Learn more about these different git repos.
Other Git URLs
Version of sssd used is sssd-1.10.0-7.fc20.beta1
# ssh -l user05 localhost <== A password-less auth(public key in ssh/authorized_keys) Connection closed by ::1
sssd.conf domain section has:
[domain/AD] id_provider = ldap ldap_uri = ldaps://adserver.example.com ldap_tls_cacert = /etc/openldap/certs/ad_cert.pem ldap_schema = ad ldap_default_bind_dn = cn=Administrator,cn=Users,dc=example,dc=com ldap_default_authtok = XXXXX ldap_search_base = dc=example,dc=com ldap_force_upper_case_realm = True access_provider = ldap ldap_access_order = expire ldap_account_expire_policy=ad ldap_referrals = false
/var/log/secure shows:
May 24 08:52:31 dhcp207-114 sshd[8403]: pam_sss(sshd:account): system info: [The user account is expired on the AD server] May 24 08:52:31 dhcp207-114 sshd[8403]: pam_sss(sshd:account): Access denied for user user05: 4 (System error) May 24 08:52:31 dhcp207-114 sshd[8403]: fatal: Access denied for user user05 by PAM account configuration [preauth]
domain log shows:
(Fri May 24 08:52:31 2013) [sssd[be[AD]]] [be_pam_handler] (0x0100): Got request with the following data (Fri May 24 08:52:31 2013) [sssd[be[AD]]] [pam_print_data] (0x0100): command: PAM_ACCT_MGMT (Fri May 24 08:52:31 2013) [sssd[be[AD]]] [pam_print_data] (0x0100): domain: AD (Fri May 24 08:52:31 2013) [sssd[be[AD]]] [pam_print_data] (0x0100): user: user05 (Fri May 24 08:52:31 2013) [sssd[be[AD]]] [pam_print_data] (0x0100): service: sshd (Fri May 24 08:52:31 2013) [sssd[be[AD]]] [pam_print_data] (0x0100): tty: ssh (Fri May 24 08:52:31 2013) [sssd[be[AD]]] [pam_print_data] (0x0100): ruser: (Fri May 24 08:52:31 2013) [sssd[be[AD]]] [pam_print_data] (0x0100): rhost: localhost (Fri May 24 08:52:31 2013) [sssd[be[AD]]] [pam_print_data] (0x0100): authtok type: 0 (Fri May 24 08:52:31 2013) [sssd[be[AD]]] [pam_print_data] (0x0100): newauthtok type: 0 (Fri May 24 08:52:31 2013) [sssd[be[AD]]] [pam_print_data] (0x0100): priv: 1 (Fri May 24 08:52:31 2013) [sssd[be[AD]]] [pam_print_data] (0x0100): cli_pid: 8403 (Fri May 24 08:52:31 2013) [sssd[be[AD]]] [sdap_access_send] (0x0400): Performing access check for user [user05] (Fri May 24 08:52:31 2013) [sssd[be[AD]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0xb817a260 (Fri May 24 08:52:31 2013) [sssd[be[AD]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0xb817a2c0 (Fri May 24 08:52:31 2013) [sssd[be[AD]]] [ldb] (0x4000): Destroying timer event 0xb817a2c0 "ltdb_timeout" (Fri May 24 08:52:31 2013) [sssd[be[AD]]] [ldb] (0x4000): Ending timer event 0xb817a260 "ltdb_callback" (Fri May 24 08:52:31 2013) [sssd[be[AD]]] [sdap_account_expired_ad] (0x0400): Performing AD access check for user [user05] (Fri May 24 08:52:31 2013) [sssd[be[AD]]] [sdap_account_expired_ad] (0x4000): User account control for user [user05] is [200]. (Fri May 24 08:52:31 2013) [sssd[be[AD]]] [sdap_account_expired_ad] (0x4000): Expiration time for user [user05] is [129465018000000000]. (Fri May 24 08:52:31 2013) [sssd[be[AD]]] [sdap_account_expired] (0x0020): sdap_account_expired_ad failed. (Fri May 24 08:52:31 2013) [sssd[be[AD]]] [sdap_access_done] (0x0020): Error retrieving access check result. (Fri May 24 08:52:31 2013) [sssd[be[AD]]] [be_pam_handler_callback] (0x0100): Backend returned: (3, 4, <NULL>) [Internal Error (System error)] (Fri May 24 08:52:31 2013) [sssd[be[AD]]] [be_pam_handler_callback] (0x0100): Sending result [4][AD] (Fri May 24 08:52:31 2013) [sssd[be[AD]]] [be_pam_handler_callback] (0x0100): Sent result [4][AD]
Might be a dup of #1827. Jakub will investigate.
Not a duplicate, this is a new bug.
changelog: => priority: major => critical
Fields changed
milestone: NEEDS_TRIAGE => SSSD 1.10.0
rhbz: => 0
owner: somebody => pbrezina status: new => assigned
patch: 0 => 1
resolution: => fixed status: assigned => closed
Metadata Update from @kaushikub: - Issue assigned to pbrezina - Issue set to the milestone: SSSD 1.10.0
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/2995
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Login to comment on this ticket.