Hi, on a Red hat 7.1 machine with latest updates, sssd/realmd authentication against AD works until I try to use simple_allow_groups, when access is denied for all with this error:
pam_sss(sshd:account): Access denied for user testuser: 4 (System error)
Setting debug_level = 7, at the end of the log, I see:
(Mon Mar 16 16:57:52 2015) [sssd[be[CERVEDGROUP.COM]]] [simple_resolve_group_check] (0x1000): The group is still non-POSIX (Mon Mar 16 16:57:52 2015) [sssd[be[CERVEDGROUP.COM]]] [simple_resolve_group_done] (0x0040): Refresh failed (Mon Mar 16 16:57:52 2015) [sssd[be[CERVEDGROUP.COM]]] [simple_check_get_groups_next] (0x0040): Could not resolve name of group with GID 684028039 (Mon Mar 16 16:57:52 2015) [sssd[be[CERVEDGROUP.COM]]] [simple_access_check_done] (0x0040): Could not collect groups of user testuser (Mon Mar 16 16:57:52 2015) [sssd[be[CERVEDGROUP.COM]]] [be_pam_handler_callback] (0x0100): Backend returned: (0, 4, <NULL>) [Success] (Mon Mar 16 16:57:52 2015) [sssd[be[CERVEDGROUP.COM]]] [be_pam_handler_callback] (0x0100): Sending result [4][MYDOMAIN.COM] (Mon Mar 16 16:57:52 2015) [sssd[be[CERVEDGROUP.COM]]] [be_pam_handler_callback] (0x0100): Sent result [4][MYDOMAIN.COM]
Full log is available but I need to "sanitize" it.
Any help? Thanks in advance -- Mimmo