On Wed, 2016-12-21 at 17:50 +0100, Petr Spacek wrote: > Okay, I believe that this is the problem: > > On 21.12.2016 15:53, Brian J. Murrell wrote: > > [21/Dec/2016:09:39:12.003351818 -0500] conn=77028 fd=107 slot=107 > > connection from local to /var/run/slapd-EXAMPLE.COM.socket > > ... > > [21/Dec/2016:09:39:12.064476101 -0500] conn=77028 op=0 BIND dn="" > > method=sasl version=3 mech=GSSAPI > > [21/Dec/2016:09:39:12.067486416 -0500] conn=77028 op=0 RESULT > > err=49 tag=97 nentries=0 etime=0 - SASL(-1): generic failure: > > GSSAPI Error: Unspecified GSS failure. Minor code may provide more > > information (Permission denied) > > [21/Dec/2016:09:39:12.192506861 -0500] conn=77028 op=1 UNBIND > > [21/Dec/2016:09:39:12.192549740 -0500] conn=77028 op=1 fd=107 > > closed - U1 > > I have no idea why it is returning Permission denied. > > Is it reproducible when you run this? > $ kinit -kt /etc/ipa/dnssec/ipa-dnskeysyncd.keytab > ipa-dnskeysyncd/server.example.com > $ ldapsearch -Y GSSAPI -H /var/run/slapd-EXAMPLE.COM.socket > ?
# klist Ticket cache: KEYRING:persistent:0:0 Default principal: ipa-dnskeysyncd/server.example....@example.com Valid starting Expires Service principal 21/12/16 13:05:16 22/12/16 13:02:12 ldap/server.example....@example.com 21/12/16 13:02:12 22/12/16 13:02:12 krbtgt/example....@example.com # ldapsearch -Y GSSAPI -H ldapi://%2Fvar%2Frun%2Fslapd-EXAMPLE.COM.socket SASL/GSSAPI authentication started ldap_sasl_interactive_bind_s: Invalid credentials (49) > > We need to find out why it is blowing up on GSSAPI negotiation. > > Wild guess is that /etc/dirsrv/ds.keytab could have wrong > permissions. It > should have > -rw-------. 1 dirsrv dirsrv unconfined_u:object_r:dirsrv_config_t:s0 # ls -lZ /etc/dirsrv/ds.keytab -rw-------. dirsrv dirsrv system_u:object_r:dirsrv_config_t:s0 /etc/dirsrv/ds.keytab > If you manage to reproduce it, you can attach strace to the running > dirsrv By that I assume you mean the ns-slapd. The strace (minus poll/select/futex noise) is attached. > process and see what call is failing (if it is a system call)... Perhaps this one: [pid 13449] open("/etc/krb5.keytab", O_RDONLY) = -1 EACCES (Permission denied) # ls -lZ /etc/krb5.keytab -rw-------. root root system_u:object_r:krb5_keytab_t:s0 /etc/krb5.keytab But looking into the backup of this system, even a week and a month ago, that file had the same permissions/ownership. And changing it to 644 temporarily doesn't fix the "ldap_sasl_interactive_bind_s: Invalid credentials (49)" from ldapsearch. Cheers, b.
8967 restart_syscall(<... resuming interrupted call ...> <unfinished ...> 13414 restart_syscall(<... resuming interrupted call ...> <unfinished ...> 13413 restart_syscall(<... resuming interrupted call ...> <unfinished ...> 12933 restart_syscall(<... resuming interrupted call ...