SSSD Login Fails After Patch

asked 2015-12-02 13:11:51 -0500

John D Giotta gravatar image

updated 2015-12-03 08:37:42 -0500

I recently updated a Fedora 22 workstation and SSSD logins began to fail.

Logs look good until sss_send_pac fails. Oddly the principal user is getting the domain added twice. For example:


I'm not sure what debuggin steps to take at this point. Joining the realm and performing ldapsearch commands are all successful.

Authentication is provided by an Active Directory system on a larger Windows-based network.

When I step up logging output in sssd.conf to level 10 I can review the krb5_child.log. I find the following failure in the log:

(Thu Dec 3 09:22:36 2015) [[sssd[krb5_child[2158]]]] [sss_send_pac] (0x0040): sss_pac_make_request failed [-1][2]

(Thu Dec 3 09:22:36 2015) [[sssd[krb5_child[2158]]]] [validate_tgt] (0x0040): sss_send_pac failed, group membership for user with principal [jgiotta\@magic.local@magic.local] might not be correct.

When this occurs I believe login fails, but terminal only says "System error" at login. At this moment, I'm essentially locked out of my profile and can only access via root.

edit retag flag offensive close merge delete


Which files did you patch? You should probably stick to the code in the distro packages instead of patching code yourself.

randomuser gravatar imagerandomuser ( 2015-12-03 08:22:18 -0500 )edit

@randomuser excuse me, when I say "patched" my referring to a distro provided update.

John D Giotta gravatar imageJohn D Giotta ( 2015-12-03 08:36:28 -0500 )edit

Okay, sorry for the mixup.

randomuser gravatar imagerandomuser ( 2015-12-04 00:45:26 -0500 )edit