On Wed, 2016-12-21 at 17:50 +0100, Petr Spacek wrote: > Okay, I believe that this is the problem: > > On 21.12.2016 15:53, Brian J. Murrell wrote: > > [21/Dec/2016:09:39:12.003351818 -0500] conn=77028 fd=107 slot=107 > > connection from local to /var/run/slapd-EXAMPLE.COM.socket > > ... > > [21/Dec/2016:09:39:12.064476101 -0500] conn=77028 op=0 BIND dn="" > > method=sasl version=3 mech=GSSAPI > > [21/Dec/2016:09:39:12.067486416 -0500] conn=77028 op=0 RESULT > > err=49 tag=97 nentries=0 etime=0 - SASL(-1): generic failure: > > GSSAPI Error: Unspecified GSS failure. Minor code may provide more > > information (Permission denied) > > [21/Dec/2016:09:39:12.192506861 -0500] conn=77028 op=1 UNBIND > > [21/Dec/2016:09:39:12.192549740 -0500] conn=77028 op=1 fd=107 > > closed - U1 > > I have no idea why it is returning Permission denied. > > Is it reproducible when you run this? > $ kinit -kt /etc/ipa/dnssec/ipa-dnskeysyncd.keytab > ipa-dnskeysyncd/server.example.com > $ ldapsearch -Y GSSAPI -H /var/run/slapd-EXAMPLE.COM.socket > ?
# klist Ticket cache: KEYRING:persistent:0:0 Default principal: ipa-dnskeysyncd/[email protected] Valid starting Expires Service principal 21/12/16 13:05:16 22/12/16 13:02:12 ldap/[email protected] 21/12/16 13:02:12 22/12/16 13:02:12 krbtgt/[email protected] # ldapsearch -Y GSSAPI -H ldapi://%2Fvar%2Frun%2Fslapd-EXAMPLE.COM.socket SASL/GSSAPI authentication started ldap_sasl_interactive_bind_s: Invalid credentials (49) > > We need to find out why it is blowing up on GSSAPI negotiation. > > Wild guess is that /etc/dirsrv/ds.keytab could have wrong > permissions. It > should have > -rw-------. 1 dirsrv dirsrv unconfined_u:object_r:dirsrv_config_t:s0 # ls -lZ /etc/dirsrv/ds.keytab -rw-------. dirsrv dirsrv system_u:object_r:dirsrv_config_t:s0 /etc/dirsrv/ds.keytab > If you manage to reproduce it, you can attach strace to the running > dirsrv By that I assume you mean the ns-slapd. The strace (minus poll/select/futex noise) is attached. > process and see what call is failing (if it is a system call)... Perhaps this one: [pid 13449] open("/etc/krb5.keytab", O_RDONLY) = -1 EACCES (Permission denied) # ls -lZ /etc/krb5.keytab -rw-------. root root system_u:object_r:krb5_keytab_t:s0 /etc/krb5.keytab But looking into the backup of this system, even a week and a month ago, that file had the same permissions/ownership. And changing it to 644 temporarily doesn't fix the "ldap_sasl_interactive_bind_s: Invalid credentials (49)" from ldapsearch. Cheers, b.
8967 restart_syscall(<... resuming interrupted call ...> <unfinished ...>
13414 restart_syscall(<... resuming interrupted call ...> <unfinished ...>
13413 restart_syscall(<... resuming interrupted call ...> <unfinished ...>
12933 restart_syscall(<... resuming interrupted call ...>) = 0
12933 getpeername(7, 0x7ffc9bff1450, [112]) = -1 ENOTCONN (Transport endpoint
is not connected)
12933 getpeername(7, 0x7ffc9bff1450, [112]) = -1 ENOTCONN (Transport endpoint
is not connected)
12933 getpeername(7, 0x7ffc9bff1450, [112]) = -1 ENOTCONN (Transport endpoint
is not connected)
12933 getpeername(7, 0x7ffc9bff1450, [112]) = -1 ENOTCONN (Transport endpoint
is not connected)
12933 accept(8, {sa_family=AF_LOCAL, NULL}, [2]) = 65
12933 fcntl(65, F_GETFL) = 0x2 (flags O_RDWR)