>) = 0 12933 getpeername(7, 0x7ffc9bff1450, [112]) = -1 ENOTCONN (Transport endpoint is not connected) 12933 getpeername(7, 0x7ffc9bff1450, [112]) = -1 ENOTCONN (Transport endpoint is not connected) 12933 getpeername(7, 0x7ffc9bff1450, [112]) = -1 ENOTCONN (Transport endpoint is not connected) 12933 getpeername(7, 0x7ffc9bff1450, [112]) = -1 ENOTCONN (Transport endpoint is not connected) 12933 accept(8, {sa_family=AF_LOCAL, NULL}, [2]) = 65 12933 fcntl(65, F_GETFL) = 0x2 (flags O_RDWR) 12933 fcntl(65, F_SETFL, O_RDWR|O_NONBLOCK) = 0 12933 setsockopt(65, SOL_SOCKET, SO_KEEPALIVE, [1], 4) = 0 12933 getpeername(65, {sa_family=AF_LOCAL, NULL}, [2]) = 0 12933 getsockname(65, {sa_family=AF_LOCAL, sun_path="/var/run/slapd-EXAMPLE.COM.socket"}, [40]) = 0 12933 getsockopt(65, SOL_SOCKET, SO_PEERCRED, {pid=16254, uid=0, gid=0}, [12]) = 0 12933 getpeername(7, 0x7ffc9bff1450, [112]) = -1 ENOTCONN (Transport endpoint is not connected) 8967 <... restart_syscall resumed> ) = -1 ETIMEDOUT (Connection timed out) 12933 getpeername(7, 0x7ffc9bff1450, [112]) = -1 ENOTCONN (Transport endpoint is not connected) 13442 recvfrom(65, "0\202\2\316\2\1\1`\202\2\307\2\1\3\4\0\243\202\2\276\4\6GSSAPI\4\202\2\262"..., 512, 0, NULL, NULL) = 512 13442 recvfrom(65, "\237\23\203^\177$\376[\345\20\223t\3052\326\305\352\355i\277\207V\214\n\312M\210h=\2\233="..., 512, 0, NULL, NULL) = 210 13442 write(51, "\0", 1) = 1 13442 sendto(59, "<39>Dec 21 13:16:42 ns-slapd: GS"..., 51, MSG_NOSIGNAL, NULL, 0) = 51 13442 lstat("/etc/gss/mech", 0x7feac37ecd00) = -1 ENOENT (No such file or directory) 13442 openat(AT_FDCWD, "/etc/gss/mech.d", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = 107 13442 getdents(107, /* 3 entries */, 32768) = 88 13442 getdents(107, /* 0 entries */, 32768) = 0 13442 close(107) = 0 13442 lstat("/etc/gss/mech.d/gssproxy.conf", {st_mode=S_IFREG|0644, st_size=189, ...}) = 0 13442 stat("/usr/lib64/gssproxy/proxymech.so", {st_mode=S_IFREG|0755, st_size=110960, ...}) = 0 13442 stat("/etc/krb5.conf", {st_mode=S_IFREG|0644, st_size=780, ...}) = 0 13442 open("/etc/krb5.conf", O_RDONLY) = 107 13442 fcntl(107, F_SETFD, FD_CLOEXEC) = 0 13442 fstat(107, {st_mode=S_IFREG|0644, st_size=780, ...}) = 0 13442 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7feaf3cba000 13442 read(107, "includedir /var/lib/sss/pubconf/"..., 1024) = 780 13442 openat(AT_FDCWD, "/var/lib/sss/pubconf/krb5.include.d/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = 108 13442 getdents(108, /* 5 entries */, 32768) = 176 13442 open("/var/lib/sss/pubconf/krb5.include.d//krb5_libdefaults", O_RDONLY) = 111 13442 fstat(111, {st_mode=S_IFREG|0644, st_size=35, ...}) = 0 13442 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7feaf3cb9000 13442 read(111, "[libdefaults]\n canonicalize = tr"..., 4096) = 35 13442 read(111, "", 4096) = 0 13442 close(111) = 0 13442 munmap(0x7feaf3cb9000, 4096) = 0 13442 open("/var/lib/sss/pubconf/krb5.include.d//localauth_plugin", O_RDONLY) = 111 13442 fstat(111, {st_mode=S_IFREG|0644, st_size=98, ...}) = 0 13442 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7feaf3cb9000 13442 read(111, "[plugins]\n localauth = {\n modul"..., 4096) = 98 13442 read(111, "", 4096) = 0 13442 close(111) = 0 13442 munmap(0x7feaf3cb9000, 4096) = 0 13442 open("/var/lib/sss/pubconf/krb5.include.d//domain_realm_example_com", O_RDONLY) = 111 13442 fstat(111, {st_mode=S_IFREG|0644, st_size=15, ...}) = 0 13442 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7feaf3cb9000 13442 read(111, "[domain_realm]\n", 4096) = 15 13442 read(111, "", 4096) = 0 13442 close(111) = 0 13442 munmap(0x7feaf3cb9000, 4096) = 0 13442 getdents(108, /* 0 entries */, 32768) = 0 13442 close(108) = 0 13442 read(107, "", 1024) = 0 13442 close(107) = 0 13442 munmap(0x7feaf3cba000, 4096) = 0 13442 open("/dev/urandom", O_RDONLY) = 107 13442 fcntl(107, F_SETFD, FD_CLOEXEC) = 0 13442 fstat(107, {st_mode=S_IFCHR|0666, st_rdev=makedev(1, 9), ...