On 07/12/2017 04:36 PM, Jakub Hrozek wrote:
On Tue, Jul 11, 2017 at 07:22:41AM +0000, 程 波 wrote:
> 程 波 已与你共享 OneDrive 文件。若要查看,请单击下面的链接。
>
>
> <
https://1drv.ms/u/s!AnBXPe2fk7BFjDE6MV_iHeIJ6Xub>
>
[
https://r1.res.office365.com/owa/prem/images/dc-generic_20.png]<https:...
>
> sssd_mydomain.com.log<https://1drv.ms/u/s!AnBXPe2fk7BFjDE6MV_iHeIJ6Xub>
>
>
>
>
> the debug log attached.
From the debug logs:
(Tue Jul 11 15:08:25 2017) [sssd[be[mydomain.com]]] [gpo_cse_done] (0x0020):
ad_gpo_parse_gpo_child_response failed: [22][Invalid argument]
The above means that the GPO child response does not have expected
format. gpo_child.log (in the same directory as domain log) could
provide more info.
Michal
(Tue Jul 11 15:08:25 2017) [sssd[be[mydomain.com]]] [ad_gpo_cse_done]
(0x0400): gpo_guid: {241B7E35-2AA1-4004-A82B-DA333FE6DC2C}
(Tue Jul 11 15:08:25 2017) [sssd[be[mydomain.com]]] [ad_gpo_cse_done] (0x0040): Unable to
retrieve policy data: [22](Invalid argument}
(Tue Jul 11 15:08:25 2017) [sssd[be[mydomain.com]]] [ad_gpo_access_done] (0x0040):
GPO-based access control failed.
(Tue Jul 11 15:08:25 2017) [sssd[be[mydomain.com]]] [dp_req_done] (0x0400): DP Request
[PAM Account #3]: Request handler finished [0]: Success
(Tue Jul 11 15:08:25 2017) [sssd[be[mydomain.com]]] [_dp_req_recv] (0x0400): DP Request
[PAM Account #3]: Receiving request data.
(Tue Jul 11 15:08:25 2017) [sssd[be[mydomain.com]]] [dp_req_destructor] (0x0400): DP
Request [PAM Account #3]: Request removed.
(Tue Jul 11 15:08:25 2017) [sssd[be[mydomain.com]]] [dp_req_destructor] (0x0400): Number
of active DP request: 0
(Tue Jul 11 15:08:25 2017) [sssd[be[mydomain.com]]] [dp_method_enabled] (0x0400): Target
selinux is not configured
(Tue Jul 11 15:08:25 2017) [sssd[be[mydomain.com]]] [dp_pam_reply] (0x1000): DP Request
[PAM Account #3]: Sending result [
4][mydomain.com]
So there was some error during access control. If you are not using GPO
access control from your Windows domain, then you can disable the GPO
processing with:
ad_gpo_access_control = permissive
I don't know specifically what causes the error. Maybe Michal knows?
_______________________________________________
sssd-users mailing list -- sssd-users(a)lists.fedorahosted.org
To unsubscribe send an email to sssd-users-leave(a)lists.fedorahosted.org