12933 fcntl(65, F_SETFL, O_RDWR|O_NONBLOCK) = 0
12933 setsockopt(65, SOL_SOCKET, SO_KEEPALIVE, [1], 4) = 0
12933 getpeername(65, {sa_family=AF_LOCAL, NULL}, [2]) = 0
12933 getsockname(65, {sa_family=AF_LOCAL,
sun_path="/var/run/slapd-EXAMPLE.COM.socket"}, [40]) = 0
12933 getsockopt(65, SOL_SOCKET, SO_PEERCRED, {pid=16254, uid=0, gid=0}, [12])
= 0
12933 getpeername(7, 0x7ffc9bff1450, [112]) = -1 ENOTCONN (Transport endpoint
is not connected)
8967 <... restart_syscall resumed> ) = -1 ETIMEDOUT (Connection timed out)
12933 getpeername(7, 0x7ffc9bff1450, [112]) = -1 ENOTCONN (Transport endpoint
is not connected)
13442 recvfrom(65,
"0\202\2\316\2\1\1`\202\2\307\2\1\3\4\0\243\202\2\276\4\6GSSAPI\4\202\2\262"...,
512, 0, NULL, NULL) = 512
13442 recvfrom(65,
"\237\23\203^\177$\376[\345\20\223t\3052\326\305\352\355i\277\207V\214\n\312M\210h=\2\233="...,
512, 0, NULL, NULL) = 210
13442 write(51, "\0", 1) = 1
13442 sendto(59, "<39>Dec 21 13:16:42 ns-slapd: GS"..., 51, MSG_NOSIGNAL, NULL,
0) = 51
13442 lstat("/etc/gss/mech", 0x7feac37ecd00) = -1 ENOENT (No such file or
directory)
13442 openat(AT_FDCWD, "/etc/gss/mech.d",
O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = 107
13442 getdents(107, /* 3 entries */, 32768) = 88
13442 getdents(107, /* 0 entries */, 32768) = 0
13442 close(107) = 0
13442 lstat("/etc/gss/mech.d/gssproxy.conf", {st_mode=S_IFREG|0644,
st_size=189, ...}) = 0
13442 stat("/usr/lib64/gssproxy/proxymech.so", {st_mode=S_IFREG|0755,
st_size=110960, ...}) = 0
13442 stat("/etc/krb5.conf", {st_mode=S_IFREG|0644, st_size=780, ...}) = 0
13442 open("/etc/krb5.conf", O_RDONLY) = 107
13442 fcntl(107, F_SETFD, FD_CLOEXEC) = 0
13442 fstat(107, {st_mode=S_IFREG|0644, st_size=780, ...}) = 0
13442 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0)
= 0x7feaf3cba000
13442 read(107, "includedir /var/lib/sss/pubconf/"..., 1024) = 780
13442 openat(AT_FDCWD, "/var/lib/sss/pubconf/krb5.include.d/",
O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = 108
13442 getdents(108, /* 5 entries */, 32768) = 176
13442 open("/var/lib/sss/pubconf/krb5.include.d//krb5_libdefaults", O_RDONLY) =
111
13442 fstat(111, {st_mode=S_IFREG|0644, st_size=35, ...}) = 0
13442 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0)
= 0x7feaf3cb9000
13442 read(111, "[libdefaults]\n canonicalize = tr"..., 4096) = 35
13442 read(111, "", 4096) = 0
13442 close(111) = 0
13442 munmap(0x7feaf3cb9000, 4096) = 0
13442 open("/var/lib/sss/pubconf/krb5.include.d//localauth_plugin", O_RDONLY) =
111
13442 fstat(111, {st_mode=S_IFREG|0644, st_size=98, ...}) = 0
13442 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0)
= 0x7feaf3cb9000
13442 read(111, "[plugins]\n localauth = {\n modul"..., 4096) = 98
13442 read(111, "", 4096) = 0
13442 close(111) = 0
13442 munmap(0x7feaf3cb9000, 4096) = 0
13442 open("/var/lib/sss/pubconf/krb5.include.d//domain_realm_example_com",
O_RDONLY) = 111
13442 fstat(111, {st_mode=S_IFREG|0644, st_size=15, ...}) = 0
13442 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0)
= 0x7feaf3cb9000
13442 read(111, "[domain_realm]\n", 4096) = 15
13442 read(111, "", 4096) = 0
13442 close(111) = 0
13442 munmap(0x7feaf3cb9000, 4096) = 0
13442 getdents(108, /* 0 entries */, 32768) = 0
13442 close(108) = 0
13442 read(107, "", 1024) = 0
13442 close(107) = 0
