Server Fault is a question and answer site for system and network administrators. It only takes a minute to sign up.
Sign up to join this community
I have installed Linux Mint 18.1 Cinnamon, join in to AD domain (using sssd). I can make su to ad user, and i can login to console with ad users.
But when i try logon to GUI, i have message "the system administrator has disabled access to the system temporarily".
What do i miss?
You didn't post your sssd.conf, so I'm going to assume -- are you using id_provider=ad? If yes, then chances are quite high that it's the GPO access control preventing access. You can temporarily work around this by setting the GPO access control to permissive by setting:
ad_gpo_access_control = permissive
in sssd.conf's domain section. You can also add the mdm service to GPO.
But if all the above helps, what would be even better is to file a bug upstream to allow the mdm service by default if it's something Cinnamon or Mint use by default. Or at least make the default list configurable so that the Mint maintainer can add their preferred login manager to the default permitted list.
I was the same problem.
The blocking point is the new feature name gpo to restricte some user to some computer.
In /etc/sssd/ssd.conf, a add this in the section [domain/mydomain.myext]
ad_gpo_access_control = disabled
Sorry, i never try this solution
