On Fri, Apr 05, 2013 at 02:00:58PM +0200, Jan-Frode Myklebust wrote:
On Fri, Mar 22, 2013 at 06:43:07PM +0100, Jan-Frode Myklebust wrote:
Does the problem go away if you set:
selinux_provider = none
Sorry, no. Also the No SELinux user maps found! didn't go away.
At Apr 5
On Mon, Apr 08, 2013 at 12:26:43PM +0200, Jakub Hrozek wrote:
I tried a similar case locally and everything worked for me. In the
domain log I saw:
[sssd[be[idm.lab.bos.redhat.com]]] [be_pam_handler_callback] (0x0400):
SELinux provider doesn't exist, not sending the request to it
when
On Mon, Apr 08, 2013 at 12:40:53PM +0200, Jan-Frode Myklebust wrote:
On Mon, Apr 08, 2013 at 12:26:43PM +0200, Jakub Hrozek wrote:
I tried a similar case locally and everything worked for me. In the
domain log I saw:
[sssd[be[idm.lab.bos.redhat.com]]] [be_pam_handler_callback]
On Fri, Mar 22, 2013 at 06:43:07PM +0100, Jan-Frode Myklebust wrote:
Does the problem go away if you set:
selinux_provider = none
Sorry, no. Also the No SELinux user maps found! didn't go away.
At Apr 5 13:46:22 I was denied access again by pam_access, and then
seconds later I could
On 04/05/2013 08:00 AM, Jan-Frode Myklebust wrote:
On Fri, Mar 22, 2013 at 06:43:07PM +0100, Jan-Frode Myklebust wrote:
Does the problem go away if you set:
selinux_provider = none
Sorry, no. Also the No SELinux user maps found! didn't go away.
At Apr 5 13:46:22 I was denied access again by
On Fri, Apr 05, 2013 at 02:00:58PM +0200, Jan-Frode Myklebust wrote:
On Fri, Mar 22, 2013 at 06:43:07PM +0100, Jan-Frode Myklebust wrote:
Does the problem go away if you set:
selinux_provider = none
Sorry, no. Also the No SELinux user maps found! didn't go away.
At Apr 5
On Fri, Apr 05, 2013 at 08:19:21AM -0400, Dmitri Pal wrote:
SELinux seems to be OK but the log definitely showing that not all users
are successfully stored in a group.
Hmm.. I've noticed that in cn=$groupname,cn=groups,cn=accounts we have
both member and memberUid, but member often contains
On Fri, Apr 05, 2013 at 02:42:33PM +0200, Jan-Frode Myklebust wrote:
On Fri, Apr 05, 2013 at 08:19:21AM -0400, Dmitri Pal wrote:
SELinux seems to be OK but the log definitely showing that not all users
are successfully stored in a group.
Hmm.. I've noticed that in
On Fri, Apr 05, 2013 at 03:02:53PM +0200, Jakub Hrozek wrote:
Hmm.. I've noticed that in cn=$groupname,cn=groups,cn=accounts we have
both member and memberUid, but member often contains more entries
than memberUid. I've assumed that the memberUid was a legacy thing,
and just not maintained
On Thu, Mar 21, 2013 at 09:57:50PM +0100, Jan-Frode Myklebust wrote:
On Thu, Mar 21, 2013 at 03:29:38PM +0100, Jakub Hrozek wrote:
I see several failures related to the SELinux processing:
---
(Thu Mar 21 08:23:57 2013) [sssd[be[example.net]]]
[ipa_selinux_get_maps_done]
On Fri, Mar 22, 2013 at 04:19:39PM +0100, Jakub Hrozek wrote:
Then maybe SSSD is tripping over the absence of the SELinux map order.
At least that's the way I read the SSSD code, it relies on the presence
of the ipaSELinuxUserMapOrder attribute.
What does:
$ ipa config-show --all --raw |
On Thu, Mar 21, 2013 at 11:43:55AM +0100, Jan-Frode Myklebust wrote:
On Wed, Mar 20, 2013 at 02:29:07PM +0100, Jakub Hrozek wrote:
I think pasting or attaching SSSD logs would be a good start. Can you
put debug_level = 6 into your sssd.conf into the [pam] and [domain]
sections restart
On Thu, Mar 21, 2013 at 03:29:38PM +0100, Jakub Hrozek wrote:
I see several failures related to the SELinux processing:
---
(Thu Mar 21 08:23:57 2013) [sssd[be[example.net]]]
[ipa_selinux_get_maps_done] (0x0400): No SELinux user maps found!
(Thu Mar 21 08:23:57 2013)
Jan-Frode Myklebust wrote:
On Thu, Mar 21, 2013 at 03:29:38PM +0100, Jakub Hrozek wrote:
I see several failures related to the SELinux processing:
---
(Thu Mar 21 08:23:57 2013) [sssd[be[example.net]]] [ipa_selinux_get_maps_done]
(0x0400): No SELinux user maps found!
(Thu Mar 21
On Thu, Mar 21, 2013 at 05:25:57PM -0400, Rob Crittenden wrote:
ipa : ERRORUpdate failed: Object class violation: attribute
ipaSELinuxUserMapOrder not allowed
so I suspect there are some problem with our LDAP schema. That might be
related to the No SELinux user maps found
On Tue, Mar 19, 2013 at 11:05:14PM +0100, Jan-Frode Myklebust wrote:
On Tue, Mar 19, 2013 at 10:01:16PM +0100, Jakub Hrozek wrote:
Hello Jan,
I'm sorry you're seeing performance problems.
We have been struggeling with performance and crashes for a while now.
Have had one crash were a
On Wed, Mar 20, 2013 at 10:44:10AM +0100, Jakub Hrozek wrote:
This really sounds like a bug. If you encounter a situation like this,
where a group does not show all its members, feel free to open a bug.
I have been experiencing this for quite some time, but I'm struggeling
with how to give
On Wed, Mar 20, 2013 at 02:04:24PM +0100, Jan-Frode Myklebust wrote:
On Wed, Mar 20, 2013 at 10:44:10AM +0100, Jakub Hrozek wrote:
This really sounds like a bug. If you encounter a situation like this,
where a group does not show all its members, feel free to open a bug.
I have been
We're struggeling with the performance of IPA, and have tried switching
to the ldap backend for sssd to be able to see what's happening. The
attached trace is from a RHEL6.4 client running id janfrode with the
following sssd backend:
On Tue, Mar 19, 2013 at 09:41:23PM +0100, Jan-Frode Myklebust wrote:
Hello Jan,
I'm sorry you're seeing performance problems.
We're struggeling with the performance of IPA, and have tried switching
to the ldap backend for sssd to be able to see what's happening. The
attached trace is from a
20 matches
Mail list logo