We found out it has to do with GPO. With ad_gpo_access_control = enforcing
we get failures (system error 4 with no indication in the logs it was GPO in any way). ad_gpo_access_control = permissive and all is well. I’ll open a ticket with Canonical. From: Andreas Hasenack [mailto:andr...@canonical.com] Sent: Monday, December 18, 2017 2:48 PM To: End-user discussions about the System Security Services Daemon <sssd-users@lists.fedorahosted.org> Subject: [SSSD-users] Re: Ubuntu Xenial failures EXTERNAL MAIL: sssd-users-boun...@lists.fedorahosted.org<mailto:sssd-users-boun...@lists.fedorahosted.org> You should file a bug in Ubuntu, specially if downgrading to the previous package fixes the problem for you. On Dec 18, 2017 18:10, "Jay McCanta" <j.mcca...@f5.com<mailto:j.mcca...@f5.com>> wrote: After an update to Ubuntu Xenial, sssd_pam always fails with a system error(4) error. Dec 18 20:07:22 sv5cismfgcr01 sshd[27263]: pam_sss(sshd:auth): authentication success; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.11.129 user=mccanta Dec 18 20:07:22 sv5cismfgcr01 sshd[27263]: pam_sss(sshd:account): Access denied for user mccanta: 4 (System error) I have debug_level 10 logs I can send. Didn't want to post thos to the mailing list. Jay _______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org<mailto:sssd-users@lists.fedorahosted.org> To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org<mailto:sssd-users-le...@lists.fedorahosted.org>
_______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org