-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 11/09/2009 07:52 AM, Brian J. Murrell wrote: > On Mon, 2009-11-09 at 07:33 -0500, Stephen Gallagher wrote: >> Brian, can you open a bug at https://fedorahosted.org > > I would but I can't make out the stupid captcha and there is no button > to generate a new one! I really hate captchas you know. They are > getting to the point where nobody can read them.
If you create an account at https://admin.fedoraproject.org/accounts you will not be required to validate the captcha. > >> Then rerun your test and include the /var/log/sssd/sssd_pam.log and >> /var/log/sssd/sssd_<yourdomain>.log files as an attachment. > > Here is what the log says: > > (1257770423) [sssd[be[KRB]]] [server_setup] (3): CONFDB: > /var/lib/sss/db/config.ldb > (1257770423) [sssd[be[KRB]]] [sysdb_domain_init_internal] (5): DB File for > KRB: /var/lib/sss/db/cache_KRB.ldb > (1257770423) [sssd[be[KRB]]] [ldb] (3): asq: Unable to register control with > rootdse! > > (1257770423) [sssd[be[KRB]]] [sbus_init_connection] (5): Adding connection > 8EDBA18 > (1257770423) [sssd[be[KRB]]] [monitor_common_send_id] (4): Sending ID: > (%BE_KRB,1) > (1257770423) [sssd[be[KRB]]] [sbus_new_server] (3): D-BUS Server listening on > unix:path=/var/lib/sss/pipes/private/sbus-dp_KRB,guid=5a385529a0c9fc922ce4faa04af80db7 > (1257770423) [sssd[be[KRB]]] [dp_get_options] (6): Option ldap_uri has value > ldap://ldap > (1257770423) [sssd[be[KRB]]] [dp_get_options] (6): Option ldap_search_base > has value dc=example,dc=com > (1257770423) [sssd[be[KRB]]] [dp_get_options] (6): Option > ldap_default_bind_dn has value (null) > (1257770423) [sssd[be[KRB]]] [dp_get_options] (6): Option > ldap_default_authtok_type has value (null) > (1257770423) [sssd[be[KRB]]] [dp_get_options] (6): Option > ldap_default_authtok has no binary value. > (1257770423) [sssd[be[KRB]]] [dp_get_options] (6): Option ldap_search_timeout > has value 60 > (1257770423) [sssd[be[KRB]]] [dp_get_options] (6): Option > ldap_network_timeout has value 6 > (1257770423) [sssd[be[KRB]]] [dp_get_options] (6): Option ldap_opt_timeout > has value 6 > (1257770423) [sssd[be[KRB]]] [dp_get_options] (6): Option ldap_tls_reqcert > has value hard > (1257770423) [sssd[be[KRB]]] [dp_get_options] (6): Option > ldap_user_search_base has value ou=People,dc=interlinx,dc=bc,dc=ca > (1257770423) [sssd[be[KRB]]] [dp_get_options] (6): Option > ldap_user_search_scope has value sub > (1257770423) [sssd[be[KRB]]] [dp_get_options] (6): Option > ldap_user_search_filter has value (null) > (1257770423) [sssd[be[KRB]]] [dp_get_options] (6): Option > ldap_group_search_base has value ou=Group,dc=interlinx,dc=bc,dc=ca > (1257770423) [sssd[be[KRB]]] [dp_get_options] (6): Option > ldap_group_search_scope has value sub > (1257770423) [sssd[be[KRB]]] [dp_get_options] (6): Option > ldap_group_search_filter has value (null) > (1257770423) [sssd[be[KRB]]] [dp_get_options] (6): Option ldap_schema has > value rfc2307 > (1257770423) [sssd[be[KRB]]] [dp_get_options] (6): Option > ldap_offline_timeout has value 60 > (1257770423) [sssd[be[KRB]]] [dp_get_options] (6): Option > ldap_force_upper_case_realm is FALSE > (1257770423) [sssd[be[KRB]]] [dp_get_options] (6): Option > ldap_enumeration_refresh_timeout has value 300 > (1257770423) [sssd[be[KRB]]] [dp_get_options] (6): Option entry_cache_timoeut > has value 1800 > (1257770423) [sssd[be[KRB]]] [dp_get_options] (6): Option ldap_tls_cacert has > value /etc/pki/tls/certs/ca-bundle.crt > (1257770423) [sssd[be[KRB]]] [dp_get_options] (6): Option ldap_tls_cacertdir > has value (null) > (1257770423) [sssd[be[KRB]]] [dp_get_options] (6): Option > ldap_id_use_start_tls is FALSE > (1257770423) [sssd[be[KRB]]] [dp_get_options] (6): Option ldap_sasl_mech has > value (null) > (1257770423) [sssd[be[KRB]]] [dp_get_options] (6): Option ldap_sasl_authid > has value (null) > (1257770423) [sssd[be[KRB]]] [dp_get_options] (6): Option ldap_krb5_keytab > has value (null) > (1257770423) [sssd[be[KRB]]] [dp_get_options] (6): Option > ldap_krb5_init_creds is TRUE > (1257770423) [sssd[be[KRB]]] [dp_get_options] (6): Option krb5_realm has > value ILINX > (1257770423) [sssd[be[KRB]]] [sdap_get_map] (5): Option ldap_entry_usn has > value (null) > (1257770423) [sssd[be[KRB]]] [sdap_get_map] (5): Option ldap_rootdse_last_usn > has value (null) > (1257770423) [sssd[be[KRB]]] [sdap_get_map] (5): Option > ldap_user_object_class has value posixAccount > (1257770423) [sssd[be[KRB]]] [sdap_get_map] (5): Option ldap_user_name has > value uid > (1257770423) [sssd[be[KRB]]] [sdap_get_map] (5): Option ldap_user_pwd has > value userPassword > (1257770423) [sssd[be[KRB]]] [sdap_get_map] (5): Option ldap_user_uid_number > has value uidNumber > (1257770423) [sssd[be[KRB]]] [sdap_get_map] (5): Option ldap_user_gid_number > has value gidNumber > (1257770423) [sssd[be[KRB]]] [sdap_get_map] (5): Option ldap_user_gecos has > value gecos > (1257770423) [sssd[be[KRB]]] [sdap_get_map] (5): Option > ldap_user_home_directory has value homeDirectory > (1257770423) [sssd[be[KRB]]] [sdap_get_map] (5): Option ldap_user_shell has > value loginShell > (1257770423) [sssd[be[KRB]]] [sdap_get_map] (5): Option ldap_user_principal > has value krbPrincipalName > (1257770423) [sssd[be[KRB]]] [sdap_get_map] (5): Option ldap_user_fullname > has value cn > (1257770423) [sssd[be[KRB]]] [sdap_get_map] (5): Option ldap_user_member_of > has value (null) > (1257770423) [sssd[be[KRB]]] [sdap_get_map] (5): Option ldap_user_uuid has > value (null) > (1257770423) [sssd[be[KRB]]] [sdap_get_map] (5): Option > ldap_user_modify_timestamp has value modifyTimestamp > (1257770423) [sssd[be[KRB]]] [sdap_get_map] (5): Option > ldap_user_shadow_last_change has value shadowLastChange > (1257770423) [sssd[be[KRB]]] [sdap_get_map] (5): Option ldap_user_shadow_min > has value shadowMin > (1257770423) [sssd[be[KRB]]] [sdap_get_map] (5): Option ldap_user_shadow_max > has value shadowMax > (1257770423) [sssd[be[KRB]]] [sdap_get_map] (5): Option > ldap_user_shadow_warning has value shadowWarning > (1257770423) [sssd[be[KRB]]] [sdap_get_map] (5): Option > ldap_user_shadow_inactive has value shadowInactive > (1257770423) [sssd[be[KRB]]] [sdap_get_map] (5): Option > ldap_user_shadow_expire has value shadowExpire > (1257770423) [sssd[be[KRB]]] [sdap_get_map] (5): Option ldap_user_shadow_flag > has value shadowFlag > (1257770423) [sssd[be[KRB]]] [sdap_get_map] (5): Option > ldap_user_krb_last_pwd_change has value krbLastPwdChange > (1257770423) [sssd[be[KRB]]] [sdap_get_map] (5): Option > ldap_user_krb_password_expiration has value krbPasswordExpiration > (1257770423) [sssd[be[KRB]]] [sdap_get_map] (5): Option ldap_pwd_attribute > has value pwdAttribute > (1257770423) [sssd[be[KRB]]] [sdap_get_map] (5): Option > ldap_group_object_class has value posixGroup > (1257770423) [sssd[be[KRB]]] [sdap_get_map] (5): Option ldap_group_name has > value cn > (1257770423) [sssd[be[KRB]]] [sdap_get_map] (5): Option ldap_group_pwd has > value userPassword > (1257770423) [sssd[be[KRB]]] [sdap_get_map] (5): Option ldap_group_gid_number > has value gidNumber > (1257770423) [sssd[be[KRB]]] [sdap_get_map] (5): Option ldap_group_member has > value memberuid > (1257770423) [sssd[be[KRB]]] [sdap_get_map] (5): Option ldap_group_uuid has > value (null) > (1257770423) [sssd[be[KRB]]] [sdap_get_map] (5): Option > ldap_group_modify_timestamp has value modifyTimestamp > (1257770423) [sssd[be[KRB]]] [dp_get_options] (6): Option krb5_kdcip has > value 10.75.22.3 > (1257770423) [sssd[be[KRB]]] [dp_get_options] (6): Option krb5_realm has > value ILINX > (1257770423) [sssd[be[KRB]]] [dp_get_options] (6): Option krb5_ccachedir has > value /tmp > (1257770423) [sssd[be[KRB]]] [dp_get_options] (6): Option krb5_ccname_tmpl > has value FILE:%d/krb5cc_%U_XXXXXX > (1257770423) [sssd[be[KRB]]] [dp_get_options] (6): Option > krb5_changepw_principle has value kadmin/changepw > (1257770423) [sssd[be[KRB]]] [dp_get_options] (6): Option krb5_auth_timeout > has value 15 > (1257770423) [sssd[be[KRB]]] [load_backend_module] (5): no module name found > in confdb, using [ldap]. > (1257770423) [sssd[be[KRB]]] [load_backend_module] (5): no module name found > in confdb, using [permit]. > (1257770423) [sssd[be[KRB]]] [dp_get_options] (6): Option krb5_kdcip has > value 10.75.22.3 > (1257770423) [sssd[be[KRB]]] [dp_get_options] (6): Option krb5_realm has > value ILINX > (1257770423) [sssd[be[KRB]]] [dp_get_options] (6): Option krb5_ccachedir has > value /tmp > (1257770423) [sssd[be[KRB]]] [dp_get_options] (6): Option krb5_ccname_tmpl > has value FILE:%d/krb5cc_%U_XXXXXX > (1257770423) [sssd[be[KRB]]] [dp_get_options] (6): Option > krb5_changepw_principle has value kadmin/changepw > (1257770423) [sssd[be[KRB]]] [dp_get_options] (6): Option krb5_auth_timeout > has value 15 > (1257770423) [sssd[be[KRB]]] [main] (1): Backend provider (KRB) started! > (1257770423) [sssd[be[KRB]]] [id_callback] (4): Got id ack and version (1) > from Monitor > (1257770423) [sssd[be[KRB]]] [sbus_server_init_new_connection] (5): Entering. > (1257770423) [sssd[be[KRB]]] [sbus_server_init_new_connection] (5): Adding > connection 0x8eea3b0. > (1257770423) [sssd[be[KRB]]] [sbus_init_connection] (5): Adding connection > 8EEA3B0 > (1257770423) [sssd[be[KRB]]] [sbus_server_init_new_connection] (5): Got a > connection > (1257770423) [sssd[be[KRB]]] [be_client_init] (4): Set-up Backend ID timeout > [0x8ee61a0] > (1257770423) [sssd[be[KRB]]] [client_registration] (4): Cancel DP ID timeout > [0x8ee61a0] > (1257770423) [sssd[be[KRB]]] [client_registration] (4): Added Frontend client > [NSS] > (1257770423) [sssd[be[KRB]]] [sbus_server_init_new_connection] (5): Entering. > (1257770423) [sssd[be[KRB]]] [sbus_server_init_new_connection] (5): Adding > connection 0x8ee5cf0. > (1257770423) [sssd[be[KRB]]] [sbus_init_connection] (5): Adding connection > 8EE5CF0 > (1257770423) [sssd[be[KRB]]] [sbus_server_init_new_connection] (5): Got a > connection > (1257770423) [sssd[be[KRB]]] [be_client_init] (4): Set-up Backend ID timeout > [0x8ee5520] > (1257770423) [sssd[be[KRB]]] [client_registration] (4): Cancel DP ID timeout > [0x8ee5520] > (1257770423) [sssd[be[KRB]]] [client_registration] (4): Added Frontend client > [PAM] > (1257770425) [sssd[be[KRB]]] [sdap_get_generic_done] (3): Search result: > Success(0), (null) > (1257770425) [sssd[be[KRB]]] [simple_bind_send] (4): Executing simple bind > as: (null) > (1257770425) [sssd[be[KRB]]] [simple_bind_done] (5): Server returned no > controls. > (1257770425) [sssd[be[KRB]]] [simple_bind_done] (3): Bind result: Success(0), > (null) > (1257770425) [sssd[be[KRB]]] [sdap_get_generic_done] (3): Search result: > Success(0), (null) > (1257770425) [sssd[be[KRB]]] [sdap_get_users_process] (6): Search for users, > returned 9 