After access over sssd has been working quite well for months today 3 of my 4 client kubuntu-machines stopped giving access, and I have no clue why. Rejoining them to ad doesn’t help this time.
/var/log/auth.log just says:
Hello, and thanks for your answer. Meanwhile another person had popped up with the same problem, and it seems to be related to ubuntu updates causing the problem:
I’ve followed that solution and it works so far, but don’t know if this has any drawbacks…
That workaround is telling sssd to always allow access.
sssd troubleshooting states this:
I’m receiving Access denied for user $user: 6 (Permission denied)
Authentication went fine, but the user was denied access to the client machine. You can temporarily disable access control with setting access_provider=permit temporarily. Don’t forget to reset the access provider to a stricter setting after finding out the root cause!
Looks interesting, but hard to find PBIS on their page / site (beyondtrust.com).
It also looks like PBIS-Open is missing the most interesting part: GP (Group Policy) integration, which is only available in the (paid for) enterprise edition.
I’m always careful with such “open source” offers which have “Enterprise” options - simply with Open-Source, it would not be possible to make an enterprise version without resorting to a BLOB or something similiar… And a lot of such offers are often only eye catchers, and are dropped after a year or two.
If I can get AD to work using pure open source / samba, I do prefer that, even if it’s a mite more work.
Agreed! I will try that other way and see what changes lol!
I never used GP in a Linux Enviroment… A.D. for me its only for user logon with linux stations. I did not even know that some GP was possible with linux.