"(in addition to any included in installed backends)" That list is just the internal special providers. The "installed backends" are those for "ldap" and "kerberos".
What do you see in /var/log/secure when doing that authentication that fails? Is it showing just pam_sss.so:auth or is it also getting to pam_sss.so:acct? If it's just doing 'auth', then the result 'invalid password' is probably just coming back from Active Directory. One more thing to try: As a user who has been set "change password on next login", perform a kinit at the command line (with 'kinit user@REALM'. See if that user is prompted to change his/her password there, or if it's simply refused. If it's refused, then the problem is with Active Directory. (If it's not returning KRB5KDC_ERR_KEY_EXP, then we can't tell the user they need to change the password). -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/915386 Title: SSSD/AD 2008 and Password Change To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/915386/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
