I finally got it to work. What i did was purge the freeipa-client and the sssd packages. after they were purged i installed them fresh. after running the install script and pam-config-auth, rebooted and it logged in perfectly. all i can figure is one of the installation scripts between going from 12.04 to 12.10 to 13.04 reset the permissions on something deep in the bowels of ubuntu and hosed it. I guess i file this one under shrug shoulders and go ok then.. Thanks
On Thu, May 16, 2013 at 5:25 AM, Jakub Hrozek <[email protected]> wrote: > On Wed, May 15, 2013 at 12:43:02PM -0400, Willie Slepecki wrote: > > I have been debugging for a few days trying to figure out why my 13.04 > > upgraded machine will not log in to my freeipa server. the only thing i > > find odd is since i updated i began getting these in my sssd.log file > > > > (Tue May 14 17:59:08 2013) [sssd] [service_startup_handler] (0x0010): > > Could not exec /usr/lib/x86_64-linux-gnu/sssd/sssd_be --domain > > onuspride.com --debug-to-files, reason: Permission denied > > (Tue May 14 17:59:08 2013) [sssd] [service_startup_handler] (0x0010): > > Could not exec /usr/lib/x86_64-linux-gnu/sssd/sssd_be --domain > > onuspride.com --debug-to-files, reason: Permission denied > > (Tue May 14 17:59:13 2013) [sssd] [service_startup_handler] (0x0010): > > Could not exec /usr/lib/x86_64-linux-gnu/sssd/sssd_nss > > --debug-to-files, reason: Permission denied > > (Tue May 14 17:59:13 > > (Tue May 14 17:59:10 2013) [sssd] [service_startup_handler] (0x0010): > > Could not exec /usr/lib/x86_64-linux-gnu/sssd/sssd_be --domain > > onuspride.com --debug-to-files, reason: Permission denied > > 2013) [sssd] [service_startup_handler] (0x0010): Could not exec > > /usr/lib/x86_64-linux-gnu/sssd/sssd_pam --debug-to-files, reason: > > Permission denied > > Tue May 14 17:59:13 2013) [sssd] [service_startup_handler] (0x0010): > > Could not exec /usr/lib/x86_64-linux-gnu/sssd/sssd_nss > > --debug-to-files, reason: Permission denied > > (Tue May 14 17:59:13 2013) [sssd] [service_startup_handler] (0x0010): > > Could not exec /usr/lib/x86_64-linux-gnu/sssd/sssd_ssh > > --debug-to-files, reason: Permission denied > > (Tue May 14 17:59:13 2013) [sssd] [service_startup_handler] (0x0010): > > Could not exec /usr/lib/x86_64-linux-gnu/sssd/sssd_pac > > --debug-to-files, reason: Permission denied > > ((Tue May 14 17:59:13 2013) [sssd] [service_startup_handler] (0x0010): > > Could not exec /usr/lib/x86_64-linux-gnu/sssd/sssd_ssh > > --debug-to-files, reason: Permission denied > > (Tue May 14 17:59:13 2013) [sssd] [service_startup_handler] (0x0010): > > Could not exec /usr/lib/x86_64-linux-gnu/sssd/sssd_pam > > --debug-to-files, reason: Permission denied > > (Tue May 14 17:59:13 2013) [sssd] [service_startup_handler] (0x0010): > > Could not exec /usr/lib/x86_64-linux-gnu/sssd/sssd_pac > > --debug-to-files, reason: Permission denied > > (Tue May 14 17:59:14 2013) [sssd] [service_startup_handler] (0x0010): > > Could not exec /usr/lib/x86_64-linux-gnu/sssd/sssd_be --domain > > onuspride.com --debug-to-files, reason: Permission denied > > (Tue May 14 17:59:14 2013) [sssd] [mt_svc_exit_handler] (0x0010): > > Process [onuspride.com], definitely stopped! > > > > i looked at the executables and they are set to 700 with owner of root. > > that should be right. when i try to run the same commandline as root they > > execute correctly. i assume at least, i don't get any errors or messages. > > > > anyone have an idea what these are? i suspect these errors are the > reason i > > can't login to the ipa server. this whole configuration worked just fine > at > > 12.04, but everything stopped when i upgraded the machine to 12.04 -> > 12.10 > > -> 13.04 > > Yes, these errors are definitely the culprit. These subprocesses are the > actual worker processes of the sssd, if they don't execute, the SSSD > doesn't work. > > Could something like SELinux or AppArmor be in the way? > > btw the Ubuntu maintainer checked that with default packaging the > permissions are 0755 (same as on Fedora), can you check if the package > was modified post-install by some hardening script perhaps? 0700 should > be working as well, though.. > > _______________________________________________ > Freeipa-users mailing list > [email protected] > https://www.redhat.com/mailman/listinfo/freeipa-users > -- You want it fast, cheap, or right. Pick two!!
_______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
