On 04/11/2013 09:10 AM, Stephen Gallagher wrote:
Ok, that definitely is showing where the problem lies. This strongly suggests to me that you have a user in your LDAP with the same name as on your local system. What's most likely happening is that the initgroups() call internally is walking through and processing all of the potential groups that username belongs to. Can you check whether getent -s sss passwd<localuser> Returns anything? If it does, you have an overlap and should probably resolve it on one side or the other.
Hmm, that command returns nothing on either system. And it still leaves the question of why pam_unix.so isn't catching the local account before pam_sss.so is invoked at all.
/Harry
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users