On Wed, Aug 08, 2012 at 10:45:47AM -0800, Erinn Looney-Triggs wrote:
> An interesting problem has popped up and I am not sure where the issue
> lies. Users logging in are presented with "cannot find name for user ID"
> etc. etc. for all groups they are a member of
> id returns nothing but the numbers, and a getent passwd <username>
> returns nothing, when running as the user.
> However, as root a getent passwd <username> works.
> I am taking a look through logs and haven't found much so far, another
> user experienced a similar issue and a ipa-client-install --uninstall
> and reinstall (this is starting to feel like windows :) did the trick
> for them, however it has not solved the issue for me.
> I have also cleared the sssd cache, and given that process a kick to no
> avail.
> Firewall rules have not changed, and I assume the ipa-client-install
> process would have failed if a firewall issue was present.
> After increasing sssd logging levels I see a lot of requests for the
> user in the sssd logs, but no returns, not that I know if the logging is
> supposed to log the return.
> This is on a RHEL 5.8 client:
> ipa-client-2.1.3-2.el5_8
> sssd-1.5.1-49.el5_8.1
> Connecting to a RHEL 6.3 IPA server.
> Any ideas?
> -Erinn

Hi Erinn,

The requests for the user you saw were only in the sssd_nss log or did
they make it to the sssd_$domain.log as well? Can you paste sanitized
contents of both, please?

I can't think of a reason to make lookups work only as root, that's
really strange. Can you check for AVC denials? Can you also check the
permissions on /var/lib/sss/pipes/nss ? It should be 0666.

Freeipa-users mailing list

Reply via email to