Linux VDA: Ubuntu VDA fails to launch when SSSD is used.

Linux VDA: Ubuntu VDA fails to launch when SSSD is used.

book

Article ID: CTX238490

calendar_today

Updated On:

Description

  • Linux VDA fails to launch with "Invalid login" error.
  • The issue is seen only with Ubuntu VDAs and not in RHEL VDA in the same environment. 
  • /var/log/auth.log in the VDA displays following error 
Sep 26 23:54:27 XXXXX citrix-ctxlogin[31602]: pam_sss(ctxhdx:account): Access denied for user XXXX\YYYY: 6 (Permission denied)


 

 

Resolution

Add the following config line to the corresponding domain's [domain/DomainName] section of /etc/sssd/sssd.conf  

ad_gpo_access_control = permissive



 

Problem Cause

By default ad_gpo_access_control is in enforcing mode in Ubuntu. Therefore if GPO-based access control denies user access then User login will fail. 
 

Issue/Introduction

Users fails to login to Ubuntu LVDA when SSSD is used. The authentication fails with the following error in /var/log/auth.log Sep 26 23:54:27 XXXXX citrix-ctxlogin[31602]: pam_sss(ctxhdx:account): Access denied for user XXXX\YYYY: 6 (Permission denied)
Powered by Wolken Software