SSSD: Login failing with error "User account has expired".

Solution Verified - Updated -

Issue

  • SSSD: Login failing with error User account has expired.
(Tue Oct  4 15:50:22 2016) [sssd[be[EXAMPLE.COM]]] [be_pam_handler] (0x0100): Got request with the following data
(Tue Oct  4 15:50:22 2016) [sssd[be[EXAMPLE.COM]]] [pam_print_data] (0x0100): command: PAM_AUTHENTICATE
(Tue Oct  4 15:50:22 2016) [sssd[be[EXAMPLE.COM]]] [pam_print_data] (0x0100): domain: EXAMPLE.COM
(Tue Oct  4 15:50:22 2016) [sssd[be[EXAMPLE.COM]]] [pam_print_data] (0x0100): user: 6693
(Tue Oct  4 15:50:22 2016) [sssd[be[EXAMPLE.COM]]] [pam_print_data] (0x0100): service: sshd
(Tue Oct  4 15:50:22 2016) [sssd[be[EXAMPLE.COM]]] [pam_print_data] (0x0100): tty: ssh
(Tue Oct  4 15:50:22 2016) [sssd[be[EXAMPLE.COM]]] [pam_print_data] (0x0100): ruser:
(Tue Oct  4 15:50:22 2016) [sssd[be[EXAMPLE.COM]]] [pam_print_data] (0x0100): rhost: client1.example.com
(Tue Oct  4 15:50:22 2016) [sssd[be[EXAMPLE.COM]]] [pam_print_data] (0x0100): authtok type: 1
(Tue Oct  4 15:50:22 2016) [sssd[be[EXAMPLE.COM]]] [pam_print_data] (0x0100): newauthtok type: 0
(Tue Oct  4 15:50:22 2016) [sssd[be[EXAMPLE.COM]]] [pam_print_data] (0x0100): priv: 1
(Tue Oct  4 15:50:22 2016) [sssd[be[EXAMPLE.COM]]] [pam_print_data] (0x0100): cli_pid: 16569
(Tue Oct  4 15:50:22 2016) [sssd[be[EXAMPLE.COM]]] [pam_print_data] (0x0100): logon name: not set
(Tue Oct  4 15:50:22 2016) [sssd[be[EXAMPLE.COM]]] [krb5_auth_queue_send] (0x1000): Wait queue of user [6693] is empty, running request [0x7f2f68a799a0] immediately.
(Tue Oct  4 15:50:22 2016) [sssd[be[EXAMPLE.COM]]] [krb5_setup] (0x4000): No mapping for: 6693
.
.
(Tue Oct  4 15:50:22 2016) [sssd[be[EXAMPLE.COM]]] [krb5_auth_send] (0x0100): Home directory for user [6693] not known.
(Tue Oct  4 15:50:22 2016) [sssd[be[EXAMPLE.COM]]] [krb5_auth_prepare_ccache_name] (0x1000): No ccache file for user [6693] found.
.
.
(Tue Oct  4 15:50:22 2016) [sssd[be[EXAMPLE.COM]]] [be_resolve_server_process] (0x0200): Found address for server server1.example.com: [192.168.2.2] TTL 1200
(Tue Oct  4 15:50:22 2016) [sssd[be[EXAMPLE.COM]]] [ad_resolve_callback] (0x0100): Constructed uri 'ldap://server1.example.com'
(Tue Oct  4 15:50:22 2016) [sssd[be[EXAMPLE.COM]]] [ad_resolve_callback] (0x0100): Constructed GC uri 'ldap://server1.example.com'
(Tue Oct  4 15:50:22 2016) [sssd[be[EXAMPLE.COM]]] [sss_krb5_realm_has_proxy] (0x0040): profile_get_values failed.
(Tue Oct  4 15:50:22 2016) [sssd[be[EXAMPLE.COM]]] [child_handler_setup] (0x2000): Setting up signal handler up for pid [16572]
(Tue Oct  4 15:50:22 2016) [sssd[be[EXAMPLE.COM]]] [child_handler_setup] (0x2000): Signal handler set up for pid [16572]
(Tue Oct  4 15:50:22 2016) [sssd[be[EXAMPLE.COM]]] [write_pipe_handler] (0x0400): All data has been sent!
(Tue Oct  4 15:50:22 2016) [sssd[be[EXAMPLE.COM]]] [child_sig_handler] (0x1000): Waiting for child [16572].
(Tue Oct  4 15:50:22 2016) [sssd[be[EXAMPLE.COM]]] [child_sig_handler] (0x0100): child [16572] finished successfully.
(Tue Oct  4 15:50:22 2016) [sssd[be[EXAMPLE.COM]]] [read_pipe_handler] (0x0400): EOF received, client finished
(Tue Oct  4 15:50:22 2016) [sssd[be[EXAMPLE.COM]]] [check_wait_queue] (0x1000): Wait queue for user [6693] is empty.
(Tue Oct  4 15:50:22 2016) [sssd[be[EXAMPLE.COM]]] [krb5_auth_queue_done] (0x1000): krb5_auth_queue request [0x7f2f68a799a0] done.
(Tue Oct  4 15:50:22 2016) [sssd[be[EXAMPLE.COM]]] [be_pam_handler_callback] (0x0100): Backend returned: (0, 13, ) [Success (User account has expired)]

Environment

  • Red Hat Enterprise Linux 6
  • Red Hat Enterprise Linux 7
  • Active Directory
  • SSSD

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In
Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.