If you search the cache with ldbsearch -H /var/lib/sss/db/cache_domain.ldb does the user have the pubkey attribute?
> On 8 Aug 2018, at 11:02, Peter Viskup via FreeIPA-users > <freeipa-users@lists.fedorahosted.org> wrote: > > On Debian 9 client the sss_ssh_authorizedkeys command returns empty > list. But the ipauser has SSH key in its IPA profile setup via web UI. > Debug log does not point to any error: > > (Wed Aug 8 10:54:01 2018) [sssd[ssh]] [get_client_cred] (0x4000): > Client creds: euid[65534] egid[65534] pid[11834]. > (Wed Aug 8 10:54:01 2018) [sssd[ssh]] [get_client_cred] (0x0080): The > following failure is expected to happen in case SELinux is disabled: > SELINUX_getpeercon failed [92][Protocol not available]. > Please, consider enabling SELinux in your system. > (Wed Aug 8 10:54:01 2018) [sssd[ssh]] [setup_client_idle_timer] > (0x4000): Idle timer re-set for client [0x56353b9b65a0][18] > (Wed Aug 8 10:54:01 2018) [sssd[ssh]] [accept_fd_handler] (0x0400): > Client connected! > (Wed Aug 8 10:54:01 2018) [sssd[ssh]] [sss_cmd_get_version] (0x0200): > Received client version [0]. > (Wed Aug 8 10:54:01 2018) [sssd[ssh]] [sss_cmd_get_version] (0x0200): > Offered version [0]. > (Wed Aug 8 10:54:01 2018) [sssd[ssh]] [ssh_cmd_parse_request] > (0x0400): Requested domain [DOMAIN] > (Wed Aug 8 10:54:01 2018) [sssd[ssh]] [ssh_cmd_parse_request] > (0x0400): Parsing name [ipauser][DOMAIN] > (Wed Aug 8 10:54:01 2018) [sssd[ssh]] [sss_parse_name_for_domains] > (0x0200): name 'ipauser' matched without domain, user is ipauser > (Wed Aug 8 10:54:01 2018) [sssd[ssh]] [sss_parse_name_for_domains] > (0x0200): using default domain [DOMAIN] > (Wed Aug 8 10:54:01 2018) [sssd[ssh]] [sss_ssh_cmd_get_user_pubkeys] > (0x0400): Requesting SSH user public keys for [ipauser] from [DOMAIN] > (Wed Aug 8 10:54:01 2018) [sssd[ssh]] [sss_dp_issue_request] > (0x0400): Issuing request for [0x56353a7ea5f0:1:ipauser@DOMAIN@DOMAIN] > (Wed Aug 8 10:54:01 2018) [sssd[ssh]] [sss_dp_get_account_msg] > (0x0400): Creating request for > [DOMAIN][0x1][BE_REQ_USER][name=ipauser@DOMAIN:-] > (Wed Aug 8 10:54:01 2018) [sssd[ssh]] [sbus_add_timeout] (0x2000): > 0x56353b9b8fc0 > (Wed Aug 8 10:54:01 2018) [sssd[ssh]] [sss_dp_internal_get_send] > (0x0400): Entering request [0x56353a7ea5f0:1:ipauser@DOMAIN@DOMAIN] > (Wed Aug 8 10:54:01 2018) [sssd[ssh]] [sbus_remove_timeout] (0x2000): > 0x56353b9b8fc0 > (Wed Aug 8 10:54:01 2018) [sssd[ssh]] [sbus_dispatch] (0x4000): dbus > conn: 0x56353b9af060 > (Wed Aug 8 10:54:01 2018) [sssd[ssh]] [sbus_dispatch] (0x4000): Dispatching. > (Wed Aug 8 10:54:01 2018) [sssd[ssh]] [sss_dp_get_reply] (0x1000): > Got reply from Data Provider - DP error code: 0 errno: 0 error > message: Success > (Wed Aug 8 10:54:01 2018) [sssd[ssh]] [ssh_user_pubkeys_search_next] > (0x0400): Requesting SSH user public keys for [ipauser@DOMAIN] > (Wed Aug 8 10:54:01 2018) [sssd[ssh]] [ldb] (0x4000): Added timed > event "ltdb_callback": 0x56353b9bdcd0 > > (Wed Aug 8 10:54:01 2018) [sssd[ssh]] [ldb] (0x4000): Added timed > event "ltdb_timeout": 0x56353b9bdd90 > > (Wed Aug 8 10:54:01 2018) [sssd[ssh]] [ldb] (0x4000): Running timer > event 0x56353b9bdcd0 "ltdb_callback" > > (Wed Aug 8 10:54:01 2018) [sssd[ssh]] [ldb] (0x4000): Destroying > timer event 0x56353b9bdd90 "ltdb_timeout" > > (Wed Aug 8 10:54:01 2018) [sssd[ssh]] [ldb] (0x4000): Ending timer > event 0x56353b9bdcd0 "ltdb_callback" > > (Wed Aug 8 10:54:01 2018) [sssd[ssh]] [ldb] (0x4000): Added timed > event "ltdb_callback": 0x56353b9b90e0 > > (Wed Aug 8 10:54:01 2018) [sssd[ssh]] [ldb] (0x4000): Added timed > event "ltdb_timeout": 0x56353b9b98e0 > > (Wed Aug 8 10:54:01 2018) [sssd[ssh]] [ldb] (0x4000): Running timer > event 0x56353b9b90e0 "ltdb_callback" > > (Wed Aug 8 10:54:01 2018) [sssd[ssh]] [ldb] (0x4000): Destroying > timer event 0x56353b9b98e0 "ltdb_timeout" > > (Wed Aug 8 10:54:01 2018) [sssd[ssh]] [ldb] (0x4000): Ending timer > event 0x56353b9b90e0 "ltdb_callback" > > (Wed Aug 8 10:54:01 2018) [sssd[ssh]] [sss_dp_req_destructor] > (0x0400): Deleting request: [0x56353a7ea5f0:1:ipauser@DOMAIN@DOMAIN] > (Wed Aug 8 10:54:01 2018) [sssd[ssh]] [client_recv] (0x0200): Client > disconnected! > (Wed Aug 8 10:54:01 2018) [sssd[ssh]] [client_close_fn] (0x2000): > Terminated client [0x56353b9b65a0][18] > > What could be the root cause? > > -- > Peter > _______________________________________________ > FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org > To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/freeipa-users@lists.fedorahosted.org/message/WGE63YYFIHYZNI3YJBCPC52F3WXZHT5Z/ _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/freeipa-users@lists.fedorahosted.org/message/OK5H2HPNG6NTGQG4PMM67PACPC4OZ2GU/