> On Thu, Feb 20, 2020 at 08:59:01AM -0000, Sunil via FreeIPA-users wrote: > > Hi, > > please check > https://docs.pagure.org/SSSD.sssd/users/troubleshooting.html to see how > to enable debugging in SSSD. There are also common issues described. > > Since there is a 'permission denied' error, I wonder if you already had > some HBAC rules enabled and disabled the 'allow_all' rule? > > bye, > Sumit Thx Sumit for views
HBAC rules enabled : allow_all This is the sssd logs I get : (Fri Feb 21 07:28:25 2020) [sssd[be[sunil.lan]]] [dp_pam_handler] (0x0100): Got request with the following data (Fri Feb 21 07:28:25 2020) [sssd[be[sunil.lan]]] [pam_print_data] (0x0100): command: SSS_PAM_CHAUTHTOK (Fri Feb 21 07:28:25 2020) [sssd[be[sunil.lan]]] [pam_print_data] (0x0100): domain: sunil.lan (Fri Feb 21 07:28:25 2020) [sssd[be[sunil.lan]]] [pam_print_data] (0x0100): user: [email protected] (Fri Feb 21 07:28:25 2020) [sssd[be[sunil.lan]]] [pam_print_data] (0x0100): service: sshd (Fri Feb 21 07:28:25 2020) [sssd[be[sunil.lan]]] [pam_print_data] (0x0100): tty: ssh (Fri Feb 21 07:28:25 2020) [sssd[be[sunil.lan]]] [pam_print_data] (0x0100): ruser: (Fri Feb 21 07:28:25 2020) [sssd[be[sunil.lan]]] [pam_print_data] (0x0100): rhost: 127.0.0.1 (Fri Feb 21 07:28:25 2020) [sssd[be[sunil.lan]]] [pam_print_data] (0x0100): authtok type: 1 (Fri Feb 21 07:28:25 2020) [sssd[be[sunil.lan]]] [pam_print_data] (0x0100): newauthtok type: 1 (Fri Feb 21 07:28:25 2020) [sssd[be[sunil.lan]]] [pam_print_data] (0x0100): priv: 1 (Fri Feb 21 07:28:25 2020) [sssd[be[sunil.lan]]] [pam_print_data] (0x0100): cli_pid: 21631 (Fri Feb 21 07:28:25 2020) [sssd[be[sunil.lan]]] [pam_print_data] (0x0100): logon name: not set (Fri Feb 21 07:28:25 2020) [sssd[be[sunil.lan]]] [fo_resolve_service_send] (0x0100): Trying to resolve service 'IPA' (Fri Feb 21 07:28:25 2020) [sssd[be[sunil.lan]]] [be_resolve_server_process] (0x0200): Found address for server ipa.sunil.lan: [10.0.9.229] TTL 7200 (Fri Feb 21 07:28:25 2020) [sssd[be[sunil.lan]]] [fo_set_port_status] (0x0100): Marking port 0 of server 'ipa.sunil.lan' as 'not working' (Fri Feb 21 07:28:25 2020) [sssd[be[sunil.lan]]] [fo_resolve_service_send] (0x0100): Trying to resolve service 'IPA' (Fri Feb 21 07:28:25 2020) [sssd[be[sunil.lan]]] [get_port_status] (0x0080): SSSD is unable to complete the full connection request, this internal status does not necessarily indicate network port issues. (Fri Feb 21 07:28:25 2020) [sssd[be[sunil.lan]]] [get_port_status] (0x0080): SSSD is unable to complete the full connection request, this internal status does not necessarily indicate network port issues. (Fri Feb 21 07:28:25 2020) [sssd[be[sunil.lan]]] [get_port_status] (0x0100): Resetting the status of port 0 for server '(no name)' (Fri Feb 21 07:28:25 2020) [sssd[be[sunil.lan]]] [resolve_srv_send] (0x0200): The status of SRV lookup is neutral (Fri Feb 21 07:28:25 2020) [sssd[be[sunil.lan]]] [resolv_getsrv_send] (0x0100): Trying to resolve SRV record of '_ldap._tcp.sunil.lan' (Fri Feb 21 07:28:25 2020) [sssd[be[sunil.lan]]] [child_sig_handler] (0x0100): child [21639] finished successfully. (Fri Feb 21 07:28:25 2020) [sssd[be[sunil.lan]]] [resolv_discover_srv_done] (0x0040): SRV query failed [4]: Domain name not found (Fri Feb 21 07:28:25 2020) [sssd[be[sunil.lan]]] [fo_set_port_status] (0x0100): Marking port 0 of server '(no name)' as 'not working' (Fri Feb 21 07:28:25 2020) [sssd[be[sunil.lan]]] [resolve_srv_done] (0x0040): Unable to resolve SRV [1432158236]: SRV record not found (Fri Feb 21 07:28:25 2020) [sssd[be[sunil.lan]]] [set_srv_data_status] (0x0100): Marking SRV lookup of service 'IPA' as 'not resolved' (Fri Feb 21 07:28:25 2020) [sssd[be[sunil.lan]]] [be_resolve_server_process] (0x0080): Couldn't resolve server (SRV lookup meta-server), resolver returned [1432158236]: SRV record not found (Fri Feb 21 07:28:25 2020) [sssd[be[sunil.lan]]] [fo_resolve_service_send] (0x0100): Trying to resolve service 'IPA' (Fri Feb 21 07:28:25 2020) [sssd[be[sunil.lan]]] [get_port_status] (0x0080): SSSD is unable to complete the full connection request, this internal status does not necessarily indicate network port issues. (Fri Feb 21 07:28:25 2020) [sssd[be[sunil.lan]]] [get_port_status] (0x0080): SSSD is unable to complete the full connection request, this internal status does not necessarily indicate network port issues. (Fri Feb 21 07:28:25 2020) [sssd[be[sunil.lan]]] [fo_resolve_service_send] (0x0020): No available servers for service 'IPA' (Fri Feb 21 07:28:25 2020) [sssd[be[sunil.lan]]] [be_run_offline_cb] (0x0080): Going offline. Running callbacks. _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
