According to man sssd-ad, the default configuration of sssd should allow cron
jobs to be run:
---
ad_gpo_map_batch (string)
A comma-separated list of PAM service names for which GPO-based
access control is evaluated based on the BatchLogonRight and
DenyBatchLogonRight policy settings.
Note: Using the Group Policy Management Editor this value is
called "Allow log on as a batch job" and "Deny log on as a batch job".
It is possible to add another PAM service name to the default set by
using “+service_name” or to explicitly remove a PAM service name from the
default set by using “-service_name”. For example, in order to replace a
default PAM
service name for this logon right (e.g. “crond”) with a custom pam
service name (e.g. “my_pam_service”), you would use the following
configuration:
ad_gpo_map_batch = +my_pam_service, -crond
Default: the default set of PAM service names includes:
· crond
---
Could it be that the service name in Ubuntu differs from the configured
service name (crond).
>From the log:
Feb 8 10:40:01 host CRON[10308]: pam_sss(cron:account): Access denied for user
someone: 6 (Permission denied)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1572908
Title:
sssd-ad pam_sss(cron:account): Access denied for user
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1572908/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
