On So, 2016-07-16 at 15:37 +0200, Lukas Slebodnik wrote: > On (16/07/16 10:19), Martin Štefany wrote: > > > > Hello Sumit, > > > > seems that upgrade to F24 broke things again. This time no AVCs, empty SSSD > > logs, but same problem: 'Error looking up public keys'. > > > > selinux-policy-3.13.1-191.fc24.3.noarch > > selinux-policy-targeted-3.13.1-191.fc24.3.noarch > > sssd-1.13.4-3.fc24.x86_64 > > > Fedora 23 and fedora 24 has the same version of sssd > and almost the same version of openssh. > I have no idea what coudl broke it it there are not any AVCs. > > > > > Using debug_level 0x0250 :: > > > For troubleshooting, it would be better to see all > debug messages. (debug_level = 0xfff0)
Hello Lukas, thanks for replying on this, here are debug_level = 0xfff0 messages (Sun Jul 17 23:17:34 2016) [sssd[ssh]] [get_client_cred] (0x4000): Client creds: euid[1293400001] egid[1293400001] pid[15966]. (Sun Jul 17 23:17:34 2016) [sssd[ssh]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x5617ca096280][18] (Sun Jul 17 23:17:34 2016) [sssd[ssh]] [accept_fd_handler] (0x0400): Client connected! (Sun Jul 17 23:17:34 2016) [sssd[ssh]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x5617ca096280][18] (Sun Jul 17 23:17:34 2016) [sssd[ssh]] [sss_cmd_get_version] (0x0200): Received client version [0]. (Sun Jul 17 23:17:34 2016) [sssd[ssh]] [sss_cmd_get_version] (0x0200): Offered version [0]. (Sun Jul 17 23:17:34 2016) [sssd[ssh]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x5617ca096280][18] (Sun Jul 17 23:17:34 2016) [sssd[ssh]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x5617ca096280][18] (Sun Jul 17 23:17:34 2016) [sssd[ssh]] [ssh_cmd_parse_request] (0x0400): Requested domain [<ALL>] (Sun Jul 17 23:17:34 2016) [sssd[ssh]] [ssh_cmd_parse_request] (0x0400): Parsing name [martin][<ALL>] (Sun Jul 17 23:17:34 2016) [sssd[ssh]] [sss_parse_name_for_domains] (0x0200): name 'martin' matched without domain, user is martin (Sun Jul 17 23:17:34 2016) [sssd[ssh]] [sss_ssh_cmd_get_user_pubkeys] (0x0400): Requesting SSH user public keys for [martin] from [<ALL>] (Sun Jul 17 23:17:34 2016) [sssd[ssh]] [sss_dp_issue_request] (0x0400): Issuing request for [0x5617c96301a0:1:[email protected]] (Sun Jul 17 23:17:34 2016) [sssd[ssh]] [sss_dp_get_account_msg] (0x0400): Creating request for [stefany.eu][0x1][BE_REQ_USER][1][name=martin] (Sun Jul 17 23:17:34 2016) [sssd[ssh]] [sbus_add_timeout] (0x2000): 0x5617ca09bb60 (Sun Jul 17 23:17:34 2016) [sssd[ssh]] [sss_dp_internal_get_send] (0x0400): Entering request [0x5617c96301a0:1:[email protected]] (Sun Jul 17 23:17:34 2016) [sssd[ssh]] [sbus_remove_timeout] (0x2000): 0x5617ca09bb60 (Sun Jul 17 23:17:34 2016) [sssd[ssh]] [sbus_dispatch] (0x4000): dbus conn: 0x5617ca09a300 (Sun Jul 17 23:17:34 2016) [sssd[ssh]] [sbus_dispatch] (0x4000): Dispatching. (Sun Jul 17 23:17:34 2016) [sssd[ssh]] [sss_dp_get_reply] (0x1000): Got reply from Data Provider - DP error code: 0 errno: 0 error message: Success (Sun Jul 17 23:17:34 2016) [sssd[ssh]] [ssh_user_pubkeys_search_next] (0x0400): Requesting SSH user public keys for [[email protected]] (Sun Jul 17 23:17:34 2016) [sssd[ssh]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x5617ca0a4370 (Sun Jul 17 23:17:34 2016) [sssd[ssh]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x5617ca0a4430 (Sun Jul 17 23:17:34 2016) [sssd[ssh]] [ldb] (0x4000): Running timer event 0x5617ca0a4370 "ltdb_callback" (Sun Jul 17 23:17:34 2016) [sssd[ssh]] [ldb] (0x4000): Destroying timer event 0x5617ca0a4430 "ltdb_timeout" (Sun Jul 17 23:17:34 2016) [sssd[ssh]] [ldb] (0x4000): Ending timer event 0x5617ca0a4370 "ltdb_callback" (Sun Jul 17 23:17:34 2016) [sssd[ssh]] [decode_and_add_base64_data] (0x4000): Mssing element, nothing to do. (Sun Jul 17 23:17:34 2016) [sssd[ssh]] [decode_and_add_base64_data] (0x4000): Mssing element, nothing to do. (Sun Jul 17 23:17:34 2016) [sssd[ssh]] [cert_to_ssh_key] (0x0020): CERT_VerifyCertificateNow failed [-8179]. (Sun Jul 17 23:17:34 2016) [sssd[ssh]] [decode_and_add_base64_data] (0x0040): cert_to_ssh_key failed. (Sun Jul 17 23:17:34 2016) [sssd[ssh]] [ssh_cmd_build_reply] (0x0040): decode_and_add_base64_data failed. (Sun Jul 17 23:17:34 2016) [sssd[ssh]] [ssh_cmd_done] (0x0020): Fatal error, killing connection! (Sun Jul 17 23:17:34 2016) [sssd[ssh]] [client_destructor] (0x2000): Terminated client [0x5617ca096280][18] (Sun Jul 17 23:17:34 2016) [sssd[ssh]] [sss_dp_req_destructor] (0x0400): Deleting request: [0x5617c96301a0:1:[email protected]] > > > > $ /usr/bin/sss_ssh_authorizedkeys martin > > Error looking up public keys > > > And try to run strace with sss_ssh_authorizedkeys > > LS Martin -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