}) = 0 13442 read(107, "t\232a\376\355j\6:\264\20\322\252#\307\252\3\37\310x\3168!Vc\371\262M\3161\203\rK"..., 64) = 64 13442 close(107) = 0 13442 open("/etc/hosts", O_RDONLY|O_CLOEXEC) = 107 13442 fstat(107, {st_mode=S_IFREG|0644, st_size=616, ...}) = 0 13442 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7feaf3cba000 13442 read(107, "127.0.0.1 localhost localhost."..., 1024) = 616 13442 read(107, "", 1024) = 0 13442 close(107) = 0 13442 munmap(0x7feaf3cba000, 4096) = 0 13442 socket(PF_NETLINK, SOCK_RAW, 0) = 107 13442 bind(107, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 0 13442 getsockname(107, {sa_family=AF_NETLINK, pid=12933, groups=00000000}, [12]) = 0 13442 sendto(107, "\24\0\0\0\26\0\1\3\n\307ZX\0\0\0\0\0\0\0\0", 20, 0, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 20 13442 recvmsg(107, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"L\0\0\0\24\0\2\0\n\307ZX\2052\0\0\2\10\200\376\1\0\0\0\10\0\1\0\177\0\0\1"..., 4096}], msg_controllen=0, msg_flags=0}, 0) = 404 13442 recvmsg(107, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"H\0\0\0\24\0\2\0\n\307ZX\2052\0\0\n\200\200\376\1\0\0\0\24\0\1\0\0\0\0\0"..., 4096}], msg_controllen=0, msg_flags=0}, 0) = 504 13442 recvmsg(107, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"\24\0\0\0\3\0\2\0\n\307ZX\2052\0\0\0\0\0\0", 4096}], msg_controllen=0, msg_flags=0}, 0) = 20 13442 close(107) = 0 13442 socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP) = 107 13442 connect(107, {sa_family=AF_INET6, sin6_port=htons(0), inet_pton(AF_INET6, "fd31:aeb1:48df:0:214:d1ff:fe13:45ac", &sin6_addr), sin6_flowinfo=0, sin6_scope_id=0}, 28) = 0 13442 getsockname(107, {sa_family=AF_INET6, sin6_port=htons(60060), inet_pton(AF_INET6, "fd31:aeb1:48df:0:214:d1ff:fe13:45ac", &sin6_addr), sin6_flowinfo=0, sin6_scope_id=0}, [28]) = 0 13442 connect(107, {sa_family=AF_UNSPEC, sa_data="\0\0\0\0\0\0\0\0\0\0\0\0\0\0"}, 16) = 0 13442 connect(107, {sa_family=AF_INET6, sin6_port=htons(0), inet_pton(AF_INET6, "[ipv6_prefix1]:214:d1ff:fe13:45ac", &sin6_addr), sin6_flowinfo=0, sin6_scope_id=0}, 28) = 0 13442 getsockname(107, {sa_family=AF_INET6, sin6_port=htons(39732), inet_pton(AF_INET6, "[ipv6_prefix1]:214:d1ff:fe13:45ac", &sin6_addr), sin6_flowinfo=0, sin6_scope_id=0}, [28]) = 0 13442 connect(107, {sa_family=AF_UNSPEC, sa_data="\0\0\0\0\0\0\0\0\0\0\0\0\0\0"}, 16) = 0 13442 connect(107, {sa_family=AF_INET6, sin6_port=htons(0), inet_pton(AF_INET6, "[ipv6_prefix2]:0:214:d1ff:fe13:45ac", &sin6_addr), sin6_flowinfo=0, sin6_scope_id=0}, 28) = 0 13442 getsockname(107, {sa_family=AF_INET6, sin6_port=htons(45163), inet_pton(AF_INET6, "[ipv6_prefix3]:214:d1ff:fe13:45ac", &sin6_addr), sin6_flowinfo=0, sin6_scope_id=0}, [28]) = 0 13442 connect(107, {sa_family=AF_UNSPEC, sa_data="\0\0\0\0\0\0\0\0\0\0\0\0\0\0"}, 16) = 0 13442 connect(107, {sa_family=AF_INET6, sin6_port=htons(0), inet_pton(AF_INET6, "[ipv6_prefix3]:214:d1ff:fe13:45ac", &sin6_addr), sin6_flowinfo=0, sin6_scope_id=0}, 28) = 0 13442 