I went through doc earlier. I can change the access_provider to permit and it works but when set to "ad" I get a system error. I can run "id" and "getent" and everything works fine. In the sssd_pam.log I get this "[sssd[pam]] [sss_dp_get_reply] (0x0010): The Data Provider returned an error [org.freedesktop.sssd.Error.DataProvider.Offline]" when I try to "su". I have turn debug all the way up and sssd.log is showing all successes. The domain sssd log has quite a few errors. Most are probably not relevant. The one it looks to have died on is
[netlogon_get_domain_info] (0x0080): No netlogon site name data available. [ad_master_domain_netlogon_done] (0x0400): Found flat name [domain]. [ad_master_domain_netlogon_done] (0x0400): Found site [(null)]. [ad_master_domain_netlogon_done] (0x0400): Found forest [domain.org]. [ad_gpo_site_name_retrieval_done] (0x0040): Cannot retrieve master domain info [ad_gpo_process_som_done] (0x0040): Unable to get som list: [2](No such file or directory) [sdap_id_op_destroy] (0x4000): releasing operation connection [ad_gpo_access_done] (0x0040): GPO-based access control failed. I remember something in the log but couldn't find again, it said something about the home folder not able to be created but it was created when I ran with "permitted" On Mon, Jul 29, 2019 at 12:18 PM Lukas Slebodnik <lsleb...@redhat.com> wrote: > On (29/07/19 12:10), Sherman Lilly wrote: > >I am getting an System Error message when I try to su to an user. I am > >using Ubuntu 18.04 and version 1.16.1-1ubuntu1.3 > > > >Jul 29 11:55:17 su[8658]: pam_sss(su:auth): authentication success; > >logname= uid=1000 euid=0 tty=/dev/pts/0 ruser=**** rhost= user=***** > >Jul 29 11:55:17 su[8658]: pam_sss(su:account): Access denied for user > >*****: 4 (System error) > >Jul 29 11:55:17 su[8658]: pam_acct_mgmt: System error > >Jul 29 11:55:17 su[8658]: FAILED su for ***** by ***** > > The pamm error code 4 (System error) usually means unhandled "exception" in > sssd. There should be more context in sssd log files. > https://docs.pagure.org/SSSD.sssd/users/troubleshooting.html > > https://docs.pagure.org/SSSD.sssd/users/troubleshooting.html#troubleshooting-authentication-password-change-and-access-control > > LS > _______________________________________________ > sssd-users mailing list -- sssd-users@lists.fedorahosted.org > To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org >
_______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org
