On (21/11/16 09:01), Longina Przybyszewska wrote: >Thank you for the response. >The problems with login started after upgrades -this is Ubuntu Xenial . >In the meantime I debugged PAM. >I will look now in domain log > >I attach sssd.conf and the sequence for 'longina' login from sssd-pam.log >Could it be that the problem is generated by lightdm / PAM? >It seems that there is something wrong in the very last step of the login >sequence. > >cat common-session |grep -v ^# > >session [default=1] pam_permit.so >session requisite pam_deny.so >session required pam_permit.so >session optional pam_umask.so >session required pam_unix.so >session optional pam_sss.so >session optional pam_mount.so >session optional pam_systemd.so > > >cat lightdm |grep -v ^# > >auth requisite pam_nologin.so >auth sufficient pam_succeed_if.so user ingroup nopasswdlogin >@include common-auth >auth optional pam_gnome_keyring.so >auth optional pam_kwallet.so >auth optional pam_kwallet5.so >@include common-account >session [success=ok ignore=ignore module_unknown=ignore default=bad] >pam_selinux.so close >session required pam_limits.so >@include common-session >session [success=ok ignore=ignore module_unknown=ignore default=bad] >pam_selinux.so open >session optional pam_gnome_keyring.so auto_start >session optional pam_kwallet.so auto_start >session optional pam_kwallet5.so auto_start >session required pam_env.so readenv=1 >session required pam_env.so readenv=1 user_readenv=1 >envfile=/etc/default/locale >@include common-password > >Best, >Longina > >> -----Oprindelig meddelelse----- >> Fra: Jakub Hrozek [mailto:jhro...@redhat.com] >> Sendt: 17. november 2016 09:25 >> Til: sssd-users@lists.fedorahosted.org >> Emne: [SSSD-users] Re: sssd-13.4 can't login >> >> On Wed, Nov 09, 2016 at 02:45:56PM +0000, Longina Przybyszewska wrote: >> > Hi again, >> > I still hang on that problem. >> > Client and server are configured in AD trust realm environment. >> > Client and server are joind to a.c.domain; >> > User is from n.c.domain. >> > >> > During login sequence NFS-share (sec=krb5) homedir is mounted with >> right nfsidmapping . >> > User can't login because of access denied to the homedir. >> > >> > If I change mount parameter to sec=sys, user can successfully login. >> > >> > Machine's and user's credentials *are* valid ; >> > >> > == >> > Ticket cache: FILE:/tmp/krb5cc_332405654_B4r6Sy >> > Default principal: longina@N.C.DOMAIN >> > >> > Valid starting Expires Service principal >> > 11/09/2016 15:00:43 11/10/2016 01:00:43 >> krbtgt/N.C.DOMAIN@N.C.DOMAIN >> > renew until 11/10/2016 01:00:43 >> > 11/09/2016 15:00:45 11/10/2016 01:00:43 krbtgt/C.SDU.DK@N.C.DOMAIN >> > renew until 11/10/2016 01:00:43 >> > 11/09/2016 15:00:45 11/10/2016 01:00:43 nfs/adm-lptest.a.c.domain@ >> > renew until 11/10/2016 01:00:43 >> > 11/09/2016 15:00:45 11/10/2016 01:00:43 nfs/adm- >> lptest.a.c.domain@A.C.DOMAIN >> > renew until 11/10/2016 01:00:43 >> > == >> > Kerberos sequence for login ends with (krb5_child.log) : >> > >> > ==[sss_get_ccache_name_for_principal] (0x2000): krb5_cc_cache_match >> failed: [-1765328243][Can't find client principal longina@N.C.DOMAIN in >> cache collection]= >> >> You can ignore this, since you are using the FILE: ccache which is >> doesn't support collections, this error is harmless. >> >> It looks like the krb5_child itself finished fine, according to: >> > (Wed Nov 9 15:00:44 2016) [[sssd[krb5_child[1563]]]] [k5c_send_data] >> (0x0200): Received error code 0 >> > (Wed Nov 9 15:00:44 2016) [[sssd[krb5_child[1563]]]] >> [pack_response_packet] (0x2000): response packet size: [142] >> > (Wed Nov 9 15:00:44 2016) [[sssd[krb5_child[1563]]]] [k5c_send_data] >> (0x4000): Response sent. >> > (Wed Nov 9 15:00:44 2016) [[sssd[krb5_child[1563]]]] [main] (0x0400): >> krb5_child completed successfully >> >> So I would suggest to look into the domain logs as well. Chances are >> some other part (maybe the access control later?) is failing. >> _______________________________________________ >> sssd-users mailing list -- sssd-users@lists.fedorahosted.org >> To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org
>(Thu Nov 17 11:30:05 2016) [sssd[pam]] [pam_cmd_acct_mgmt] (0x0100): entering >pam_cmd_acct_mgmt >(Thu Nov 17 11:30:05 2016) [sssd[pam]] [sss_parse_name_for_domains] (0x0200): >name 'longina@n.c.domain' matched expression for domain 'n.c.domain', user is >longina >(Thu Nov 17 11:30:05 2016) [sssd[pam]] [pam_print_data] (0x0100): command: >SSS_PAM_ACCT_MGMT >(Thu Nov 17 11:30:05 2016) [sssd[pam]] [pam_print_data] (0x0100): domain: >n.c.domain >(Thu Nov 17 11:30:05 2016) [sssd[pam]] [pam_print_data] (0x0100): user: longina >(Thu Nov 17 11:30:05 2016) [sssd[pam]] [pam_print_data] (0x0100): service: su >(Thu Nov 17 11:30:05 2016) [sssd[pam]] [pam_print_data] (0x0100): tty: >/dev/pts/19 >(Thu Nov 17 11:30:05 2016) [sssd[pam]] [pam_print_data] (0x0100): ruser: root >(Thu Nov 17 11:30:05 2016) [sssd[pam]] [pam_print_data] (0x0100): rhost: not >set >(Thu Nov 17 11:30:05 2016) [sssd[pam]] [pam_print_data] (0x0100): authtok >type: 0 >(Thu Nov 17 11:30:05 2016) [sssd[pam]] [pam_print_data] (0x0100): newauthtok >type: 0 >(Thu Nov 17 11:30:05 2016) [sssd[pam]] [pam_print_data] (0x0100): priv: 1 >(Thu Nov 17 11:30:05 2016) [sssd[pam]] [pam_print_data] (0x0100): cli_pid: 6611 >(Thu Nov 17 11:30:05 2016) [sssd[pam]] [pam_print_data] (0x0100): logon name: >longina@n.c.domain >(Thu Nov 17 11:30:05 2016) [sssd[pam]] [sss_ncache_check_str] (0x2000): >Checking negative cache for [NCE/USER/n.c.domain/longina] >(Thu Nov 17 11:30:05 2016) [sssd[pam]] [pam_initgr_check_timeout] (0x4000): >User [longina@n.c.domain] not found in PAM cache. >(Thu Nov 17 11:30:05 2016) [sssd[pam]] [sss_dp_issue_request] (0x0400): >Issuing request for [0x410090:3:longina@n.c.domain] >(Thu Nov 17 11:30:05 2016) [sssd[pam]] [sss_dp_get_account_msg] (0x0400): >Creating request for [n.c.domain][0x3][BE_REQ_INITGROUPS][1][name=longina] >(Thu Nov 17 11:30:05 2016) [sssd[pam]] [sbus_add_timeout] (0x2000): 0x1fcbd80 >(Thu Nov 17 11:30:05 2016) [sssd[pam]] [sss_dp_internal_get_send] (0x0400): >Entering request [0x410090:3:longina@n.c.domain] >(Thu Nov 17 11:30:05 2016) [sssd[pam]] [sbus_remove_timeout] (0x2000): >0x1fcbd80 >(Thu Nov 17 11:30:05 2016) [sssd[pam]] [sbus_dispatch] (0x4000): dbus conn: >0x1fcc1e0 >(Thu Nov 17 11:30:05 2016) [sssd[pam]] [sbus_dispatch] (0x4000): Dispatching. >(Thu Nov 17 11:30:05 2016) [sssd[pam]] [sss_dp_get_reply] (0x1000): Got reply >from Data Provider - DP error code: 0 errno: 0 error message: Success >(Thu Nov 17 11:30:05 2016) [sssd[pam]] [pam_check_user_search] (0x0100): >Requesting info for [longina@n.c.domain] >(Thu Nov 17 11:30:05 2016) [sssd[pam]] [ldb] (0x4000): Added timed event >"ltdb_callback": 0x1fd4570 > >(Thu Nov 17 11:30:05 2016) [sssd[pam]] [ldb] (0x4000): Added timed event >"ltdb_timeout": 0x1fd4630 > >(Thu Nov 17 11:30:05 2016) [sssd[pam]] [ldb] (0x4000): Running timer event >0x1fd4570 "ltdb_callback" > >(Thu Nov 17 11:30:05 2016) [sssd[pam]] [ldb] (0x4000): Destroying timer event >0x1fd4630 "ltdb_timeout" > >(Thu Nov 17 11:30:05 2016) [sssd[pam]] [ldb] (0x4000): Ending timer event >0x1fd4570 "ltdb_callback" > >(Thu Nov 17 11:30:05 2016) [sssd[pam]] [pam_check_user_search] (0x0400): >Returning info for user [longina@n.c.domain] >(Thu Nov 17 11:30:05 2016) [sssd[pam]] [pd_set_primary_name] (0x0400): User's >primary name is longina@n.c.domain >(Thu Nov 17 11:30:05 2016) [sssd[pam]] [pam_initgr_cache_set] (0x2000): >[longina@n.c.domain] added to PAM initgroup cache >(Thu Nov 17 11:30:05 2016) [sssd[pam]] [pam_dp_send_req] (0x0100): Sending >request with the following data: >(Thu Nov 17 11:30:05 2016) [sssd[pam]] [pam_print_data] (0x0100): command: >SSS_PAM_ACCT_MGMT >(Thu Nov 17 11:30:05 2016) [sssd[pam]] [pam_print_data] (0x0100): domain: >n.c.domain >(Thu Nov 17 11:30:05 2016) [sssd[pam]] [pam_print_data] (0x0100): user: >longina@n.c.domain >(Thu Nov 17 11:30:05 2016) [sssd[pam]] [pam_print_data] (0x0100): service: su >(Thu Nov 17 11:30:05 2016) [sssd[pam]] [pam_print_data] (0x0100): tty: >/dev/pts/19 >(Thu Nov 17 11:30:05 2016) [sssd[pam]] [pam_print_data] (0x0100): ruser: root >(Thu Nov 17 11:30:05 2016) [sssd[pam]] [pam_print_data] (0x0100): rhost: not >set >(Thu Nov 17 11:30:05 2016) [sssd[pam]] [pam_print_data] (0x0100): authtok >type: 0 >(Thu Nov 17 11:30:05 2016) [sssd[pam]] [pam_print_data] (0x0100): newauthtok >type: 0 >(Thu Nov 17 11:30:05 2016) [sssd[pam]] [pam_print_data] (0x0100): priv: 1 >(Thu Nov 17 11:30:05 2016) [sssd[pam]] [pam_print_data] (0x0100): cli_pid: 6611 >(Thu Nov 17 11:30:05 2016) [sssd[pam]] [pam_print_data] (0x0100): logon name: >longina@n.c.domain >(Thu Nov 17 11:30:05 2016) [sssd[pam]] [sbus_add_timeout] (0x2000): 0x1fcd6d0 >(Thu Nov 17 11:30:05 2016) [sssd[pam]] [pam_dom_forwarder] (0x0100): >pam_dp_send_req returned 0 >(Thu Nov 17 11:30:05 2016) [sssd[pam]] [sss_dp_req_destructor] (0x0400): >Deleting request: [0x410090:3:longina@n.c.domain] >(Thu Nov 17 11:30:06 2016) [sssd[pam]] [sbus_remove_timeout] (0x2000): >0x1fcd6d0 >(Thu Nov 17 11:30:06 2016) [sssd[pam]] [sbus_dispatch] (0x4000): dbus conn: >0x1fcc1e0 >(Thu Nov 17 11:30:06 2016) [sssd[pam]] [sbus_dispatch] (0x4000): Dispatching. >(Thu Nov 17 11:30:06 2016) [sssd[pam]] [pam_dp_process_reply] (0x0200): >received: [0 (Success)][n.c.domain] >(Thu Nov 17 11:30:06 2016) [sssd[pam]] [pam_reply] (0x0200): pam_reply called >with result [0]: Success. >(Thu Nov 17 11:30:06 2016) [sssd[pam]] [pam_reply] (0x0200): blen: 29 >(Thu Nov 17 11:30:06 2016) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer >re-set for client [0x1fd3fc0][19] >(Thu Nov 17 11:30:06 2016) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer >re-set for client [0x1fd3fc0][19] >(Thu Nov 17 11:30:06 2016) [sssd[pam]] [pam_cmd_open_session] (0x0100): >entering pam_cmd_open_session >(Thu Nov 17 11:30:06 2016) [sssd[pam]] [sss_parse_name_for_domains] (0x0200): >name 'longina@n.c.domain' matched expression for domain 'n.c.domain', user is >longina >(Thu Nov 17 11:30:06 2016) [sssd[pam]] [pam_print_data] (0x0100): command: >SSS_PAM_OPEN_SESSION >(Thu Nov 17 11:30:06 2016) [sssd[pam]] [pam_print_data] (0x0100): domain: >n.c.domain >(Thu Nov 17 11:30:06 2016) [sssd[pam]] [pam_print_data] (0x0100): user: longina >(Thu Nov 17 11:30:06 2016) [sssd[pam]] [pam_print_data] (0x0100): service: su >(Thu Nov 17 11:30:06 2016) [sssd[pam]] [pam_print_data] (0x0100): tty: >/dev/pts/19 >(Thu Nov 17 11:30:06 2016) [sssd[pam]] [pam_print_data] (0x0100): ruser: root >(Thu Nov 17 11:30:06 2016) [sssd[pam]] [pam_print_data] (0x0100): rhost: not >set >(Thu Nov 17 11:30:06 2016) [sssd[pam]] [pam_print_data] (0x0100): authtok >type: 0 >(Thu Nov 17 11:30:06 2016) [sssd[pam]] [pam_print_data] (0x0100): newauthtok >type: 0 >(Thu Nov 17 11:30:06 2016) [sssd[pam]] [pam_print_data] (0x0100): priv: 1 >(Thu Nov 17 11:30:06 2016) [sssd[pam]] [pam_print_data] (0x0100): cli_pid: 6611 >(Thu Nov 17 11:30:06 2016) [sssd[pam]] [pam_print_data] (0x0100): logon name: >longina@n.c.domain >(Thu Nov 17 11:30:06 2016) [sssd[pam]] [sss_ncache_check_str] (0x2000): >Checking negative cache for [NCE/USER/n.c.domain/longina] >(Thu Nov 17 11:30:06 2016) [sssd[pam]] [pam_initgr_check_timeout] (0x2000): >User [longina@n.c.domain] found in PAM cache. >(Thu Nov 17 11:30:06 2016) [sssd[pam]] [pam_check_user_search] (0x0100): >Requesting info for [longina@n.c.domain] >(Thu Nov 17 11:30:06 2016) [sssd[pam]] [ldb] (0x4000): Added timed event >"ltdb_callback": 0x1fd07d0 > >(Thu Nov 17 11:30:06 2016) [sssd[pam]] [ldb] (0x4000): Added timed event >"ltdb_timeout": 0x1fd0890 > >(Thu Nov 17 11:30:06 2016) [sssd[pam]] [ldb] (0x4000): Running timer event >0x1fd07d0 "ltdb_callback" > >(Thu Nov 17 11:30:06 2016) [sssd[pam]] [ldb] (0x4000): Destroying timer event >0x1fd0890 "ltdb_timeout" > >(Thu Nov 17 11:30:06 2016) [sssd[pam]] [ldb] (0x4000): Ending timer event >0x1fd07d0 "ltdb_callback" > >(Thu Nov 17 11:30:06 2016) [sssd[pam]] [pam_check_user_search] (0x0400): >Returning info for user [longina@n.c.domain] >(Thu Nov 17 11:30:06 2016) [sssd[pam]] [pd_set_primary_name] (0x0400): User's >primary name is longina@n.c.domain >(Thu Nov 17 11:30:06 2016) [sssd[pam]] [pam_dp_send_req] (0x0100): Sending >request with the following data: >(Thu Nov 17 11:30:06 2016) [sssd[pam]] [pam_print_data] (0x0100): command: >SSS_PAM_OPEN_SESSION >(Thu Nov 17 11:30:06 2016) [sssd[pam]] [pam_print_data] (0x0100): domain: >n.c.domain >(Thu Nov 17 11:30:06 2016) [sssd[pam]] [pam_print_data] (0x0100): user: >longina@n.c.domain >(Thu Nov 17 11:30:06 2016) [sssd[pam]] [pam_print_data] (0x0100): service: su >(Thu Nov 17 11:30:06 2016) [sssd[pam]] [pam_print_data] (0x0100): tty: >/dev/pts/19 >(Thu Nov 17 11:30:06 2016) [sssd[pam]] [pam_print_data] (0x0100): ruser: root >(Thu Nov 17 11:30:06 2016) [sssd[pam]] [pam_print_data] (0x0100): rhost: not >set >(Thu Nov 17 11:30:06 2016) [sssd[pam]] [pam_print_data] (0x0100): authtok >type: 0 >(Thu Nov 17 11:30:06 2016) [sssd[pam]] [pam_print_data] (0x0100): newauthtok >type: 0 >(Thu Nov 17 11:30:06 2016) [sssd[pam]] [pam_print_data] (0x0100): priv: 1 >(Thu Nov 17 11:30:06 2016) [sssd[pam]] [pam_print_data] (0x0100): cli_pid: 6611 >(Thu Nov 17 11:30:06 2016) [sssd[pam]] [pam_print_data] (0x0100): logon name: >longina@n.c.domain >(Thu Nov 17 11:30:06 2016) [sssd[pam]] [sbus_add_timeout] (0x2000): 0x1fcd640 >(Thu Nov 17 11:30:06 2016) [sssd[pam]] [pam_dom_forwarder] (0x0100): >pam_dp_send_req returned 0 >(Thu Nov 17 11:30:06 2016) [sssd[pam]] [sbus_remove_timeout] (0x2000): >0x1fcd640 >(Thu Nov 17 11:30:06 2016) [sssd[pam]] [sbus_dispatch] (0x4000): dbus conn: >0x1fcc1e0 >(Thu Nov 17 11:30:06 2016) [sssd[pam]] [sbus_dispatch] (0x4000): Dispatching. >(Thu Nov 17 11:30:06 2016) [sssd[pam]] [pam_dp_process_reply] (0x0200): >received: [0 (Success)][n.c.domain] >(Thu Nov 17 11:30:06 2016) [sssd[pam]] [pam_reply] (0x0200): pam_reply called >with result [0]: Success. >(Thu Nov 17 11:30:06 2016) [sssd[pam]] [pam_reply] (0x0200): blen: 29 >(Thu Nov 17 11:30:06 