https://bugzilla.redhat.com/show_bug.cgi?id=2168743
--- Comment #11 from Chris Miller cjm@tryx.org --- Hi Folks,
Sorry about the above post. It is confused in a detail. "ad_gpo_ignore_unreadable" has no relevance to anything; the setting that determines successful login is "access_provider = ad".
I have not attached the log, because it doesn't show anything we don't already know.
Here is the detail that may be important. From my Fedora workstation, I have been able to logon to the domain with "#access_provider = ad", in spite of "[RID#4] Error (5) on line 16: Equal sign is missing." and I cannot log on to the domain with "access_provider = ad". Notice comment delimiter.
Today, nobody (non-administrators) can log on to the domain from anywhere, most importantly their Windows desktop workstations; the failure is "The sign-in method you're trying to use is not allowed. Please contact network administrator."
Thanks for the help,
Chris.