13442 munmap(0x7feaf3cba000, 4096) = 0
13442 open("/dev/urandom", O_RDONLY) = 107
13442 fcntl(107, F_SETFD, FD_CLOEXEC) = 0
13442 fstat(107, {st_mode=S_IFCHR|0666, st_rdev=makedev(1, 9), ...}) = 0
13442 read(107,
"t\232a\376\355j\6:\264\20\322\252#\307\252\3\37\310x\3168!Vc\371\262M\3161\203\rK"...,
64) = 64
13442 close(107) = 0
13442 open("/etc/hosts", O_RDONLY|O_CLOEXEC) = 107
13442 fstat(107, {st_mode=S_IFREG|0644, st_size=616, ...}) = 0
13442 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0)
= 0x7feaf3cba000
13442 read(107, "127.0.0.1 localhost localhost."..., 1024) = 616
13442 read(107, "", 1024) = 0
13442 close(107) = 0
13442 munmap(0x7feaf3cba000, 4096) = 0
13442 socket(PF_NETLINK, SOCK_RAW, 0) = 107
13442 bind(107, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 0
13442 getsockname(107, {sa_family=AF_NETLINK, pid=12933, groups=00000000},
[12]) = 0
13442 sendto(107, "\24\0\0\0\26\0\1\3\n\307ZX\0\0\0\0\0\0\0\0", 20, 0,
{sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 20
13442 recvmsg(107, {msg_name(12)={sa_family=AF_NETLINK, pid=0,
groups=00000000},
msg_iov(1)=[{"L\0\0\0\24\0\2\0\n\307ZX\2052\0\0\2\10\200\376\1\0\0\0\10\0\1\0\177\0\0\1"...,
4096}], msg_controllen=0, msg_flags=0}, 0) = 404
13442 recvmsg(107, {msg_name(12)={sa_family=AF_NETLINK, pid=0,
groups=00000000},
msg_iov(1)=[{"H\0\0\0\24\0\2\0\n\307ZX\2052\0\0\n\200\200\376\1\0\0\0\24\0\1\0\0\0\0\0"...,
4096}], msg_controllen=0, msg_flags=0}, 0) = 504
13442 recvmsg(107, {msg_name(12)={sa_family=AF_NETLINK, pid=0,
groups=00000000}, msg_iov(1)=[{"\24\0\0\0\3\0\2\0\n\307ZX\2052\0\0\0\0\0\0",
4096}], msg_controllen=0, msg_flags=0}, 0) = 20
13442 close(107) = 0
13442 socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP) = 107
13442 connect(107, {sa_family=AF_INET6, sin6_port=htons(0), inet_pton(AF_INET6,
"fd31:aeb1:48df:0:214:d1ff:fe13:45ac", &sin6_addr), sin6_flowinfo=0,
sin6_scope_id=0}, 28) = 0
13442 getsockname(107, {sa_family=AF_INET6, sin6_port=htons(60060),
inet_pton(AF_INET6, "fd31:aeb1:48df:0:214:d1ff:fe13:45ac", &sin6_addr),
sin6_flowinfo=0, sin6_scope_id=0}, [28]) = 0
13442 connect(107, {sa_family=AF_UNSPEC,
sa_data="\0\0\0\0\0\0\0\0\0\0\0\0\0\0"}, 16) = 0
13442 connect(107, {sa_family=AF_INET6, sin6_port=htons(0), inet_pton(AF_INET6,
"[ipv6_prefix1]:214:d1ff:fe13:45ac", &sin6_addr), sin6_flowinfo=0,
sin6_scope_id=0}, 28) = 0
13442 getsockname(107, {sa_family=AF_INET6, sin6_port=htons(39732),
inet_pton(AF_INET6, "[ipv6_prefix1]:214:d1ff:fe13:45ac", &sin6_addr),
sin6_flowinfo=0, sin6_scope_id=0}, [28]) = 0
13442 connect(107, {sa_family=AF_UNSPEC,
sa_data="\0\0\0\0\0\0\0\0\0\0\0\0\0\0"}, 16) = 0
13442 connect(107, {sa_family=AF_INET6, sin6_port=htons(0), inet_pton(AF_INET6,
"[ipv6_prefix2]:0:214:d1ff:fe13:45ac", &sin6_addr), sin6_flowinfo=0,
sin6_scope_id=0}, 28) = 0
13442 getsockname(107, {sa_family=AF_INET6, sin6_port=htons(45163),
inet_pton(AF_INET6, "[ipv6_prefix3]:214:d1ff:fe13:45ac", &sin6_addr),
sin6_flowinfo=0, sin6_scope_id=0}, [28]) = 0
13442 connect(107, {sa_family=AF_UNSPEC,
sa_data="\0\0\0\0\0\0\0\0\0\0\0\0\0\0"}, 16) = 0
13442 connect(107, {sa_family=AF_INET6, sin6_port=htons(0), inet_pton(AF_INET6,
"[ipv6_prefix3]:214:d1ff:fe13:45ac", &sin6_addr), sin6_flowinfo=0,
sin6_scope_id=0}, 28) = 0
13442 getsockname(107, {sa_family=AF_INET6, sin6_port=htons(50089),
