69 lines
1.2 KiB
Markdown
69 lines
1.2 KiB
Markdown
# sssd Authentication
|
|
|
|
## Check Domain State
|
|
As `root` check what domains are configured:
|
|
```
|
|
# sssctl domain-list
|
|
D.PSI.CH
|
|
#
|
|
```
|
|
and then check their state:
|
|
```
|
|
# sssctl domain-status D.PSI.CH
|
|
Online status: Offline
|
|
|
|
Active servers:
|
|
AD Global Catalog: not connected
|
|
AD Domain Controller: dc01.D.PSI.CH
|
|
|
|
Discovered AD Global Catalog servers:
|
|
None so far.
|
|
Discovered AD Domain Controller servers:
|
|
- dc01.D.PSI.CH
|
|
- dc02.D.PSI.CH
|
|
- dc00.D.PSI.CH
|
|
|
|
#
|
|
```
|
|
|
|
## Check User State
|
|
```
|
|
# sssctl user-checks buchel_k
|
|
user: buchel_k
|
|
action: acct
|
|
service: system-auth
|
|
|
|
SSSD nss user lookup result:
|
|
- user name: buchel_k
|
|
- user id: 44951
|
|
- group id: 710
|
|
- gecos: Bucheli Konrad
|
|
- home directory: /home/buchel_k
|
|
- shell: /bin/bash
|
|
|
|
SSSD InfoPipe user lookup result:
|
|
- name: buchel_k
|
|
- uidNumber: 44951
|
|
- gidNumber: 710
|
|
- gecos: Bucheli Konrad
|
|
- homeDirectory: /afs/psi.ch/user/b/buchel_k
|
|
- loginShell: /bin/bash
|
|
|
|
testing pam_acct_mgmt
|
|
|
|
pam_acct_mgmt: Success
|
|
|
|
PAM Environment:
|
|
- no env -
|
|
#
|
|
```
|
|
|
|
## Extended Logging
|
|
|
|
To get more logging messages you may raise the log level to 6, either permanently in Hiera with key `aaa::sssd_debuglevel` or temporary on the host itself with
|
|
```
|
|
sssctl debug-level 6
|
|
```
|
|
|
|
The logs are located in `/etc/log/sssd/`
|