On 08/08/2012 01:11 PM, Jakub Hrozek wrote:
> On Wed, Aug 08, 2012 at 10:45:47AM -0800, Erinn Looney-Triggs wrote:
>> An interesting problem has popped up and I am not sure where the issue
>> lies. Users logging in are presented with "cannot find name for user ID"
>> etc. etc. for all groups they are a member of
>>
>> id returns nothing but the numbers, and a getent passwd <username>
>> returns nothing, when running as the user.
>>
>> However, as root a getent passwd <username> works.
>>
>> I am taking a look through logs and haven't found much so far, another
>> user experienced a similar issue and a ipa-client-install --uninstall
>> and reinstall (this is starting to feel like windows :) did the trick
>> for them, however it has not solved the issue for me.
>>
>> I have also cleared the sssd cache, and given that process a kick to no
>> avail.
>>
>> Firewall rules have not changed, and I assume the ipa-client-install
>> process would have failed if a firewall issue was present.
>>
>> After increasing sssd logging levels I see a lot of requests for the
>> user in the sssd logs, but no returns, not that I know if the logging is
>> supposed to log the return.
>>
>> This is on a RHEL 5.8 client:
>> ipa-client-2.1.3-2.el5_8
>> sssd-1.5.1-49.el5_8.1
>>
>> Connecting to a RHEL 6.3 IPA server.
>>
>> Any ideas?
>>
>> -Erinn
>>
> 
> Hi Erinn,
> 
> The requests for the user you saw were only in the sssd_nss log or did
> they make it to the sssd_$domain.log as well? Can you paste sanitized
> contents of both, please?
> 
> I can't think of a reason to make lookups work only as root, that's
> really strange. Can you check for AVC denials? Can you also check the
> permissions on /var/lib/sss/pipes/nss ? It should be 0666.
> 
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users@redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
> 

Yes it is very odd. I have had a rash of system with SELinux labelling
issues, so I ran a restorecon on the file system to no avail, as well I
set SELinux to permissive mode, again no help there.

Permissions appear correct:
srw-rw-rw- 1 root root    0 Aug  8 18:35 nss
srw-rw-rw- 1 root root    0 Aug  8 18:35 pam

Is there a simple way to sanitize these log files?

-Erinn

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to