inet_pton(AF_INET6, "[ipv6_prefix3]:214:d1ff:fe13:45ac", &sin6_addr),
sin6_flowinfo=0, sin6_scope_id=0}, [28]) = 0
13442 connect(107, {sa_family=AF_UNSPEC,
sa_data="\0\0\0\0\0\0\0\0\0\0\0\0\0\0"}, 16) = 0
13442 connect(107, {sa_family=AF_INET, sin_port=htons(0),
sin_addr=inet_addr("10.75.22.247")}, 16) = 0
13442 getsockname(107, {sa_family=AF_INET6, sin6_port=htons(57720),
inet_pton(AF_INET6, "::ffff:10.75.22.247", &sin6_addr), sin6_flowinfo=0,
sin6_scope_id=0}, [28]) = 0
13442 close(107) = 0
13442 stat("/etc/krb5.conf", {st_mode=S_IFREG|0644, st_size=780, ...}) = 0
13442 open("/etc/krb5.conf", O_RDONLY) = 107
13442 fcntl(107, F_SETFD, FD_CLOEXEC) = 0
13442 fstat(107, {st_mode=S_IFREG|0644, st_size=780, ...}) = 0
13442 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0)
= 0x7feaf3cba000
13442 read(107, "includedir /var/lib/sss/pubconf/"..., 1024) = 780
13442 openat(AT_FDCWD, "/var/lib/sss/pubconf/krb5.include.d/",
O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = 108
13442 getdents(108, /* 5 entries */, 32768) = 176
13442 open("/var/lib/sss/pubconf/krb5.include.d//krb5_libdefaults", O_RDONLY) =
111
13442 fstat(111, {st_mode=S_IFREG|0644, st_size=35, ...}) = 0
13442 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0)
= 0x7feaf3cb9000
13442 read(111, "[libdefaults]\n canonicalize = tr"..., 4096) = 35
13442 read(111, "", 4096) = 0
13442 close(111) = 0
13442 munmap(0x7feaf3cb9000, 4096) = 0
13442 open("/var/lib/sss/pubconf/krb5.include.d//localauth_plugin", O_RDONLY) =
111
13442 fstat(111, {st_mode=S_IFREG|0644, st_size=98, ...}) = 0
13442 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0)
= 0x7feaf3cb9000
13442 read(111, "[plugins]\n localauth = {\n modul"..., 4096) = 98
13442 read(111, "", 4096) = 0
13442 close(111) = 0
13442 munmap(0x7feaf3cb9000, 4096) = 0
13442 open("/var/lib/sss/pubconf/krb5.include.d//domain_realm_example_com",
O_RDONLY) = 111
13442 fstat(111, {st_mode=S_IFREG|0644, st_size=15, ...}) = 0
13442 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0)
= 0x7feaf3cb9000
13442 read(111, "[domain_realm]\n", 4096) = 15
13442 read(111, "", 4096) = 0
13442 close(111) = 0
13442 munmap(0x7feaf3cb9000, 4096) = 0
13442 getdents(108, /* 0 entries */, 32768) = 0
13442 close(108) = 0
13442 read(107, "", 1024) = 0
13442 close(107) = 0
13442 munmap(0x7feaf3cba000, 4096) = 0
13442 open("/dev/urandom", O_RDONLY) = 107
13442 fcntl(107, F_SETFD, FD_CLOEXEC) = 0
13442 fstat(107, {st_mode=S_IFCHR|0666, st_rdev=makedev(1, 9), ...}) = 0
13442 read(107,
"\1\313~\27y\301\273\231\350+\364\t\305\312\261MY$\246\253x|S9u\255\364\244\265\343\23
"..., 64) = 64
13442 close(107) = 0
13442 open("/etc/krb5.keytab", O_RDONLY) = -1 EACCES (Permission denied)
13442 stat("/etc/krb5.conf", {st_mode=S_IFREG|0644, st_size=780, ...}) = 0
13442 open("/etc/krb5.conf", O_RDONLY) = 107
13442 fcntl(107, F_SETFD, FD_CLOEXEC) = 0
13442 fstat(107, {st_mode=S_IFREG|0644, st_size=780, ...}) = 0
13442 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0)
= 0x7feaf3cba000
13442 read(107, "includedir /var/lib/sss/pubconf/"..., 1024) = 780
13442 openat(AT_FDCWD, "/var/lib/sss/pubconf/krb5.include.d/",
O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = 108
13442 getdents(108, /* 5 entries */, 32768) = 176
