On Thu, Mar 17, 2016 at 02:29:33PM -0400, Cyril Scetbon wrote: > Hey Jakub, > > So I think I've provided you all the log files I could. The last version > (first a connection with the reachable ldap, and then without) can be found > at : http://pastebin.com/B3JnMr65 > > The other logs are empty :
Because you didn't enable debugging in those respective sections, only in [domain]. We don't log anything except fatal failures by default.. > > # ls -lrt /var/log/sssd/ > total 304 > -rw------- 1 root root 0 Mar 17 19:16 sssd_pam.log > -rw------- 1 root root 0 Mar 17 19:16 sssd_nss.log > -rw------- 1 root root 0 Mar 17 19:16 sssd_autofs.log > -rw------- 1 root root 0 Mar 17 19:16 sssd.log > -rw------- 1 root root 0 Mar 17 19:16 ldap_child.log > -rw------- 1 root root 306912 Mar 17 19:17 sssd_default.log > > However I found other logs : > > Mar 17 19:22:26 cscetbon-vdi mysqld: pam_sss(serverdb:auth): authentication > success; logname= uid=64259 euid=64259 tty= ruser= rhost= user=myuser <==== > ldap accessible > > Mar 17 19:22:49 cscetbon-vdi mysqld: pam_sss(serverdb:auth): authentication > success; logname= uid=64259 euid=64259 tty= ruser= rhost= user= myuser <== no > ldap > Mar 17 19:22:54 cscetbon-vdi mysqld: nss_ldap: could not search LDAP server - > Server is unavailable > Mar 17 19:22:55 cscetbon-vdi unix_chkpwd: nss_ldap: could not connect to any > LDAP server as uid=pamldap,ou=Auth,dc=fti,dc=net - Can't contact LDAP server > Mar 17 19:22:55 cscetbon-vdi unix_chkpwd: nss_ldap: failed to bind to LDAP > server ldaps://ldap.multis/: Can't contact LDAP server > Mar 17 19:22:55 cscetbon-vdi unix_chkpwd: nss_ldap: could not search LDAP > server - Server is unavailable > Mar 17 19:22:55 cscetbon-vdi unix_chkpwd[3173]: could not obtain user info > (myuser) > Mar 17 19:25:01 cscetbon-vdi CRON[3652]: pam_unix(cron:session): session > opened for user root by (uid=0) > Mar 17 19:25:01 cscetbon-vdi CRON[3652]: pam_unix(cron:session): session > closed for user root > > I'm wondering if another pam file is not included even if I thought it's not > because of this unix_chkpwd issue Yes, I would have also expected pam_sss to show up here because the domain log files you showed earlier included a PAM_* action, which must have been triggered by something.. _______________________________________________ sssd-users mailing list [email protected] https://lists.fedorahosted.org/admin/lists/[email protected]
