The full log can be found at http://pastebin.com/pk5bD2ks
We can see that the ldap is marked as offline : (Mon Mar 14 15:40:06 2016) [sssd[be[default]]] [fo_resolve_service_send] (0x0020): No available servers for service 'LDAP' (Mon Mar 14 15:40:06 2016) [sssd[be[default]]] [be_resolve_server_done] (0x1000): Server resolution failed: 5 (Mon Mar 14 15:40:06 2016) [sssd[be[default]]] [sdap_id_op_connect_done] (0x0020): Failed to connect, going offline (5 [Input/output error]) (Mon Mar 14 15:40:06 2016) [sssd[be[default]]] [be_mark_offline] (0x2000): Going offline! (Mon Mar 14 15:40:06 2016) [sssd[be[default]]] [be_run_offline_cb] (0x0080): Going offline. Running callbacks. Then I see : (Mon Mar 14 15:40:06 2016) [sssd[be[default]]] [sdap_pam_auth_handler] (0x0100): Backend is marked offline, retry later! (Mon Mar 14 15:40:06 2016) [sssd[be[default]]] [be_pam_handler_callback] (0x0100): Backend returned: (1, 9, <NULL>) [Provider is Offline (Authentication service cannot retrieve authentication info)] (Mon Mar 14 15:40:06 2016) [sssd[be[default]]] [be_pam_handler_callback] (0x0100): Sending result [9][default] (Mon Mar 14 15:40:06 2016) [sssd[be[default]]] [be_pam_handler_callback] (0x0100): Sent result [9][default] (Mon Mar 14 15:40:09 2016) [sssd[be[default]]] [sbus_dispatch] (0x4000): dbus conn: 0x1c719d0 (Mon Mar 14 15:40:09 2016) [sssd[be[default]]] [sbus_dispatch] (0x4000): Dispatching. So I was expecting to get an ok from pam, as we use cache_credentials = true As I said, the only thing I did was drop my network paquets sent to port 636 to simulate a dead ldap. It takes also ~36 seconds for the connection to fail because of it > On Mar 14, 2016, at 08:59, Jakub Hrozek <[email protected]> wrote: > > On Mon, Mar 14, 2016 at 08:43:05AM -0400, Cyril Scetbon wrote: >> No pam_ldap was disabled > > Then the logs either don't capture the auth at all (and maybe the > complete logs would help) or you logged in with something like an ssh > pubkey, not password? > _______________________________________________ > sssd-users mailing list > [email protected] > https://lists.fedorahosted.org/admin/lists/[email protected] _______________________________________________ sssd-users mailing list [email protected] https://lists.fedorahosted.org/admin/lists/[email protected]