13442 open("/var/lib/sss/pubconf/krb5.include.d//krb5_libdefaults", O_RDONLY) =
111
13442 fstat(111, {st_mode=S_IFREG|0644, st_size=35, ...}) = 0
13442 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0)
= 0x7feaf3cb9000
13442 read(111, "[libdefaults]\n canonicalize = tr"..., 4096) = 35
13442 read(111, "", 4096) = 0
13442 close(111) = 0
13442 munmap(0x7feaf3cb9000, 4096) = 0
13442 open("/var/lib/sss/pubconf/krb5.include.d//localauth_plugin", O_RDONLY) =
111
13442 fstat(111, {st_mode=S_IFREG|0644, st_size=98, ...}) = 0
13442 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0)
= 0x7feaf3cb9000
13442 read(111, "[plugins]\n localauth = {\n modul"..., 4096) = 98
13442 read(111, "", 4096) = 0
13442 close(111) = 0
13442 munmap(0x7feaf3cb9000, 4096) = 0
13442 open("/var/lib/sss/pubconf/krb5.include.d//domain_realm_example_com",
O_RDONLY) = 111
13442 fstat(111, {st_mode=S_IFREG|0644, st_size=15, ...}) = 0
13442 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0)
= 0x7feaf3cb9000
13442 read(111, "[domain_realm]\n", 4096) = 15
13442 read(111, "", 4096) = 0
13442 close(111) = 0
13442 munmap(0x7feaf3cb9000, 4096) = 0
13442 getdents(108, /* 0 entries */, 32768) = 0
13442 close(108) = 0
13442 read(107, "", 1024) = 0
13442 close(107) = 0
13442 munmap(0x7feaf3cba000, 4096) = 0
13442 open("/dev/urandom", O_RDONLY) = 107
13442 fcntl(107, F_SETFD, FD_CLOEXEC) = 0
13442 fstat(107, {st_mode=S_IFCHR|0666, st_rdev=makedev(1, 9), ...}) = 0
13442 read(107,
"y\331\247\350\335\273\366\257\245=\361\233\276#\304\357\6\2251\276\7\344\372\301\335\221\262\305\26f\301f"...,
64) = 64
13442 close(107) = 0
13442 stat("/usr/lib64/gssproxy/proxymech.so", {st_mode=S_IFREG|0755,
st_size=110960, ...}) = 0
13442 stat("/etc/krb5.conf", {st_mode=S_IFREG|0644, st_size=780, ...}) = 0
13442 open("/etc/krb5.conf", O_RDONLY) = 107
13442 fcntl(107, F_SETFD, FD_CLOEXEC) = 0
13442 fstat(107, {st_mode=S_IFREG|0644, st_size=780, ...}) = 0
13442 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0)
= 0x7feaf3cba000
13442 read(107, "includedir /var/lib/sss/pubconf/"..., 1024) = 780
13442 openat(AT_FDCWD, "/var/lib/sss/pubconf/krb5.include.d/",
O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = 108
13442 getdents(108, /* 5 entries */, 32768) = 176
13442 open("/var/lib/sss/pubconf/krb5.include.d//krb5_libdefaults", O_RDONLY) =
111
13442 fstat(111, {st_mode=S_IFREG|0644, st_size=35, ...}) = 0
13442 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0)
= 0x7feaf3cb9000
13442 read(111, "[libdefaults]\n canonicalize = tr"..., 4096) = 35
13442 read(111, "", 4096) = 0
13442 close(111) = 0
13442 munmap(0x7feaf3cb9000, 4096) = 0
13442 open("/var/lib/sss/pubconf/krb5.include.d//localauth_plugin", O_RDONLY) =
111
13442 fstat(111, {st_mode=S_IFREG|0644, st_size=98, ...}) = 0
13442 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0)
= 0x7feaf3cb9000
13442 read(111, "[plugins]\n localauth = {\n modul"..., 4096) = 98
13442 read(111, "", 4096) = 0
13442 close(111) = 0
13442 munmap(0x7feaf3cb9000, 4096) = 0
13442 open("/var/lib/sss/pubconf/krb5.include.d//domain_realm_example_com",
O_RDONLY) = 111
13442 fstat(111, {st_mode=S_IFREG|0644, st_size=15, ...}) = 0
13442 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0)
= 0x7feaf3cb9000
13442 read(111, "[domain_realm]\n", 4096) = 15
13442 read(111, "", 4096) = 0