getsockname(107, {sa_family=AF_INET6, sin6_port=htons(50089), inet_pton(AF_INET6, "[ipv6_prefix3]:214:d1ff:fe13:45ac", &sin6_addr), sin6_flowinfo=0, sin6_scope_id=0}, [28]) = 0 13442 connect(107, {sa_family=AF_UNSPEC, sa_data="\0\0\0\0\0\0\0\0\0\0\0\0\0\0"}, 16) = 0 13442 connect(107, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("10.75.22.247")}, 16) = 0 13442 getsockname(107, {sa_family=AF_INET6, sin6_port=htons(57720), inet_pton(AF_INET6, "::ffff:10.75.22.247", &sin6_addr), sin6_flowinfo=0, sin6_scope_id=0}, [28]) = 0 13442 close(107) = 0 13442 stat("/etc/krb5.conf", {st_mode=S_IFREG|0644, st_size=780, ...}) = 0 13442 open("/etc/krb5.conf", O_RDONLY) = 107 13442 fcntl(107, F_SETFD, FD_CLOEXEC) = 0 13442 fstat(107, {st_mode=S_IFREG|0644, st_size=780, ...}) = 0 13442 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7feaf3cba000 13442 read(107, "includedir /var/lib/sss/pubconf/"..., 1024) = 780 13442 openat(AT_FDCWD, "/var/lib/sss/pubconf/krb5.include.d/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = 108 13442 getdents(108, /* 5 entries */, 32768) = 176 13442 open("/var/lib/sss/pubconf/krb5.include.d//krb5_libdefaults", O_RDONLY) = 111 13442 fstat(111, {st_mode=S_IFREG|0644, st_size=35, ...}) = 0 13442 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7feaf3cb9000 13442 read(111, "[libdefaults]\n canonicalize = tr"..., 4096) = 35 13442 read(111, "", 4096) = 0 13442 close(111) = 0 13442 munmap(0x7feaf3cb9000, 4096) = 0 13442 open("/var/lib/sss/pubconf/krb5.include.d//localauth_plugin", O_RDONLY) = 111 13442 fstat(111, {st_mode=S_IFREG|0644, st_size=98, ...}) = 0 13442 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7feaf3cb9000 13442 read(111, "[plugins]\n localauth = {\n modul"..., 4096) = 98 13442 read(111, "", 4096) = 0 13442 close(111) = 0 13442 munmap(0x7feaf3cb9000, 4096) = 0 13442 open("/var/lib/sss/pubconf/krb5.include.d//domain_realm_example_com", O_RDONLY) = 111 13442 fstat(111, {st_mode=S_IFREG|0644, st_size=15, ...}) = 0 13442 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7feaf3cb9000 13442 read(111, "[domain_realm]\n", 4096) = 15 13442 read(111, "", 4096) = 0 13442 close(111) = 0 13442 munmap(0x7feaf3cb9000, 4096) = 0 13442 getdents(108, /* 0 entries */, 32768) = 0 13442 close(108) = 0 13442 read(107, "", 1024) = 0 13442 close(107) = 0 13442 munmap(0x7feaf3cba000, 4096) = 0 13442 open("/dev/urandom", O_RDONLY) = 107 13442 fcntl(107, F_SETFD, FD_CLOEXEC) = 0 13442 fstat(107, {st_mode=S_IFCHR|0666, st_rdev=makedev(1, 9), ...}) = 0 13442 read(107, "\1\313~\27y\301\273\231\350+\364\t\305\312\261MY$\246\253x|S9u\255\364\244\265\343\23 "..., 64) = 64 13442 close(107) = 0 13442 open("/etc/krb5.keytab", O_RDONLY) = -1 EACCES (Permission denied) 13442 stat("/etc/krb5.conf", {st_mode=S_IFREG|0644, st_size=780, ...}) = 0 13442 open("/etc/krb5.conf", O_RDONLY) = 107 13442 fcntl(107, F_SETFD, FD_CLOEXEC) = 0 13442 fstat(107, {st_mode=S_IFREG|0644, st_size=780, ...}) = 0 13442 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7feaf3cba000 13442 read(107, "includedir /var/lib/sss/pubconf/"..., 1024) = 780 13442 openat(AT_FDCWD, "/var/lib/sss/pubconf/krb5.include.d/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = 108 13442 getdents(108, /* 5 entries */, 32768) = 176 13442 open("/var/lib/sss/pubconf/krb5.include.d//krb5_libdefaults", O_RDONLY) = 111 13442 fstat(111, {st_mode=S_IFREG|0644, st_size=35, ...