev/pts/2 ruser=myuser rhost= [email protected] > > But the shell just hangs there for about 45 seconds and then spits out > "su: Authentication service cannot retrieve authentication info" > > I noticed everytime I try this a new line appears in > /var/log/sssd/sssd_nss.log: > > (Thu May 23 12:02:14 2019) [sssd[nss]] [id_callback] (0x0010): The > Monitor returned an error [org.freedesktop.DBus.Error.NoReply] > > if I try a wrong password I immediately get an authentication failure. > > Any ideas on what I could try to fix this?
Hi, looks like the access control step runs into a timeout most probably because some servers are not reachable. Which access_provider are you using in sssd.conf? You can set the debug_level option in the [domain/...] section of sssd.conf to get more details in the logs after restarting SSSD. I would start with e.g '5', '9' is the highest level. See also https://docs.pagure.org/SSSD.sssd/users/troubleshooting.html for more details. bye, Sumit > > Thanks. > _______________________________________________ > sssd-users mailing list -- [email protected] > To unsubscribe send an email to [email protected] > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/[email protected] _______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