13442 close(111) = 0
13442 munmap(0x7feaf3cb9000, 4096) = 0
13442 getdents(108, /* 0 entries */, 32768) = 0
13442 close(108) = 0
13442 read(107, "", 1024) = 0
13442 close(107) = 0
13442 munmap(0x7feaf3cba000, 4096) = 0
13442 open("/dev/urandom", O_RDONLY) = 107
13442 fcntl(107, F_SETFD, FD_CLOEXEC) = 0
13442 fstat(107, {st_mode=S_IFCHR|0666, st_rdev=makedev(1, 9), ...}) = 0
13442 read(107,
"\333\310\fT\300-RA\243\305\30\332V<:\230\5\27\274\215>\262YV\345\324b\314#,\263F"...,
64) = 64
13442 close(107) = 0
13442 open("/etc/hosts", O_RDONLY|O_CLOEXEC) = 107
13442 fstat(107, {st_mode=S_IFREG|0644, st_size=616, ...}) = 0
13442 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0)
= 0x7feaf3cba000
13442 read(107, "127.0.0.1 localhost localhost."..., 1024) = 616
13442 read(107, "", 1024) = 0
13442 close(107) = 0
13442 munmap(0x7feaf3cba000, 4096) = 0
13442 socket(PF_NETLINK, SOCK_RAW, 0) = 107
13442 bind(107, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 0
13442 getsockname(107, {sa_family=AF_NETLINK, pid=12933, groups=00000000},
[12]) = 0
13442 sendto(107, "\24\0\0\0\26\0\1\3\n\307ZX\0\0\0\0\0\0\0\0", 20, 0,
{sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 20
13442 recvmsg(107, {msg_name(12)={sa_family=AF_NETLINK, pid=0,
groups=00000000},
msg_iov(1)=[{"L\0\0\0\24\0\2\0\n\307ZX\2052\0\0\2\10\200\376\1\0\0\0\10\0\1\0\177\0\0\1"...,
4096}], msg_controllen=0, msg_flags=0}, 0) = 404
13442 recvmsg(107, {msg_name(12)={sa_family=AF_NETLINK, pid=0,
groups=00000000},
msg_iov(1)=[{"H\0\0\0\24\0\2\0\n\307ZX\2052\0\0\n\200\200\376\1\0\0\0\24\0\1\0\0\0\0\0"...,
4096}], msg_controllen=0, msg_flags=0}, 0) = 504
13442 recvmsg(107, {msg_name(12)={sa_family=AF_NETLINK, pid=0,
groups=00000000}, msg_iov(1)=[{"\24\0\0\0\3\0\2\0\n\307ZX\2052\0\0\0\0\0\0",
4096}], msg_controllen=0, msg_flags=0}, 0) = 20
13442 close(107) = 0
13442 socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP) = 107
13442 connect(107, {sa_family=AF_INET6, sin6_port=htons(0), inet_pton(AF_INET6,
"fd31:aeb1:48df:0:214:d1ff:fe13:45ac", &sin6_addr), sin6_flowinfo=0,
sin6_scope_id=0}, 28) = 0
13442 getsockname(107, {sa_family=AF_INET6, sin6_port=htons(44027),
inet_pton(AF_INET6, "fd31:aeb1:48df:0:214:d1ff:fe13:45ac", &sin6_addr),
sin6_flowinfo=0, sin6_scope_id=0}, [28]) = 0
13442 connect(107, {sa_family=AF_UNSPEC,
sa_data="\0\0\0\0\0\0\0\0\0\0\0\0\0\0"}, 16) = 0
13442 connect(107, {sa_family=AF_INET6, sin6_port=htons(0), inet_pton(AF_INET6,
"[ipv6_prefix1]:214:d1ff:fe13:45ac", &sin6_addr), sin6_flowinfo=0,
sin6_scope_id=0}, 28) = 0
13442 getsockname(107, {sa_family=AF_INET6, sin6_port=htons(39984),
inet_pton(AF_INET6, "[ipv6_prefix1]:214:d1ff:fe13:45ac", &sin6_addr),
sin6_flowinfo=0, sin6_scope_id=0}, [28]) = 0
13442 connect(107, {sa_family=AF_UNSPEC,
sa_data="\0\0\0\0\0\0\0\0\0\0\0\0\0\0"}, 16) = 0
13442 connect(107, {sa_family=AF_INET6, sin6_port=htons(0), inet_pton(AF_INET6,
"[ipv6_prefix2]:0:214:d1ff:fe13:45ac", &sin6_addr), sin6_flowinfo=0,
sin6_scope_id=0}, 28) = 0
13442 getsockname(107, {sa_family=AF_INET6, sin6_port=htons(37062),
inet_pton(AF_INET6, "[ipv6_prefix3]:214:d1ff:fe13:45ac", &sin6_addr),
sin6_flowinfo=0, sin6_scope_id=0}, [28]) = 0
13442 connect(107, {sa_family=AF_UNSPEC,
sa_data="\0\0\0\0\0\0\0\0\0\0\0\0\0\0"}, 16) = 0
13442 connect(107, {sa_family=AF_INET6, sin6_port=htons(0), inet_pton(AF_INET6,