}) = 0 13442 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7feaf3cb9000 13442 read(111, "[libdefaults]\n canonicalize = tr"..., 4096) = 35 13442 read(111, "", 4096) = 0 13442 close(111) = 0 13442 munmap(0x7feaf3cb9000, 4096) = 0 13442 open("/var/lib/sss/pubconf/krb5.include.d//localauth_plugin", O_RDONLY) = 111 13442 fstat(111, {st_mode=S_IFREG|0644, st_size=98, ...}) = 0 13442 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7feaf3cb9000 13442 read(111, "[plugins]\n localauth = {\n modul"..., 4096) = 98 13442 read(111, "", 4096) = 0 13442 close(111) = 0 13442 munmap(0x7feaf3cb9000, 4096) = 0 13442 open("/var/lib/sss/pubconf/krb5.include.d//domain_realm_example_com", O_RDONLY) = 111 13442 fstat(111, {st_mode=S_IFREG|0644, st_size=15, ...}) = 0 13442 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7feaf3cb9000 13442 read(111, "[domain_realm]\n", 4096) = 15 13442 read(111, "", 4096) = 0 13442 close(111) = 0 13442 munmap(0x7feaf3cb9000, 4096) = 0 13442 getdents(108, /* 0 entries */, 32768) = 0 13442 close(108) = 0 13442 read(107, "", 1024) = 0 13442 close(107) = 0 13442 munmap(0x7feaf3cba000, 4096) = 0 13442 open("/dev/urandom", O_RDONLY) = 107 13442 fcntl(107, F_SETFD, FD_CLOEXEC) = 0 13442 fstat(107, {st_mode=S_IFCHR|0666, st_rdev=makedev(1, 9), ...}) = 0 13442 read(107, "y\331\247\350\335\273\366\257\245=\361\233\276#\304\357\6\2251\276\7\344\372\301\335\221\262\305\26f\301f"..., 64) = 64 13442 close(107) = 0 13442 stat("/usr/lib64/gssproxy/proxymech.so", {st_mode=S_IFREG|0755, st_size=110960, ...}) = 0 13442 stat("/etc/krb5.conf", {st_mode=S_IFREG|0644, st_size=780, ...}) = 0 13442 open("/etc/krb5.conf", O_RDONLY) = 107 13442 fcntl(107, F_SETFD, FD_CLOEXEC) = 0 13442 fstat(107, {st_mode=S_IFREG|0644, st_size=780, ...}) = 0 13442 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7feaf3cba000 13442 read(107, "includedir /var/lib/sss/pubconf/"..., 1024) = 780 13442 openat(AT_FDCWD, "/var/lib/sss/pubconf/krb5.include.d/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = 108 13442 getdents(108, /* 5 entries */, 32768) = 176 13442 open("/var/lib/sss/pubconf/krb5.include.d//krb5_libdefaults", O_RDONLY) = 111 13442 fstat(111, {st_mode=S_IFREG|0644, st_size=35, ...}) = 0 13442 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7feaf3cb9000 13442 read(111, "[libdefaults]\n canonicalize = tr"..., 4096) = 35 13442 read(111, "", 4096) = 0 13442 close(111) = 0 13442 munmap(0x7feaf3cb9000, 4096) = 0 13442 open("/var/lib/sss/pubconf/krb5.include.d//localauth_plugin", O_RDONLY) = 111 13442 fstat(111, {st_mode=S_IFREG|0644, st_size=98, ...}) = 0 13442 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7feaf3cb9000 13442 read(111, "[plugins]\n localauth = {\n modul"..., 4096) = 98 13442 read(111, "", 4096) = 0 13442 close(111) = 0 13442 munmap(0x7feaf3cb9000, 4096) = 0 13442 open("/var/lib/sss/pubconf/krb5.include.d//domain_realm_example_com", O_RDONLY) = 111 13442 fstat(111, {st_mode=S_IFREG|0644, st_size=15, ...