Hi Jakub,

Thanks for looking into the issue, please find the details you have
requested.

1. ipa idoverrideuser-show "Default Trust View"
supratik.gosw...@ad.corp.example.com
  Anchor to override: supratik.gosw...@ad.corp.example.com
  Login shell: /bin/bash
  SSH public key: ssh-rsa

AAAAB3NzaC1yc2EAAAADAQABAAABAQDzeYIANc6N/96ko+cxz3aZVvGnttWjA8+939hb2eWFfM+2SKhVJylU0GPrHpKDRuE2letQxdPE+jI4gabiM3p0x7BeuxDPrPtQ5CoOK9JmYrEuom89p6UPs9tZCtx2glWSybeSENtPLj9pxfZN7dJvYtrGwSrgYHNtJ9dyEVN34ho1ZEsw3ARJW0sV4ccBJNuKEeswotCvWJag9L4yBQf7mUEJpKAcKfrPocP4BC1PiTQ5mgtykcd88dakd0zATpVS99t+JABH95MhXt4kKYgLg1wiqg8NKxz5Nkn9k1BGxM9NNZ3lA0zrijJVcwdsRDvl6rFyXUCHXaDJZR5Pehdv
                  supratik@Supratiks-MacBook-Pro.local

2. ipa idoverrideuser-show "Default Trust View"
supratik.gosw...@ad.corp.example.com --all --raw
  dn:
ipaanchoruuid=:SID:S-1-5-21-3704658179-702631923-1581593159-1129,cn=Default
Trust View,cn=views,cn=accounts,dc=ipa,dc=corp,dc=example,dc=com
  ipaanchoruuid: :SID:S-1-5-21-3704658179-702631923-1581593159-1129
  loginshell: /bin/bash
  ipasshpubkey:
c3NoLXJzYSBBQUFBQjNOemFDMXljMkVBQUFBREFRQUJBQUFCQVFEemVZSUFOYzZOLzk2a28rY3h6M2FaVnZHbnR0V2pBOCs5MzloYjJlV0ZmTSsyU0toVkp5bFUwR1BySHBLRFJ1RTJsZXRReGRQRStqSTRnYWJpTTNwMHg3QmV1eERQclB0UTVDb09LOUptWXJFdW9tODlwNlVQczl0WkN0eDJnbFdTeWJlU0VOdFBMajlweGZaTjdkSnZZdHJHd1NyZ1lITnRKOWR5RVZOMzRobzFaRXN3M0FSSlcwc1Y0Y2NCSk51S0Vlc3dvdEN2V0phZzlMNHlCUWY3bVVFSnBLQWNLZnJQb2NQNEJDMVBpVFE1bWd0eWtjZDg4ZGFrZDB6QVRwVlM5OXQrSkFCSDk1TWhYdDRrS1lnTGcxd2lxZzhOS3h6NU5rbjlrMUJHeE05Tk5aM2xBMHpyaWpKVmN3ZHNSRHZsNnJGeVhVQ0hYYURKWlI1UGVoZHYgc3VwcmF0aWtAU3VwcmF0aWtzLU1hY0Jvb2stUHJvLmxvY2Fs
  ipaoriginaluid: supratik.gosw...@ad.corp.example.com
  objectClass: ipaOverrideAnchor
  objectClass: top
  objectClass: ipaUserOverride
  objectClass: ipasshuser
  objectClass: ipaSshGroupOfPubKeys
  sshpubkeyfp: 1A:6E:50:EC:5C:DD:9F:80:39:B2:81:C3:49:61:73:67
supratik@Supratiks-MacBook-Pro.local (ssh-rsa)


3. date; sss_ssh_authorizedkeys supratik.gos...@ad.corp.example.com; date
Wed Aug  9 13:58:13 UTC 2017
Error looking up public keys
Wed Aug  9 13:58:13 UTC 2017