"[ipv6_prefix3]:214:d1ff:fe13:45ac", &sin6_addr), sin6_flowinfo=0,
sin6_scope_id=0}, 28) = 0
13442 getsockname(107, {sa_family=AF_INET6, sin6_port=htons(37446),
inet_pton(AF_INET6, "[ipv6_prefix3]:214:d1ff:fe13:45ac", &sin6_addr),
sin6_flowinfo=0, sin6_scope_id=0}, [28]) = 0
13442 connect(107, {sa_family=AF_UNSPEC,
sa_data="\0\0\0\0\0\0\0\0\0\0\0\0\0\0"}, 16) = 0
13442 connect(107, {sa_family=AF_INET, sin_port=htons(0),
sin_addr=inet_addr("10.75.22.247")}, 16) = 0
13442 getsockname(107, {sa_family=AF_INET6, sin6_port=htons(48649),
inet_pton(AF_INET6, "::ffff:10.75.22.247", &sin6_addr), sin6_flowinfo=0,
sin6_scope_id=0}, [28]) = 0
13442 close(107) = 0
13442 stat("/etc/krb5.conf", {st_mode=S_IFREG|0644, st_size=780, ...}) = 0
13442 open("/etc/krb5.conf", O_RDONLY) = 107
13442 fcntl(107, F_SETFD, FD_CLOEXEC) = 0
13442 fstat(107, {st_mode=S_IFREG|0644, st_size=780, ...}) = 0
13442 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0)
= 0x7feaf3cba000
13442 read(107, "includedir /var/lib/sss/pubconf/"..., 1024) = 780
13442 openat(AT_FDCWD, "/var/lib/sss/pubconf/krb5.include.d/",
O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = 108
13442 getdents(108, /* 5 entries */, 32768) = 176
13442 open("/var/lib/sss/pubconf/krb5.include.d//krb5_libdefaults", O_RDONLY) =
111
13442 fstat(111, {st_mode=S_IFREG|0644, st_size=35, ...}) = 0
13442 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0)
= 0x7feaf3cb9000
13442 read(111, "[libdefaults]\n canonicalize = tr"..., 4096) = 35
13442 read(111, "", 4096) = 0
13442 close(111) = 0
13442 munmap(0x7feaf3cb9000, 4096) = 0
13442 open("/var/lib/sss/pubconf/krb5.include.d//localauth_plugin", O_RDONLY) =
111
13442 fstat(111, {st_mode=S_IFREG|0644, st_size=98, ...}) = 0
13442 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0)
= 0x7feaf3cb9000
13442 read(111, "[plugins]\n localauth = {\n modul"..., 4096) = 98
13442 read(111, "", 4096) = 0
13442 close(111) = 0
13442 munmap(0x7feaf3cb9000, 4096) = 0
13442 open("/var/lib/sss/pubconf/krb5.include.d//domain_realm_example_com",
O_RDONLY) = 111
13442 fstat(111, {st_mode=S_IFREG|0644, st_size=15, ...}) = 0
13442 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0)
= 0x7feaf3cb9000
13442 read(111, "[domain_realm]\n", 4096) = 15
13442 read(111, "", 4096) = 0
13442 close(111) = 0
13442 munmap(0x7feaf3cb9000, 4096) = 0
13442 getdents(108, /* 0 entries */, 32768) = 0
13442 close(108) = 0
13442 read(107, "", 1024) = 0
13442 close(107) = 0
13442 munmap(0x7feaf3cba000, 4096) = 0
13442 open("/dev/urandom", O_RDONLY) = 107
13442 fcntl(107, F_SETFD, FD_CLOEXEC) = 0
13442 fstat(107, {st_mode=S_IFCHR|0666, st_rdev=makedev(1, 9), ...}) = 0
13442 read(107,
"\334\337\2\5^\334\343{\306\235\30\2551\240\320\337\10\264\361S\3740\257\370;\330\17`\332\10C("...,
64) = 64
13442 close(107) = 0
13442 open("/etc/krb5.keytab", O_RDONLY) = -1 EACCES (Permission denied)
13442 stat("/etc/krb5.conf", {st_mode=S_IFREG|0644, st_size=780, ...}) = 0
13442 open("/etc/krb5.conf", O_RDONLY) = 107
13442 fcntl(107, F_SETFD, FD_CLOEXEC) = 0
13442 fstat(107, {st_mode=S_IFREG|0644, st_size=780, ...}) = 0
13442 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0)
= 0x7feaf3cba000
13442 read(107, "includedir /var/lib/sss/pubconf/"..., 1024) = 780
