On Fri, Sep 08, 2017 at 07:26:03AM -0000, Sam Weston wrote:
Hi Lukas,
Sorry for the lack of detail. I was hoping I'd just done something stupid in the
config. I've put it on debug level 6.
For a successful login (with the network cable connected):
sssd_pam.log:
(Fri Sep 8 08:12:15 2017) [sssd[pam]] [accept_fd_handler] (0x0400): Client connected to
privileged pipe!
(Fri Sep 8 08:12:15 2017) [sssd[pam]] [sss_cmd_get_version] (0x0200): Received client
version [3].
(Fri Sep 8 08:12:15 2017) [sssd[pam]] [sss_cmd_get_version] (0x0200): Offered version
[3].
(Fri Sep 8 08:12:15 2017) [sssd[pam]] [pam_cmd_acct_mgmt] (0x0100): entering
pam_cmd_acct_mgmt
(Fri Sep 8 08:12:15 2017) [sssd[pam]] [sss_parse_name_for_domains] (0x0200): name
'sweston' matched without domain, user is sweston
(Fri Sep 8 08:12:15 2017) [sssd[pam]] [pam_print_data] (0x0100): command:
SSS_PAM_ACCT_MGMT
Is this really the first message in the logs you see for the
login attempt?
SSS_PAM_ACCT_MGMT is the access control step after a successful
authentication. There should be a SSS_PAM_AUTHENTICATE step before
because during this step the password is validated and cached.
If there is no SSS_PAM_AUTHENTICATE the password is validate by a
different pam module. Please check the system logs which pam module
might be used here. Are there by chance pam_winbind or pam_krb5 in the
pam configuration for gdm-password?
bye,
Sumit
> (Fri Sep 8 08:12:15 2017) [sssd[pam]] [pam_print_data] (0x0100): domain: not set
> (Fri Sep 8 08:12:15 2017) [sssd[pam]] [pam_print_data] (0x0100): user: sweston
> (Fri Sep 8 08:12:15 2017) [sssd[pam]] [pam_print_data] (0x0100): service:
gdm-password
> (Fri Sep 8 08:12:15 2017) [sssd[pam]] [pam_print_data] (0x0100): tty: /dev/tty1
> (Fri Sep 8 08:12:15 2017) [sssd[pam]] [pam_print_data] (0x0100): ruser: not set
> (Fri Sep 8 08:12:15 2017) [sssd[pam]] [pam_print_data] (0x0100): rhost: not set
> (Fri Sep 8 08:12:15 2017) [sssd[pam]] [pam_print_data] (0x0100): authtok type: 0
> (Fri Sep 8 08:12:15 2017) [sssd[pam]] [pam_print_data] (0x0100): newauthtok type: 0
> (Fri Sep 8 08:12:15 2017) [sssd[pam]] [pam_print_data] (0x0100): priv: 1
> (Fri Sep 8 08:12:15 2017) [sssd[pam]] [pam_print_data] (0x0100): cli_pid: 6687
> (Fri Sep 8 08:12:15 2017) [sssd[pam]] [pam_print_data] (0x0100): logon name:
sweston
> (Fri Sep 8 08:12:15 2017) [sssd[pam]] [cache_req_send] (0x0400): CR #1: New request
'Initgroups by name'
> (Fri Sep 8 08:12:15 2017) [sssd[pam]] [cache_req_process_input] (0x0400): CR #1:
Parsing input name [sweston]