(Wed Aug  9 13:58:12 2017) [sssd[be[ipa.corp.example.com]]] [sbus_dispatch]
(0x4000): dbus conn: 0x23ff770
(Wed Aug  9 13:58:12 2017) [sssd[be[ipa.corp.example.com]]] [sbus_dispatch]
(0x4000): Dispatching.
(Wed Aug  9 13:58:12 2017) [sssd[be[ipa.corp.example.com]]]
[sbus_message_handler] (0x2000): Received SBUS method
org.freedesktop.sssd.service.ping on path /org/freedesktop/sssd/service
(Wed Aug  9 13:58:12 2017) [sssd[be[ipa.corp.example.com]]]
[sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit
(Wed Aug  9 13:58:13 2017) [sssd[be[ipa.corp.example.com]]] [sbus_dispatch]
(0x4000): dbus conn: 0x2420ca0
(Wed Aug  9 13:58:13 2017) [sssd[be[ipa.corp.example.com]]] [sbus_dispatch]
(0x4000): Dispatching.
(Wed Aug  9 13:58:13 2017) [sssd[be[ipa.corp.example.com]]]
[sbus_message_handler] (0x2000): Received SBUS method
org.freedesktop.sssd.dataprovider.getAccountInfo on path
/org/freedesktop/sssd/dataprovider
(Wed Aug  9 13:58:13 2017) [sssd[be[ipa.corp.example.com]]]
[sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit
(Wed Aug  9 13:58:13 2017) [sssd[be[ipa.corp.example.com]]]
[be_get_account_info] (0x0200): Got request for
[0x1][1][name=supratik.goswai]
(Wed Aug  9 13:58:13 2017) [sssd[be[ipa.corp.example.com]]]
[be_req_set_domain] (0x0400): Changing request domain from
[ipa.corp.example.com]
to [ad.corp.example.com]
(Wed Aug  9 13:58:13 2017) [sssd[be[ipa.corp.example.com]]]
[acctinfo_callback] (0x0100): Request processed. Returned 1,11,Offline
(Wed Aug  9 13:58:22 2017) [sssd[be[ipa.corp.example.com]]] [sbus_dispatch]
(0x4000): dbus conn: 0x23ff770
(Wed Aug  9 13:58:22 2017) [sssd[be[ipa.corp.example.com]]] [sbus_dispatch]
(0x4000): Dispatching.
(Wed Aug  9 13:58:22 2017) [sssd[be[ipa.corp.example.com]]]
[sbus_message_handler] (0x2000): Received SBUS method
org.freedesktop.sssd.service.ping on path /org/freedesktop/sssd/service
(Wed Aug  9 13:58:22 2017) [sssd[be[ipa.corp.example.com]]]
[sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit




On Wed, Aug 9, 2017 at 6:43 PM, Jakub Hrozek via FreeIPA-users <
freeipa-users@lists.fedorahosted.org> wrote:

>
> On 9 Aug 2017, at 14:37, Supratik Goswami via FreeIPA-users <
> freeipa-users@lists.fedorahosted.org> wrote:
>
> Can someone please help me to figure out the issue?
>
> Please let me know if any other information is required
>
>
> Describing how you set up the idview and providing SSSD logs is a good
> start.
>
> -  idoverrideuser-show “Default Trust View” supratik.gos...@ad.corp.
> example.com
> - the same with —all —raw
> - enable sssd logs on the client
> - run: date; sss_ssh_authorizedkeys supratik.gos...@ad.corp.example.com;
> date
> - attach the sssd logs
>
> On Wed, Aug 9, 2017 at 9:54 AM, Supratik Goswami <supratiksek...@gmail.com
> > wrote:
>
>> (Wed Aug  9 04:20:14 2017) [sssd[be[ipa.corp.example.com]]]
>> [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with
>> [(&(objectClass=ipaUserOverride)(uid=supratik.goswami))][cn=Default
>> Trust View,cn=views,cn=accounts,dc=ipa,dc=corp,dc=example,dc=com]
>>
>> What I could see here is that it is searching as 'supratik.goswami' and
>> not 'supratik.gos...@ad.corp.example.com' which is the ID View user in
>> the IPA.
>>
>> How do I fix this?
>>
>> On Wed, Aug 9, 2017 at 8:53 AM, Supratik Goswami <supratiksekhar@gmail.
>> com> wrote:
>>
>>> Hello everyone,
>>>
>>> I have a trust setup between AD and IPA, I have created a user in the
>>> "Default Trust View" and
>>> updated the ssh public keys for that user.
>>>
>>> When I am trying to login to any Linux system using the ad user it is
>>> not able to find the keys.
>>>
>>> Here is the sshd debug log.
>>>
>>> Aug  9 03:04:01 host01 sshd[20102]: debug3: Running
>>> AuthorizedKeysCommand: "/usr/bin/sss_ssh_authorizedkeys
>>> supratik.gosw...@ad.corp.example.com" as "nobody"
>>> Aug  9 03:04:01 host01 sshd[20102]: debug1: restore_uid: 0/0
>>> Aug  9 03:04:01 host01 sshd[20102]: debug1: temporarily_use_uid: 99/99
>>> (e=0/0)
>>> Aug  9 03:04:01 host01 sshd[20106]: debug3:
>>> sshd_selinux_setup_variables: setting execution context
>>> Aug  9 03:04:01 host01 sshd[20102]: debug2: key not found
>>> Aug  9 03:04:01 host01 sshd[20102]: debug1: restore_uid: 0/0
>>>
>>> My sshd_config file has the following entries
>>>
>>> AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys
>>> AuthorizedKeysCommandUser nobody
>>>
>>> What could be the issue?
>>>
>>>
>>> Thanks
>>>
>>> --
>>> Warm Regards
>>>
>>> Supratik
>>>
>>
>>
>>
>> --
>> Warm Regards
>>
>> Supratik
>>
>
>
>
> --
> Warm Regards
>
> Supratik
> _______________________________________________
> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
> To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
>
>
>
> _______________________________________________
> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
> To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
>
>


-- 
Warm Regards

Supratik
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to