}) = 0 13442 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7feaf3cb9000 13442 read(111, "[domain_realm]\n", 4096) = 15 13442 read(111, "", 4096) = 0 13442 close(111) = 0 13442 munmap(0x7feaf3cb9000, 4096) = 0 13442 getdents(108, /* 0 entries */, 32768) = 0 13442 close(108) = 0 13442 read(107, "", 1024) = 0 13442 close(107) = 0 13442 munmap(0x7feaf3cba000, 4096) = 0 13442 open("/dev/urandom", O_RDONLY) = 107 13442 fcntl(107, F_SETFD, FD_CLOEXEC) = 0 13442 fstat(107, {st_mode=S_IFCHR|0666, st_rdev=makedev(1, 9), ...}) = 0 13442 read(107, "\333\310\fT\300-RA\243\305\30\332V<:\230\5\27\274\215>\262YV\345\324b\314#,\263F"..., 64) = 64 13442 close(107) = 0 13442 open("/etc/hosts", O_RDONLY|O_CLOEXEC) = 107 13442 fstat(107, {st_mode=S_IFREG|0644, st_size=616, ...}) = 0 13442 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7feaf3cba000 13442 read(107, "127.0.0.1 localhost localhost."..., 1024) = 616 13442 read(107, "", 1024) = 0 13442 close(107) = 0 13442 munmap(0x7feaf3cba000, 4096) = 0 13442 socket(PF_NETLINK, SOCK_RAW, 0) = 107 13442 bind(107, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 0 13442 getsockname(107, {sa_family=AF_NETLINK, pid=12933, groups=00000000}, [12]) = 0 13442 sendto(107, "\24\0\0\0\26\0\1\3\n\307ZX\0\0\0\0\0\0\0\0", 20, 0, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 20 13442 recvmsg(107, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"L\0\0\0\24\0\2\0\n\307ZX\2052\0\0\2\10\200\376\1\0\0\0\10\0\1\0\177\0\0\1"..., 4096}], msg_controllen=0, msg_flags=0}, 0) = 404 13442 recvmsg(107, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"H\0\0\0\24\0\2\0\n\307ZX\2052\0\0\n\200\200\376\1\0\0\0\24\0\1\0\0\0\0\0"..., 4096}], msg_controllen=0, msg_flags=0}, 0) = 504 13442 recvmsg(107, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"\24\0\0\0\3\0\2\0\n\307ZX\2052\0\0\0\0\0\0", 4096}], msg_controllen=0, msg_flags=0}, 0) = 20 13442 close(107) = 0 13442 socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP) = 107 13442 connect(107, {sa_family=AF_INET6, sin6_port=htons(0), inet_pton(AF_INET6, "fd31:aeb1:48df:0:214:d1ff:fe13:45ac", &sin6_addr), sin6_flowinfo=0, sin6_scope_id=0}, 28) = 0 13442 getsockname(107, {sa_family=AF_INET6, sin6_port=htons(44027), inet_pton(AF_INET6, "fd31:aeb1:48df:0:214:d1ff:fe13:45ac", &sin6_addr), sin6_flowinfo=0, sin6_scope_id=0}, [28]) = 0 13442 connect(107, {sa_family=AF_UNSPEC, sa_data="\0\0\0\0\0\0\0\0\0\0\0\0\0\0"}, 16) = 0 13442 connect(107, {sa_family=AF_INET6, sin6_port=htons(0), inet_pton(AF_INET6, "[ipv6_prefix1]:214:d1ff:fe13:45ac", &sin6_addr), sin6_flowinfo=0, sin6_scope_id=0}, 28) = 0 13442 getsockname(107, {sa_family=AF_INET6, sin6_port=htons(39984), inet_pton(AF_INET6, "[ipv6_prefix1]:214:d1ff:fe13:45ac", &sin6_addr), sin6_flowinfo=0, sin6_scope_id=0}, [28]) = 0 13442 connect(107, {sa_family=AF_UNSPEC, sa_data="\0\0\0\0\0\0\0\0\0\0\0\0\0\0"}, 16) = 0 13442 connect(107, {sa_family=AF_INET6, sin6_port=htons(0), inet_pton(AF_INET6, "[ipv6_prefix2]:0:214:d1ff:fe13:45ac", &sin6_addr), sin6_flowinfo=0, sin6_scope_id=0}, 28) = 0 13442 getsockname(107, {sa_family=AF_INET6, sin6_port=htons(37062), inet_pton(AF_INET6, "[ipv6_prefix3]:214:d1ff:fe13:45ac", &sin6_addr), sin6_flowinfo=0, sin6_scope_id=0}, [28]) = 0 13442 connect(107, {sa_family=AF_UNSPEC, sa_data="\0\0\0\0\0\0\0\0\0\0\0\0\0\0"}, 16) = 0 13442 