results. > (1257770425) [sssd[be[KRB]]] [sdap_save_user_send] (6): Storing info for user > brian > (1257770425) [sssd[be[KRB]]] [enum_users_op_done] (4): Users higher > timestamp: [20091024140220Z] > (1257770425) [sssd[be[KRB]]] [sdap_get_generic_done] (3): Search result: > Success(0), (null) > (1257770425) [sssd[be[KRB]]] [sdap_get_groups_process] (6): Search for > groups, returned 19 results. > (1257770425) [sssd[be[KRB]]] [sdap_save_group_send] (6): Storing info for > group dale > (1257770426) [sssd[be[KRB]]] [enum_groups_op_done] (4): Groups higher > timestamp: [20030821212929Z] > (1257770543) [sssd[be[KRB]]] [be_get_account_info] (4): Got request for > [1][core][name=brian] > (1257770543) [sssd[be[KRB]]] [sdap_get_generic_done] (3): Search result: > Success(0), (null) > (1257770543) [sssd[be[KRB]]] [sdap_get_users_process] (6): Search for users, > returned 1 results. > (1257770543) [sssd[be[KRB]]] [sdap_save_user_send] (6): Storing info for user > brian > (1257770543) [sssd[be[KRB]]] [acctinfo_callback] (4): Request processed. > Returned 0,0,Success > (1257770543) [sssd[be[KRB]]] [be_pam_handler] (4): Got request with the > following data > (1257770543) [sssd[be[KRB]]] [pam_print_data] (4): command: 241 > (1257770543) [sssd[be[KRB]]] [pam_print_data] (4): domain: KRB > (1257770543) [sssd[be[KRB]]] [pam_print_data] (4): user: brian > (1257770543) [sssd[be[KRB]]] [pam_print_data] (4): service: sshd > (1257770543) [sssd[be[KRB]]] [pam_print_data] (4): tty: ssh > (1257770543) [sssd[be[KRB]]] [pam_print_data] (4): ruser: > (1257770543) [sssd[be[KRB]]] [pam_print_data] (4): rhost: pc.interlinx.bc.ca > (1257770543) [sssd[be[KRB]]] [pam_print_data] (4): authtok type: 1 > (1257770543) [sssd[be[KRB]]] [pam_print_data] (4): authtok size: 8 > (1257770543) [sssd[be[KRB]]] [pam_print_data] (4): newauthtok type: 0 > (1257770543) [sssd[be[KRB]]] [pam_print_data] (4): newauthtok size: 0 > (1257770543) [sssd[be[KRB]]] [pam_print_data] (4): priv: 1 > (1257770543) [sssd[be[KRB]]] [pam_print_data] (4): pw_uid: 1001 > (1257770543) [sssd[be[KRB]]] [pam_print_data] (4): gr_gid: 1001 > (1257770543) [sssd[be[KRB]]] [pam_print_data] (4): cli_pid: 23775 > (1257770543) [sssd[be[KRB]]] [krb5_child_sig_handler] (4): child status [0]. > (1257770543) [sssd[be[KRB]]] [krb5_child_sig_handler] (1): no child with pid > [23777]. > (1257770543) [sssd[be[KRB]]] [krb5_pam_handler_done] (4): child response > [4][1][43]. > (1257770543) [sssd[be[KRB]]] [be_pam_handler_callback] (4): Backend returned: > (0, 4, <NULL>) [Success] > (1257770543) [sssd[be[KRB]]] [be_pam_handler_callback] (4): Sending result > [4][KRB] > (1257770543) [sssd[be[KRB]]] [be_pam_handler_callback] (4): Sent result > [4][KRB] Hmm, this looks incorrect here. Why are we getting "child status[0]" and then "no child with pid [23777]" Sumit, do you have any ideas here? Brian, can you also attach the [domain/KRB5] section so we can see what your configuration looks like? (feel free to sanitize passwords if you are using them) > > > > > _______________________________________________ > sssd-devel mailing list > [email protected] > https://fedorahosted.org/mailman/listinfo/sssd-devel - -- Stephen Gallagher RHCE 804006346421761 Delivering value year after year. Red Hat ranks #1 in value among software vendors. http://www.redhat.com/promo/vendor/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAkr4EdsACgkQeiVVYja6o6O2bACbB2ZTY0HtvH2928Va1HQ225+q vw4AnjsW2PiDQbwRTk4dvyHrvoZixsq/ =Qp2w -----END PGP SIGNATURE----- _______________________________________________ sssd-devel mailing list [email protected] https://fedorahosted.org/mailman/listinfo/sssd-devel
