On Wed, Oct 09, 2019 at 04:09:39PM -0000, keven jones wrote: > In order to ssh using AD account i had to comment out this line in > password-auth: > > password-auth-ac:account [default=bad success=ok user_unknown=ignore] > pam_sss.so > > prior to doing so i was getting this error in /etc/log/secure: > > pam_sss(sshd:account): Access denied for user : 4 (system error) > > and my ssh session immediately terminated. has anyone else seen this and know > why pam_sss.so is upset?
Hi, there are some error while SSSD tries to determine if the user is allowed to log in or not. To find out what is wrong please add debug_level=9 to the [pam] and [domain/...] sections of /etc/sssd/sssd.conf, restart SSSD, try to log in again and check the sssd_pam.log and sssd_DOMAIN.NAME.log file for errors. Search for 'SSS_PAM_ACCT_MGMT' in the logs, that's the place where the access control checks start or send them. bye, Sumit > > thx! > _______________________________________________ > sssd-users mailing list -- [email protected] > To unsubscribe send an email to [email protected] > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/[email protected] _______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