connect(107, {sa_family=AF_INET6, sin6_port=htons(0), inet_pton(AF_INET6, "[ipv6_prefix3]:214:d1ff:fe13:45ac", &sin6_addr), sin6_flowinfo=0, sin6_scope_id=0}, 28) = 0 13442 getsockname(107, {sa_family=AF_INET6, sin6_port=htons(37446), inet_pton(AF_INET6, "[ipv6_prefix3]:214:d1ff:fe13:45ac", &sin6_addr), sin6_flowinfo=0, sin6_scope_id=0}, [28]) = 0 13442 connect(107, {sa_family=AF_UNSPEC, sa_data="\0\0\0\0\0\0\0\0\0\0\0\0\0\0"}, 16) = 0 13442 connect(107, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("10.75.22.247")}, 16) = 0 13442 getsockname(107, {sa_family=AF_INET6, sin6_port=htons(48649), inet_pton(AF_INET6, "::ffff:10.75.22.247", &sin6_addr), sin6_flowinfo=0, sin6_scope_id=0}, [28]) = 0 13442 close(107) = 0 13442 stat("/etc/krb5.conf", {st_mode=S_IFREG|0644, st_size=780, ...}) = 0 13442 open("/etc/krb5.conf", O_RDONLY) = 107 13442 fcntl(107, F_SETFD, FD_CLOEXEC) = 0 13442 fstat(107, {st_mode=S_IFREG|0644, st_size=780, ...}) = 0 13442 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7feaf3cba000 13442 read(107, "includedir /var/lib/sss/pubconf/"..., 1024) = 780 13442 openat(AT_FDCWD, "/var/lib/sss/pubconf/krb5.include.d/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = 108 13442 getdents(108, /* 5 entries */, 32768) = 176 13442 open("/var/lib/sss/pubconf/krb5.include.d//krb5_libdefaults", O_RDONLY) = 111 13442 fstat(111, {st_mode=S_IFREG|0644, st_size=35, ...}) = 0 13442 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7feaf3cb9000 13442 read(111, "[libdefaults]\n canonicalize = tr"..., 4096) = 35 13442 read(111, "", 4096) = 0 13442 close(111) = 0 13442 munmap(0x7feaf3cb9000, 4096) = 0 13442 open("/var/lib/sss/pubconf/krb5.include.d//localauth_plugin", O_RDONLY) = 111 13442 fstat(111, {st_mode=S_IFREG|0644, st_size=98, ...}) = 0 13442 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7feaf3cb9000 13442 read(111, "[plugins]\n localauth = {\n modul"..., 4096) = 98 13442 read(111, "", 4096) = 0 13442 close(111) = 0 13442 munmap(0x7feaf3cb9000, 4096) = 0 13442 open("/var/lib/sss/pubconf/krb5.include.d//domain_realm_example_com", O_RDONLY) = 111 13442 fstat(111, {st_mode=S_IFREG|0644, st_size=15, ...}) = 0 13442 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7feaf3cb9000 13442 read(111, "[domain_realm]\n", 4096) = 15 13442 read(111, "", 4096) = 0 13442 close(111) = 0 13442 munmap(0x7feaf3cb9000, 4096) = 0 13442 getdents(108, /* 0 entries */, 32768) = 0 13442 close(108) = 0 13442 read(107, "", 1024) = 0 13442 close(107) = 0 13442 munmap(0x7feaf3cba000, 4096) = 0 13442 open("/dev/urandom", O_RDONLY) = 107 13442 fcntl(107, F_SETFD, FD_CLOEXEC) = 0 13442 fstat(107, {st_mode=S_IFCHR|0666, st_rdev=makedev(1, 9), ...}) = 0 13442 read(107, "\334\337\2\5^\334\343{\306\235\30\2551\240\320\337\10\264\361S\3740\257\370;\330\17`\332\10C("..., 64) = 64 13442 close(107) = 0 13442 open("/etc/krb5.keytab", O_RDONLY) = -1 EACCES (Permission denied) 13442 stat("/etc/krb5.conf", {st_mode=S_IFREG|0644, st_size=780, ...}) = 0 13442 open("/etc/krb5.conf", O_RDONLY) = 107 13442 fcntl(107, F_SETFD, FD_CLOEXEC) = 0 13442 fstat(107, {st_mode=S_IFREG|0644, st_size=780, ...