Learn more about these different git repos.
Other Git URLs
The logs should give better hints on what went wrong incase the user is denied access due to PAM service not being mapped to any GPO rule.
Here is feedback from user:
The issue is with the logging. The man page was fairly clear once I figured out what to look for. The standard error message gives absolutely no hint as to why access is denied:
The issue is with the logging. The man page was fairly clear once I figured out what to look for.
The standard error message gives absolutely no hint as to why access is denied:
Mar 8 15:13:51 ubuntu1604 pamtester: pam_sss(thinlinc:account): Access denied for user ossman: 6 (Permission denied)
The debug message at least says that it has to do with GPOs and services, but no clue beyond that:
(Thu Mar 8 15:13:51 2018) [sssd[be[lab.lkpg.cendio.se]]] [ad_gpo_access_send] (0x0400): service thinlinc maps to Denied
I would have preferred if the standard log message informed me that access was denied because the service thinlinc is not mapped to any GPO rule.
Metadata Update from @jhrozek: - Issue set to the milestone: SSSD 1.16.2
Metadata Update from @jhrozek: - Issue assigned to mzidek - Issue tagged with: PR
PR: https://github.com/SSSD/sssd/pull/593
Metadata Update from @jhrozek: - Issue close_status updated to: Fixed - Issue status updated to: Closed (was: Open)
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/4684
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Login to comment on this ticket.