Hi Alexander. Spot on... we fixed the issue with your suggestion. Thanks heaps Appreciated.
regards On Fri, Nov 9, 2018 at 12:43 PM Alfredo De Luca <[email protected]> wrote: > thanks Alexander. We don't have selinux enabled so good point from you. I > will implement the solution you suggested soon and let you know. > Thanks heaps > > Alfredo > > > On Thu, Nov 8, 2018 at 9:05 PM Alexander Bokovoy <[email protected]> > wrote: > >> On to, 08 marras 2018, Alfredo De Luca via FreeIPA-users wrote: >> >Hi alexander. Thanks for your info. >> >Here are 2 logs. One is the pam.log and the other one is the domain.log >> at >> >the time when we got the error below. >> > >> >Nov 8 17:09:06 sftp-test sshd[25100]: pam_sss(sshd:account): Access >> denied >> >for user nifi_sftp: 4 (System error) >> > >> >The user to search is nifi_sftp. >> > >> >Thanks heaps and let me know if you need more info >> Do you have SELinux enabled? Disabled? >> >> From the looks of sssd_<domain>.log you have trouble with setting >> SELinux for the user: >> >> Thu Nov 8 17:09:06 2018) [sssd[be[novalocal]]] [selinux_child_done] >> (0x0020): selinux_child_parse_response failed: [22][Invalid argument] >> >> This means that most likely you have SELinux disabled completely yet >> SSSD attempts to set up SELinux context and considers its failure a hard >> fail. >> >> Setting >> >> selinux_provider = none >> >> in [domain/novalocal] section should help if you are not using SELinux. >> >> >Cheers >> > >> > >> > >> >On Wed, Nov 7, 2018 at 3:49 PM Alexander Bokovoy <[email protected]> >> >wrote: >> > >> >> On ke, 07 marras 2018, Alfredo De Luca via FreeIPA-users wrote: >> >> >Hi all. I wonder who and how this is been resolved? >> >> >I have centos 7 where an sftp server is running. Authentication is >> with >> >> >freeIPA 4.5.4. >> >> >all the users connect to the sftp server normally but when there are >> >> >multiple connections randomly I got this error >> >> > >> >> >Nov 7 08:30:09 sftp sshd[23487]: pam_sss(sshd:account): Access >> denied for >> >> >user nifi_sftp: 4 (System error) >> >> > >> >> >Not sure why. The same user doesn't have any issue connecting >> manually but >> >> >when different connections from 3 nodes (running a open source sftp >> client >> >> >called NIFI from apache.org) I got that error. >> >> >I have to say that I tried to reproduce with a script running multiple >> >> >connections at the same time and I get the same errors. If I use >> >> >controlmaster mechanism on ssh client I dont' get the error at all. >> >> > >> >> >Any idea? >> >> Use sssd debugging to demonstrate why pam_sss is denying access. >> >> https://docs.pagure.org/SSSD.sssd/users/troubleshooting.html >> >> >> >> You'd need logs from the sssd_<domain>.log and sssd_pam.log related to >> >> the time when there is an attempt to connect with NIFI. Use >> >> debug_level=9 in domain and pam sections to show all logs and provide >> >> them somewhere we can look up. >> >> >> >> -- >> >> / Alexander Bokovoy >> >> Sr. Principal Software Engineer >> >> Security / Identity Management Engineering >> >> Red Hat Limited, Finland >> >> >> > >> > >> >-- >> >*Alfredo* >> >> >> -- >> / Alexander Bokovoy >> Sr. Principal Software Engineer >> Security / Identity Management Engineering >> Red Hat Limited, Finland >> > > > -- > *Alfredo* > > -- *Alfredo*
_______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
