before getting the log , I've set sss_debuglevel=9.
I got the info from https://docs.pagure.org/SSSD.sssd/users/troubleshooting.html :
and "System Error (4) also be found from my logs"
---
I’m receiving System Error (4) in the authentication logs
* System Error is an “Unhandled Exception” during authentication. It can either be an SSSD bug or a fatal error during authentication. Either way, please bring up your issue on the sssd-users mailing listhttps://lists.fedorahosted.org/admin/lists/sssd-users.lists.fedorahosted.org/
---
Debugging and troubleshooting SSSD — SSSD documentationhttps://docs.pagure.org/SSSD.sssd/users/troubleshooting.html docs.pagure.org SSSD debug logs¶ Each process that SSSD consists of is represented by a section in the sssd.conf config file. To enable debugging persistently across SSSD service ...
________________________________ 发件人: Striker Leggette striker@terranforge.com 发送时间: 2017年7月10日 21:05 收件人: sssd-users@lists.fedorahosted.org 主题: [SSSD-users] Re: The Direct Integration between SSSD and Active Directory , Access Control via GPO, logon to server failed uncertain
You will need to add 'debug_level = 9' within the [domain/mydomain.com] section of sssd, restart sssd and then provide the logs from /var/log/sssd/sssd_mydomain.com.log for the block of time when this happened:
On 07/10/2017 06:12 AM, 程 波 wrote: Jul 10 17:37:47 MyIssueMachine sshd[42400]: pam_sss(sshd:auth): authentication success; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.150.15 user=MyUser@mydomain.commailto:user=MyUser@mydomain.com Jul 10 17:37:47 MyIssueMachine sshd[42400]: pam_sss(sshd:account): Access denied for user MyUser@mydomain.commailto:MyUser@mydomain.com: 4 (System error) Jul 10 17:37:47 MyIssueMachine sshd[42400]: Failed password for MyUser@mydomain.commailto:MyUser@mydomain.com from 192.168.150.15 port 51594 ssh2 Jul 10 17:37:47 MyIssueMachine sshd[42400]: fatal: Access denied for user MyUser@mydomain.commailto:MyUser@mydomain.com by PAM account configuration [preauth]