On (04/12/15 10:00), Edouard Guigné wrote:
Hello,
I am also using sssd with other linux like Scientifc Linux 6.5
On this linux, sssd is 1.12.4, I set "ad_gpo_access_control = disabled"
in order to not get "Warning: user would have been denied GPO-based logon access if
the ad_gpo_access_control option were set to enforcing mode." in /var/log/secure
If I set "ad_gpo_access_control = permissive", I still get this warning. In
others red-hat clone linux, what will be the correct configuration if sssd is upgrade in
1.13.2 ?
Why on fed 22, users cannot login if I set "ad_gpo_access_control = disabled",
and can login if I set "ad_gpo_access_control = permissive"
In fed 23, users can login with both "ad_gpo_access_control = disabled" and
"ad_gpo_access_control = permissive".
Fedora 22 and fedora 23 has the same
version of sssd.
So the issue might be caused by different configuration, different users ...
and maybe not related to GPO.
Could you provide logfiles from problematic machine with
"ad_gpo_access_control = disabled"?
LS