Hi,
Sorry i have a hard time explaining exactly what the problem is in technical terms since
I'm not sure what they are called.
Essentially, when I power on a machine there is the initial login screen that you are
prompted with in ubuntu. If a user has never logged onto a particular machine it
doesn't allow them. However, if i have already ssh'd to that machine (via
another machine) with the user account, then if i try and do the initial login then it
works. Once the user logs in once, i can always login afterwards.
Does that make sense?
Thomas
________________________________________
From: Jakub Hrozek <jhrozek(a)redhat.com>
Sent: Wednesday, December 14, 2016 4:47 PM
To: sssd-users(a)lists.fedorahosted.org
Subject: [SSSD-users] Re: logging into machine with AD credentials for the first time
On Wed, Dec 14, 2016 at 08:55:15PM +0000, Thomas Beaudry wrote:
Hi Everyone,
i have been able to get sssd to work so i can login with my AD credentials to a
workstation and through ssh, however I am running into a problem. Whenever a new user
tries to login to a ubuntu workstation for the first time it doesn't allow them. I am
guessing the login screen doesn't contact the windows AD to check credentials (so
maybe sssd hasn't been started yet). I currently have sssd managing the following
services: pam, ssh, autofs, and nss. The workaround that I have found is to ssh to
that machine from another machine with the AD credentials that I would like to use, and
then when I reset the machine i am able to use those credentials at the login screen. Is
there a better way?
Do I get it correctly that you can't login through a graphical login
manager but you can login with the same user with ssh and then you can
login with the gui manager as well?
I'm not sure I can answer without seeing some logs but the things I
would look for would be:
- is pam_sss contacted at all when you log in with the gui login
manager?
- what kind of error does pam_sss return if you log in with the gui
manager?
- what is in sssd logs in that case?
_______________________________________________
sssd-users mailing list -- sssd-users(a)lists.fedorahosted.org
To unsubscribe send an email to sssd-users-leave(a)lists.fedorahosted.org