On Thu, May 23, 2019 at 12:04:45PM -0400, Jason Pleau wrote:
Hi.
Some info:
OS: Linux Mint 18 (Ubuntu 16.04)
SSSD version: 1.13.4-1ubuntu1.13 (Downgraded from 1.13.4-1ubuntu1.14
to test is their new update broke something)
AD is on Windows Server (not sure which version).
Everything was working fine until this morning, I'm not aware if
anything changed on the Windows server.
Situation:
If I try to login with an AD user: su myuser(a)domain.com
I see this in log (/var/log/auth.log)
pam_sss(su:auth): authentication success; logname= uid=1005 euid=0
tty=/dev/pts/2 ruser=myuser rhost= user=myuser(a)domain.com
But the shell just hangs there for about 45 seconds and then spits out
"su: Authentication service cannot retrieve authentication info"
I noticed everytime I try this a new line appears in /var/log/sssd/sssd_nss.log:
(Thu May 23 12:02:14 2019) [sssd[nss]] [id_callback] (0x0010): The
Monitor returned an error [org.freedesktop.DBus.Error.NoReply]
if I try a wrong password I immediately get an authentication failure.
Any ideas on what I could try to fix this?
Hi,
looks like the access control step runs into a timeout most probably
because some servers are not reachable.
Which access_provider are you using in sssd.conf?
You can set the debug_level option in the [domain/...] section of
sssd.conf to get more details in the logs after restarting SSSD. I would
start with e.g '5', '9' is the highest level. See also
https://docs.pagure.org/SSSD.sssd/users/troubleshooting.html for more
details.
bye,
Sumit
>
> Thanks.
> _______________________________________________
> sssd-users mailing list -- sssd-users(a)lists.fedorahosted.org
> To unsubscribe send an email to sssd-users-leave(a)lists.fedorahosted.org
> Fedora Code of Conduct:
https://getfedora.org/code-of-conduct.html
> List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahoste...