[SSSD-users] Re: [SSSD-users]��: Re: The Direct Integration between SSSD and Active Directory , Access Control via GPO, logon to server failed uncertain

12 Jul 2017


      On Tue, Jul 11, 2017 at 07:22:41AM +0000, 程 波 wrote:
...
程 波 已与你共享 OneDrive 文件。若要查看，请单击下面的链接。
https://1drv.ms/u/s!AnBXPe2fk7BFjDE6MV_iHeIJ6Xub
[https://r1.res.office365.com/owa/prem/images/dc-generic_20.png]https://1drv.ms/u/s!AnBXPe2fk7BFjDE6MV_iHeIJ6Xub
sssd_mydomain.com.loghttps://1drv.ms/u/s!AnBXPe2fk7BFjDE6MV_iHeIJ6Xub
the debug log attached.
From the debug logs:
(Tue Jul 11 15:08:25 2017) [sssd[be[mydomain.com]]] [gpo_cse_done] (0x0020): ad_gpo_parse_gpo_child_response failed: [22][Invalid argument]
(Tue Jul 11 15:08:25 2017) [sssd[be[mydomain.com]]] [ad_gpo_cse_done] (0x0400): gpo_guid: {241B7E35-2AA1-4004-A82B-DA333FE6DC2C}
(Tue Jul 11 15:08:25 2017) [sssd[be[mydomain.com]]] [ad_gpo_cse_done] (0x0040): Unable to retrieve policy data: [22](Invalid argument}
(Tue Jul 11 15:08:25 2017) [sssd[be[mydomain.com]]] [ad_gpo_access_done] (0x0040): GPO-based access control failed.
(Tue Jul 11 15:08:25 2017) [sssd[be[mydomain.com]]] [dp_req_done] (0x0400): DP Request [PAM Account #3]: Request handler finished [0]: Success
(Tue Jul 11 15:08:25 2017) [sssd[be[mydomain.com]]] [_dp_req_recv] (0x0400): DP Request [PAM Account #3]: Receiving request data.
(Tue Jul 11 15:08:25 2017) [sssd[be[mydomain.com]]] [dp_req_destructor] (0x0400): DP Request [PAM Account #3]: Request removed.
(Tue Jul 11 15:08:25 2017) [sssd[be[mydomain.com]]] [dp_req_destructor] (0x0400): Number of active DP request: 0
(Tue Jul 11 15:08:25 2017) [sssd[be[mydomain.com]]] [dp_method_enabled] (0x0400): Target selinux is not configured
(Tue Jul 11 15:08:25 2017) [sssd[be[mydomain.com]]] [dp_pam_reply] (0x1000): DP Request [PAM Account #3]: Sending result [4][mydomain.com]
So there was some error during access control. If you are not using GPO
access control from your Windows domain, then you can disable the GPO
processing with:
    ad_gpo_access_control = permissive
I don't know specifically what causes the error. Maybe Michal knows?

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

[SSSD-users] Re: [SSSD-users]��: Re: The Direct Integration between SSSD and Active Directory , Access Control via GPO, logon to server failed uncertain

[SSSD-users] Re: [SSSD-users]����: Re: The Direct Integration between SSSD and Active Directory , Access Control via GPO, logon to server failed uncertain

[SSSD-users] Re: [SSSD-users]��: Re: The Direct Integration between SSSD and Active Directory , Access Control via GPO, logon to server failed uncertain