24 May
2025
24 May
'25
11:40 a.m.
deloptes via tde-users wrote:
this is from sssd domain log ... no idea for now, but will look tomorrow. If someone knows better, is welcome
Configuration hint: PAM service 'tdm-trinity' is not mapped to any Group Policy rule. If you plan to use this PAM service it is recommended to use the ad_gpo_map_* family of options to map this PAM service to a Group Policy rule. PAM services not present in any map will fall back to value set in ad_gpo_default_right, which is currently set to Denied (see manual pages 'man sssd-ad' for more details).
Amazing! Googles Gemini helped me solve the issue: add in /etc/sssd/sssd.conf under [domain/DOMAIN.SMTH] ... ad_gpo_map_interactive = +tdm-trinity
I may write a how to for the wiki