13442 openat(AT_FDCWD, "/var/lib/sss/pubconf/krb5.include.d/",
O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = 108
13442 getdents(108, /* 5 entries */, 32768) = 176
13442 open("/var/lib/sss/pubconf/krb5.include.d//krb5_libdefaults", O_RDONLY) =
111
13442 fstat(111, {st_mode=S_IFREG|0644, st_size=35, ...}) = 0
13442 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0)
= 0x7feaf3cb9000
13442 read(111, "[libdefaults]\n canonicalize = tr"..., 4096) = 35
13442 read(111, "", 4096) = 0
13442 close(111) = 0
13442 munmap(0x7feaf3cb9000, 4096) = 0
13442 open("/var/lib/sss/pubconf/krb5.include.d//localauth_plugin", O_RDONLY) =
111
13442 fstat(111, {st_mode=S_IFREG|0644, st_size=98, ...}) = 0
13442 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0)
= 0x7feaf3cb9000
13442 read(111, "[plugins]\n localauth = {\n modul"..., 4096) = 98
13442 read(111, "", 4096) = 0
13442 close(111) = 0
13442 munmap(0x7feaf3cb9000, 4096) = 0
13442 open("/var/lib/sss/pubconf/krb5.include.d//domain_realm_example_com",
O_RDONLY) = 111
13442 fstat(111, {st_mode=S_IFREG|0644, st_size=15, ...}) = 0
13442 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0)
= 0x7feaf3cb9000
13442 read(111, "[domain_realm]\n", 4096) = 15
13442 read(111, "", 4096) = 0
13442 close(111) = 0
13442 munmap(0x7feaf3cb9000, 4096) = 0
13442 getdents(108, /* 0 entries */, 32768) = 0
13442 close(108) = 0
13442 read(107, "", 1024) = 0
13442 close(107) = 0
13442 munmap(0x7feaf3cba000, 4096) = 0
13442 open("/dev/urandom", O_RDONLY) = 107
13442 fcntl(107, F_SETFD, FD_CLOEXEC) = 0
13442 fstat(107, {st_mode=S_IFCHR|0666, st_rdev=makedev(1, 9), ...}) = 0
13442 read(107,
"\244\243\211(\301\227\26x\262X\26<\2\201b\377p33\232q\302\351$\301\347\213\247n\17w\177"...,
64) = 64
13442 close(107) = 0
13442 sendto(65, "0\f\2\1\1a\7\n\0011\4\0\4\0", 14, 0, NULL, 0 <unfinished ...>
12933 read(50, <unfinished ...>
13442 <... sendto resumed> ) = 14
12933 <... read resumed> "\0", 200) = 1
13442 write(51, "\0", 1 <unfinished ...>
12933 getpeername(7, <unfinished ...>
13442 <... write resumed> ) = 1
12933 <... getpeername resumed> 0x7ffc9bff1450, [112]) = -1 ENOTCONN (Transport
endpoint is not connected)
12933 read(50, "\0", 200) = 1
12933 getpeername(7, 0x7ffc9bff1450, [112]) = -1 ENOTCONN (Transport endpoint
is not connected)
12933 getpeername(7, 0x7ffc9bff1450, [112]) = -1 ENOTCONN (Transport endpoint
is not connected)
13450 recvfrom(65, "0\5\2\1\2B\0", 512, 0, NULL, NULL) = 7
13450 write(51, "\0", 1) = 1
12933 read(50, "\0", 200) = 1
12933 close(65) = 0
12933 getpeername(7, 0x7ffc9bff1450, [112]) = -1 ENOTCONN (Transport endpoint
is not connected)
12933 getpeername(7, 0x7ffc9bff1450, [112]) = -1 ENOTCONN (Transport endpoint
is not connected)
12933 getpeername(7, 0x7ffc9bff1450, [112]) = -1 ENOTCONN (Transport endpoint
is not connected)
12933 getpeername(7, 0x7ffc9bff1450, [112]) = -1 ENOTCONN (Transport endpoint
is not connected)
13414 <... restart_syscall resumed> ) = -1 ETIMEDOUT (Connection timed out)
12933 getpeername(7, 0x7ffc9bff1450, [112]) = -1 ENOTCONN (Transport endpoint
is not connected)
12933 getpeername(7, 0x7ffc9bff1450, [112]) = -1 ENOTCONN (Transport endpoint
is not connected)
signature.asc
Description: This is a digitally signed message part
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