}) = 0 13442 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7feaf3cba000 13442 read(107, "includedir /var/lib/sss/pubconf/"..., 1024) = 780 13442 openat(AT_FDCWD, "/var/lib/sss/pubconf/krb5.include.d/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = 108 13442 getdents(108, /* 5 entries */, 32768) = 176 13442 open("/var/lib/sss/pubconf/krb5.include.d//krb5_libdefaults", O_RDONLY) = 111 13442 fstat(111, {st_mode=S_IFREG|0644, st_size=35, ...}) = 0 13442 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7feaf3cb9000 13442 read(111, "[libdefaults]\n canonicalize = tr"..., 4096) = 35 13442 read(111, "", 4096) = 0 13442 close(111) = 0 13442 munmap(0x7feaf3cb9000, 4096) = 0 13442 open("/var/lib/sss/pubconf/krb5.include.d//localauth_plugin", O_RDONLY) = 111 13442 fstat(111, {st_mode=S_IFREG|0644, st_size=98, ...}) = 0 13442 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7feaf3cb9000 13442 read(111, "[plugins]\n localauth = {\n modul"..., 4096) = 98 13442 read(111, "", 4096) = 0 13442 close(111) = 0 13442 munmap(0x7feaf3cb9000, 4096) = 0 13442 open("/var/lib/sss/pubconf/krb5.include.d//domain_realm_example_com", O_RDONLY) = 111 13442 fstat(111, {st_mode=S_IFREG|0644, st_size=15, ...}) = 0 13442 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7feaf3cb9000 13442 read(111, "[domain_realm]\n", 4096) = 15 13442 read(111, "", 4096) = 0 13442 close(111) = 0 13442 munmap(0x7feaf3cb9000, 4096) = 0 13442 getdents(108, /* 0 entries */, 32768) = 0 13442 close(108) = 0 13442 read(107, "", 1024) = 0 13442 close(107) = 0 13442 munmap(0x7feaf3cba000, 4096) = 0 13442 open("/dev/urandom", O_RDONLY) = 107 13442 fcntl(107, F_SETFD, FD_CLOEXEC) = 0 13442 fstat(107, {st_mode=S_IFCHR|0666, st_rdev=makedev(1, 9), ...}) = 0 13442 read(107, "\244\243\211(\301\227\26x\262X\26<\2\201b\377p33\232q\302\351$\301\347\213\247n\17w\177"..., 64) = 64 13442 close(107) = 0 13442 sendto(65, "0\f\2\1\1a\7\n\0011\4\0\4\0", 14, 0, NULL, 0 <unfinished ...> 12933 read(50, <unfinished ...> 13442 <... sendto resumed> ) = 14 12933 <... read resumed> "\0", 200) = 1 13442 write(51, "\0", 1 <unfinished ...> 12933 getpeername(7, <unfinished ...> 13442 <... write resumed> ) = 1 12933 <... getpeername resumed> 0x7ffc9bff1450, [112]) = -1 ENOTCONN (Transport endpoint is not connected) 12933 read(50, "\0", 200) = 1 12933 getpeername(7, 0x7ffc9bff1450, [112]) = -1 ENOTCONN (Transport endpoint is not connected) 12933 getpeername(7, 0x7ffc9bff1450, [112]) = -1 ENOTCONN (Transport endpoint is not connected) 13450 recvfrom(65, "0\5\2\1\2B\0", 512, 0, NULL, NULL) = 7 13450 write(51, "\0", 1) = 1 12933 read(50, "\0", 200) = 1 12933 close(65) = 0 12933 getpeername(7, 0x7ffc9bff1450, [112]) = -1 ENOTCONN (Transport endpoint is not connected) 12933 getpeername(7, 0x7ffc9bff1450, [112]) = -1 ENOTCONN (Transport endpoint is not connected) 12933 getpeername(7, 0x7ffc9bff1450, [112]) = -1 ENOTCONN (Transport endpoint is not connected) 12933 getpeername(7, 0x7ffc9bff1450, [112]) = -1 ENOTCONN (Transport endpoint is not connected) 13414 <... restart_syscall resumed> ) = -1 ETIMEDOUT (Connection timed out) 12933 getpeername(7, 0x7ffc9bff1450, [112]) = -1 ENOTCONN (Transport endpoint is not connected) 12933 getpeername(7, 0x7ffc9bff1450, [112]) = -1 ENOTCONN (Transport endpoint is not connected)
signature.asc
Description: This is a digitally signed message part
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project