On Thu, Apr 25, 2013 at 12:38:18PM +0200, Pavel Březina wrote: > On 04/24/2013 07:20 PM, Aly Khimji wrote: > >(Wed Apr 24 13:07:35 2013) [sssd[be[nix.corpnonprd.xxxx.com]]] > >[be_pam_handler_callback] (0x0100): Backend returned: (0, 0, <NULL>) > >[Success] > >(Wed Apr 24 13:07:35 2013) [sssd[be[nix.corpnonprd.xxxx.com]]] > >[sss_selinux_extract_user] (0x0040): sysdb_search_user_by_name failed. > >(Wed Apr 24 13:07:35 2013) [sssd[be[nix.corpnonprd.xxxx.com]]] > >[ipa_selinux_handler] (0x0040): Cannot create op context
This issue is already know, https://bugzilla.redhat.com/show_bug.cgi?id=954342 and https://fedorahosted.org/sssd/ticket/1892 . I will send a fix for this to sssd-devel soon. bye, Sumit > >(Wed Apr 24 13:07:35 2013) [sssd[be[nix.corpnonprd.xxxx.com]]] > >[be_pam_handler_callback] (0x0100): Backend returned: (3, 4, <NULL>) > >[Internal Error (System error)] > > Hi, > this looks like a selinux problem to me. What happens when you set > selinux to permissive? > > Also does this problem occur only with sudo, or other services are > affected too (id, authentication, ssh)? > > Can you please perform following commands? It will remove cache and > logs so do it in a safe non-production environment. > > As root: > # service stop sssd > # rm -f /var/lib/sss/db/* /var/lib/sss/mc/* /var/log/sssd/* > # service sssd start > > As normal user: > $ su ad-user@trusted-domain > $ sudo -l > $ exit > > And send us the sanitized logs (all of them). > > Thank you. > > > > > > > _______________________________________________ > Freeipa-users mailing list > Freeipa-users@redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-users _______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users