On (21/11/16 11:38), Longina Przybyszewska wrote:
No, it is not a typo, 'alongina' is my local account - sorry , I should cut it off from the log ;(
Domain user is longina@n.c.domain
As I wrote in previous mail. I cannot see any problem in logs with authentication for this user.
I use following option to turn off gpo : .... ad_gpo_access_control = permissive
That shoudl be enough.
pam_public_domains = all
This option does not have any effect unless you changed pam stack configuration and you use "domains=" together with pam_sss.so
selinux_provider = none
ad doesnot have selinux_provider. So this line didn't change anything.
....
Is it not enough?
LS