According to man sssd-ad, the default configuration of sssd should allow cron jobs to be run:
--- ad_gpo_map_batch (string)
A comma-separated list of PAM service names for which GPO-based access control is evaluated based on the BatchLogonRight and DenyBatchLogonRight policy settings.
Note: Using the Group Policy Management Editor this value is called "Allow log on as a batch job" and "Deny log on as a batch job".
It is possible to add another PAM service name to the default set by using “+service_name” or to explicitly remove a PAM service name from the default set by using “-service_name”. For example, in order to replace a default PAM
service name for this logon right (e.g. “crond”) with a custom pam service name (e.g. “my_pam_service”), you would use the following configuration:
ad_gpo_map_batch = +my_pam_service, -crond
Default: the default set of PAM service names includes:
· crond
---
Could it be that the service name in Ubuntu differs from the configured service name (crond).
From the log:
Feb 8 10:40:01 host CRON[10308]: pam_sss(cron:account): Access denied for user someone: 6 (Permission denied)
According to man sssd-ad, the default configuration of sssd should allow cron jobs to be run:
ad_gpo_ map_batch (string)
---
A comma-separated list of PAM service names for which GPO-based access control is evaluated based on the BatchLogonRight and DenyBatchLogonRight policy settings.
Note: Using the Group Policy Management Editor this value is called "Allow log on as a batch job" and "Deny log on as a batch job".
It is possible to add another PAM service name to the default set by using “+service_name” or to explicitly remove a PAM service name from the default set by using “-service_name”. For example, in order to replace a default PAM
service name for this logon right (e.g. “crond”) with a custom pam service name (e.g. “my_pam_service”), you would use the following configuration:
Default: the default set of PAM service names includes:
· crond
---
Could it be that the service name in Ubuntu differs from the configured service name (crond).
From the log: cron:account) : Access denied for user someone: 6 (Permission denied)
Feb 8 10:40:01 host CRON[10308]: pam_sss(