Description of problem: If an AD account has a password exceeding 126 characters, it is unable to log in using a smart card. Version-Release number of selected component (if applicable): sssd-2.7.3-4.el8_7.3.x86_64 How reproducible: Customer is able to reproduce it, I am having trouble though configuring a repro in the lab. Steps to Reproduce: 1. Configured AD to use smart card logins and an associated RHEL machine. 2. Create AD account with a password in excess of 126 chracters. 3. Try logging in with a smart card on RHEL. Actual results: Login fails. Expected results: Login succeeds. Additional info:
Hi, as long as you cannot reproduce it, would it be possible to ask the customer for SSSD logs with 'debug_level = 9' in the [pam] and [domain/...] sections covering a failed login attempt? bye, Sumit