On Wed, May 15, 2013 at 12:43:02PM -0400, Willie Slepecki wrote: > I have been debugging for a few days trying to figure out why my 13.04 > upgraded machine will not log in to my freeipa server. the only thing i > find odd is since i updated i began getting these in my sssd.log file > > (Tue May 14 17:59:08 2013) [sssd] [service_startup_handler] (0x0010): > Could not exec /usr/lib/x86_64-linux-gnu/sssd/sssd_be --domain > onuspride.com --debug-to-files, reason: Permission denied > (Tue May 14 17:59:08 2013) [sssd] [service_startup_handler] (0x0010): > Could not exec /usr/lib/x86_64-linux-gnu/sssd/sssd_be --domain > onuspride.com --debug-to-files, reason: Permission denied > (Tue May 14 17:59:13 2013) [sssd] [service_startup_handler] (0x0010): > Could not exec /usr/lib/x86_64-linux-gnu/sssd/sssd_nss > --debug-to-files, reason: Permission denied > (Tue May 14 17:59:13 > (Tue May 14 17:59:10 2013) [sssd] [service_startup_handler] (0x0010): > Could not exec /usr/lib/x86_64-linux-gnu/sssd/sssd_be --domain > onuspride.com --debug-to-files, reason: Permission denied > 2013) [sssd] [service_startup_handler] (0x0010): Could not exec > /usr/lib/x86_64-linux-gnu/sssd/sssd_pam --debug-to-files, reason: > Permission denied > Tue May 14 17:59:13 2013) [sssd] [service_startup_handler] (0x0010): > Could not exec /usr/lib/x86_64-linux-gnu/sssd/sssd_nss > --debug-to-files, reason: Permission denied > (Tue May 14 17:59:13 2013) [sssd] [service_startup_handler] (0x0010): > Could not exec /usr/lib/x86_64-linux-gnu/sssd/sssd_ssh > --debug-to-files, reason: Permission denied > (Tue May 14 17:59:13 2013) [sssd] [service_startup_handler] (0x0010): > Could not exec /usr/lib/x86_64-linux-gnu/sssd/sssd_pac > --debug-to-files, reason: Permission denied > ((Tue May 14 17:59:13 2013) [sssd] [service_startup_handler] (0x0010): > Could not exec /usr/lib/x86_64-linux-gnu/sssd/sssd_ssh > --debug-to-files, reason: Permission denied > (Tue May 14 17:59:13 2013) [sssd] [service_startup_handler] (0x0010): > Could not exec /usr/lib/x86_64-linux-gnu/sssd/sssd_pam > --debug-to-files, reason: Permission denied > (Tue May 14 17:59:13 2013) [sssd] [service_startup_handler] (0x0010): > Could not exec /usr/lib/x86_64-linux-gnu/sssd/sssd_pac > --debug-to-files, reason: Permission denied > (Tue May 14 17:59:14 2013) [sssd] [service_startup_handler] (0x0010): > Could not exec /usr/lib/x86_64-linux-gnu/sssd/sssd_be --domain > onuspride.com --debug-to-files, reason: Permission denied > (Tue May 14 17:59:14 2013) [sssd] [mt_svc_exit_handler] (0x0010): > Process [onuspride.com], definitely stopped! > > i looked at the executables and they are set to 700 with owner of root. > that should be right. when i try to run the same commandline as root they > execute correctly. i assume at least, i don't get any errors or messages. > > anyone have an idea what these are? i suspect these errors are the reason i > can't login to the ipa server. this whole configuration worked just fine at > 12.04, but everything stopped when i upgraded the machine to 12.04 -> 12.10 > -> 13.04
Yes, these errors are definitely the culprit. These subprocesses are the actual worker processes of the sssd, if they don't execute, the SSSD doesn't work. Could something like SELinux or AppArmor be in the way? btw the Ubuntu maintainer checked that with default packaging the permissions are 0755 (same as on Fedora), can you check if the package was modified post-install by some hardening script perhaps? 0700 should be working as well, though.. _______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
