HBAC allow_all enabled. I think everything default, only sudo rule from video.
I did debug level 3... sssd_dom.loc.log: (2024-01-10 16:14:08): [be[dom.loc]] [sdap_dyndns_dns_addrs_done] (0x0040): [RID#62] Could not receive list of current addresses [5]: Input/output error (2024-01-10 16:14:08): [be[dom.loc]] [ipa_dyndns_sdap_update_done] (0x0040): [RID#62] Dynamic DNS update failed [5]: Input/output error (2024-01-10 16:14:08): [be[dom.loc]] [be_ptask_done] (0x0040): [RID#62] Task [Dyndns update]: failed with [5]: Input/output error ********************** PREVIOUS MESSAGE WAS TRIGGERED BY THE FOLLOWING BACKTRACE: * (2024-01-10 16:14:08): [be[dom.loc]] [sdap_id_op_destroy] (0x4000): [RID#62] releasing operation connection * (2024-01-10 16:14:08): [be[dom.loc]] [be_ptask_done] (0x0040): [RID#62] Task [Dyndns update]: failed with [5]: Input/output error ********************** BACKTRACE DUMP ENDS HERE ********************************* (2024-01-10 16:14:09): [be[dom.loc]] [ipa_id_get_account_info_orig_done] (0x0080): [RID#69] Object not found, ending request (2024-01-10 16:21:58): [be[dom.loc]] [ipa_hbac_evaluate_rules] (0x0080): [RID#94] Access granted by HBAC rule [allow_all] (2024-01-10 16:21:58): [be[dom.loc]] [ipa_deskprofile_get_config_done] (0x0080): [RID#96] Server doesn't support Desktop Profile. (2024-01-10 16:21:58): [be[dom.loc]] [ipa_hbac_evaluate_rules] (0x0080): [RID#97] Access granted by HBAC rule [allow_all] ------------------------------------- sssd_pam.log: (2024-01-10 16:28:09): [pam] [orderly_shutdown] (0x1f7c0): SIGTERM: killing children (2024-01-10 16:28:09): [pam] [orderly_shutdown] (0x1f7c0): Shutting down (status = 0)(2024-01-10 16:28:24): [pam] [server_setup] (0x1f7c0): Starting with deb> (2024-01-10 16:28:25): [pam] [cache_req_common_process_dp_reply] (0x0040): [CID#1] CR #1: Could not get account info [1432158212]: SSSD is offline ------------------------------------- journalctl -xe when I trying to close forticlient (doing privileged action) and close auth window: 16:31:26 desktop22043.dom.loc audit[800]: AVC apparmor="ALLOWED" operation="open" class="file" profile="/usr/sbin/sssd" name="/proc/3949/cmdline" pid=800 comm="sssd_nss" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 16:31:26 desktop22043.dom.loc kernel: audit: type=1400 audit(1704889886.433:219): apparmor="ALLOWED" operation="open" class="file" profile="/usr/sbin/sssd" name="/proc/3949/cmdline" pid=800 comm="sssd_nss" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 16:31:26 desktop22043.dom.loc audit[800]: AVC apparmor="ALLOWED" operation="open" class="file" profile="/usr/sbin/sssd" name="/proc/3952/cmdline" pid=800 comm="sssd_nss" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 16:31:26 desktop22043.dom.loc kernel: audit: type=1400 audit(1704889886.497:220): apparmor="ALLOWED" operation="open" class="file" profile="/usr/sbin/sssd" name="/proc/3952/cmdline" pid=800 comm="sssd_nss" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 ----auth windows closed: 16:33:38 desktop22043.dom.loc polkitd(authority=local)[587]: Operator of unix-session:4 FAILED to authenticate to gain authorization for action org.fortinet.fortitray.quit for unix-process:3948:18923 [sh -c pkexec /bin/bash /opt/forticlient/stop-forticlient.sh] (owned by unix-user:desktop) 16:33:38 desktop22043.dom.loc pkexec[3949]: desktop: Error executing command as another user: Request dismissed [USER=root] [TTY=unknown] [CWD=/home/desktop] [COMMAND=/bin/bash /opt/forticlient/stop-forticlient.sh] 16:33:38 desktop22043.dom.loc Fortitray.desktop[3949]: Error executing command as another user: Request dismissed -- _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
