SSSD: Login failing with error "User account has expired".

Solution Verified - Updated -

Issue

  • SSSD: Login failing with error User account has expired.
(Tue Oct  4 15:50:22 2016) [sssd[be[EXAMPLE.COM]]] [be_pam_handler] (0x0100): Got request with the following data
(Tue Oct  4 15:50:22 2016) [sssd[be[EXAMPLE.COM]]] [pam_print_data] (0x0100): command: PAM_AUTHENTICATE
(Tue Oct  4 15:50:22 2016) [sssd[be[EXAMPLE.COM]]] [pam_print_data] (0x0100): domain: EXAMPLE.COM
(Tue Oct  4 15:50:22 2016) [sssd[be[EXAMPLE.COM]]] [pam_print_data] (0x0100): user: 6693
(Tue Oct  4 15:50:22 2016) [sssd[be[EXAMPLE.COM]]] [pam_print_data] (0x0100): service: sshd
(Tue Oct  4 15:50:22 2016) [sssd[be[EXAMPLE.COM]]] [pam_print_data] (0x0100): tty: ssh
(Tue Oct  4 15:50:22 2016) [sssd[be[EXAMPLE.COM]]] [pam_print_data] (0x0100): ruser:
(Tue Oct  4 15:50:22 2016) [sssd[be[EXAMPLE.COM]]] [pam_print_data] (0x0100): rhost: client1.example.com
(Tue Oct  4 15:50:22 2016) [sssd[be[EXAMPLE.COM]]] [pam_print_data] (0x0100): authtok type: 1
(Tue Oct  4 15:50:22 2016) [sssd[be[EXAMPLE.COM]]] [pam_print_data] (0x0100): newauthtok type: 0
(Tue Oct  4 15:50:22 2016) [sssd[be[EXAMPLE.COM]]] [pam_print_data] (0x0100): priv: 1
(Tue Oct  4 15:50:22 2016) [sssd[be[EXAMPLE.COM]]] [pam_print_data] (0x0100): cli_pid: 16569
(Tue Oct  4 15:50:22 2016) [sssd[be[EXAMPLE.COM]]] [pam_print_data] (0x0100): logon name: not set
(Tue Oct  4 15:50:22 2016) [sssd[be[EXAMPLE.COM]]] [krb5_auth_queue_send] (0x1000): Wait queue of user [6693] is empty, running request [0x7f2f68a799a0] immediately.
(Tue Oct  4 15:50:22 2016) [sssd[be[EXAMPLE.COM]]] [krb5_setup] (0x4000): No mapping for: 6693
.
.
(Tue Oct  4 15:50:22 2016) [sssd[be[EXAMPLE.COM]]] [krb5_auth_send] (0x0100): Home directory for user [6693] not known.
(Tue Oct  4 15:50:22 2016) [sssd[be[EXAMPLE.COM]]] [krb5_auth_prepare_ccache_name] (0x1000): No ccache file for user [6693] found.
.
.
(Tue Oct  4 15:50:22 2016) [sssd[be[EXAMPLE.COM]]] [be_resolve_server_process] (0x0200): Found address for server server1.example.com: [192.168.2.2] TTL 1200
(Tue Oct  4 15:50:22 2016) [sssd[be[EXAMPLE.COM]]] [ad_resolve_callback] (0x0100): Constructed uri 'ldap://server1.example.com'
(Tue Oct  4 15:50:22 2016) [sssd[be[EXAMPLE.COM]]] [ad_resolve_callback] (0x0100): Constructed GC uri 'ldap://server1.example.com'
(Tue Oct  4 15:50:22 2016) [sssd[be[EXAMPLE.COM]]] [sss_krb5_realm_has_proxy] (0x0040): profile_get_values failed.
(Tue Oct  4 15:50:22 2016) [sssd[be[EXAMPLE.COM]]] [child_handler_setup] (0x2000): Setting up signal handler up for pid [16572]
(Tue Oct  4 15:50:22 2016) [sssd[be[EXAMPLE.COM]]] [child_handler_setup] (0x2000): Signal handler set up for pid [16572]
(Tue Oct  4 15:50:22 2016) [sssd[be[EXAMPLE.COM]]] [write_pipe_handler] (0x0400): All data has been sent!
(Tue Oct  4 15:50:22 2016) [sssd[be[EXAMPLE.COM]]] [child_sig_handler] (0x1000): Waiting for child [16572].
(Tue Oct  4 15:50:22 2016) [sssd[be[EXAMPLE.COM]]] [child_sig_handler] (0x0100): child [16572] finished successfully.
(Tue Oct  4 15:50:22 2016) [sssd[be[EXAMPLE.COM]]] [read_pipe_handler] (0x0400): EOF received, client finished
(Tue Oct  4 15:50:22 2016) [sssd[be[EXAMPLE.COM]]] [check_wait_queue] (0x1000): Wait queue for user [6693] is empty.
(Tue Oct  4 15:50:22 2016) [sssd[be[EXAMPLE.COM]]] [krb5_auth_queue_done] (0x1000): krb5_auth_queue request [0x7f2f68a799a0] done.
(Tue Oct  4 15:50:22 2016) [sssd[be[EXAMPLE.COM]]] [be_pam_handler_callback] (0x0100): Backend returned: (0, 13, ) [Success (User account has expired)]

Environment

  • Red Hat Enterprise Linux 6
  • Red Hat Enterprise Linux 7
  • Active Directory
  • SSSD

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In