2016) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer >re-set for client [0x1fd3fc0][19] >(Thu Nov 17 11:30:10 2016) [sssd[pam]] [pam_initgr_cache_remove] (0x2000): >[longina@n.c.domain] removed from PAM initgroup cache >(Thu Nov 17 11:30:12 2016) [sssd[pam]] [sbus_dispatch] (0x4000): dbus conn: >0x1fcfa30 >(Thu Nov 17 11:30:12 2016) [sssd[pam]] [sbus_dispatch] (0x4000): Dispatching. >(Thu Nov 17 11:30:12 2016) [sssd[pam]] [sbus_message_handler] (0x2000): >Received SBUS method org.freedesktop.sssd.service.ping on path >/org/freedesktop/sssd/service >(Thu Nov 17 11:30:12 2016) [sssd[pam]] [sbus_get_sender_id_send] (0x2000): Not >a sysbus message, quit >(Thu Nov 17 11:30:22 2016) [sssd[pam]] [sbus_dispatch] (0x4000): dbus conn: >0x1fcfa30 >(Thu Nov 17 11:30:22 2016) [sssd[pam]] [sbus_dispatch] (0x4000): Dispatching. >(Thu Nov 17 11:30:22 2016) [sssd[pam]] [sbus_message_handler] (0x2000): >Received SBUS method org.freedesktop.sssd.service.ping on path >/org/freedesktop/sssd/service >(Thu Nov 17 11:30:22 2016) [sssd[pam]] [sbus_get_sender_id_send] (0x2000): Not >a sysbus message, quit >(Thu Nov 17 11:30:32 2016) [sssd[pam]] [sbus_dispatch] (0x4000): dbus conn: >0x1fcfa30 >(Thu Nov 17 11:30:32 2016) [sssd[pam]] [sbus_dispatch] (0x4000): Dispatching. >(Thu Nov 17 11:30:32 2016) [sssd[pam]] [sbus_message_handler] (0x2000): >Received SBUS method org.freedesktop.sssd.service.ping on path >/org/freedesktop/sssd/service >(Thu Nov 17 11:30:32 2016) [sssd[pam]] [sbus_get_sender_id_send] (0x2000): Not >a sysbus message, quit >(Thu Nov 17 11:30:42 2016) [sssd[pam]] [sbus_dispatch] (0x4000): dbus conn: >0x1fcfa30 >(Thu Nov 17 11:30:42 2016) [sssd[pam]] [sbus_dispatch] (0x4000): Dispatching. >(Thu Nov 17 11:30:42 2016) [sssd[pam]] [sbus_message_handler] (0x2000): >Received SBUS method org.freedesktop.sssd.service.ping on path >/org/freedesktop/sssd/service >(Thu Nov 17 11:30:42 2016) [sssd[pam]] [sbus_get_sender_id_send] (0x2000): Not >a sysbus message, quit >(Thu Nov 17 11:30:52 2016) [sssd[pam]] [sbus_dispatch] (0x4000): dbus conn: >0x1fcfa30 >(Thu Nov 17 11:30:52 2016) [sssd[pam]] [sbus_dispatch] (0x4000): Dispatching. >(Thu Nov 17 11:30:52 2016) [sssd[pam]] [sbus_message_handler] (0x2000): >Received SBUS method org.freedesktop.sssd.service.ping on path >/org/freedesktop/sssd/service >(Thu Nov 17 11:30:52 2016) [sssd[pam]] [sbus_get_sender_id_send] (0x2000): Not >a sysbus message, quit >(Thu Nov 17 11:30:53 2016) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer >re-set for client [0x1fd3fc0][19] >(Thu Nov 17 11:30:53 2016) [sssd[pam]] [pam_cmd_close_session] (0x0100): >entering pam_cmd_close_session >(Thu Nov 17 11:30:53 2016) [sssd[pam]] [sss_parse_name_for_domains] (0x0200): >name 'longina@n.c.domain' matched expression for domain 'n.c.domain', user is >longina >(Thu Nov 17 11:30:53 2016) [sssd[pam]] [pam_print_data] (0x0100): command: >SSS_PAM_CLOSE_SESSION >(Thu Nov 17 11:30:53 2016) [sssd[pam]] [pam_print_data] (0x0100): domain: >n.c.domain >(Thu Nov 17 11:30:53 2016) [sssd[pam]] [pam_print_data] (0x0100): user: longina >(Thu Nov 17 11:30:53 2016) [sssd[pam]] [pam_print_data] (0x0100): service: su >(Thu Nov 17 11:30:53 2016) [sssd[pam]] [pam_print_data] (0x0100): tty: >/dev/pts/19 >(Thu Nov 17 11:30:53 2016) [sssd[pam]] [pam_print_data] (0x0100): ruser: root >(Thu Nov 17 11:30:53 2016) [sssd[pam]] [pam_print_data] (0x0100): rhost: not >set >(Thu Nov 17 11:30:53 2016) [sssd[pam]] [pam_print_data] (0x0100): authtok >type: 0 >(Thu Nov 17 11:30:53 2016) [sssd[pam]] [pam_print_data] (0x0100): newauthtok >type: 0 >(Thu Nov 17 11:30:53 2016) [sssd[pam]] [pam_print_data] (0x0100): priv: 1 >(Thu Nov 17 11:30:53 2016) [sssd[pam]] [pam_print_data] (0x0100): cli_pid: 6611 >(Thu Nov 17 11:30:53 2016) [sssd[pam]] [pam_print_data] (0x0100): logon name: >longina@n.c.domain >(Thu Nov 17 11:30:53 2016) [sssd[pam]] [sss_ncache_check_str] (0x2000): >Checking negative cache for [NCE/USER/n.c.domain/longina] >(Thu Nov 17 11:30:53 2016) [sssd[pam]] [pam_initgr_check_timeout] (0x4000): >User [longina@n.c.domain] not found in PAM cache. >(Thu Nov 17 11:30:53 2016) [sssd[pam]] [sss_dp_issue_request] (0x0400): >Issuing request for [0x410090:3:longina@n.c.domain] >(Thu Nov 17 11:30:53 2016) [sssd[pam]] [sss_dp_get_account_msg] (0x0400): >Creating request for [n.c.domain][0x3][BE_REQ_INITGROUPS][1][name=longina] >(Thu Nov 17 11:30:53 2016) [sssd[pam]] [sbus_add_timeout] (0x2000): 0x1fcd6d0 >(Thu Nov 17 11:30:53 2016) [sssd[pam]] [sss_dp_internal_get_send] (0x0400): >Entering request [0x410090:3:longina@n.c.domain] >(Thu Nov 17 11:30:53 2016) [sssd[pam]] [sbus_remove_timeout] (0x2000): >0x1fcd6d0 >(Thu Nov 17 11:30:53 2016) [sssd[pam]] [sbus_dispatch] (0x4000): dbus conn: >0x1fcc1e0 >(Thu Nov 17 11:30:53 2016) [sssd[pam]] [sbus_dispatch] (0x4000): Dispatching. >(Thu Nov 17 11:30:53 2016) [sssd[pam]] [sss_dp_get_reply] (0x1000): Got reply >from Data Provider - DP error code: 0 errno: 0 error message: Success >(Thu Nov 17 11:30:53 2016) [sssd[pam]] [pam_check_user_search] (0x0100): >Requesting info for [longina@n.c.domain] >(Thu Nov 17 11:30:53 2016) [sssd[pam]] [ldb] (0x4000): Added timed event >"ltdb_callback": 0x1fd07d0 > >(Thu Nov 17 11:30:53 2016) [sssd[pam]] [ldb] (0x4000): Added timed event >"ltdb_timeout": 0x1fd0890 > >(Thu Nov 17 11:30:53 2016) [sssd[pam]] [ldb] (0x4000): Running timer event >0x1fd07d0 "ltdb_callback" >(Thu Nov 17 11:30:53 2016) [sssd[pam]] [ldb] (0x4000): Destroying timer event >0x1fd0890 "ltdb_timeout" > >(Thu Nov 17 11:30:53 2016) [sssd[pam]] [ldb] (0x4000): Ending timer event >0x1fd07d0 "ltdb_callback" > >(Thu Nov 17 11:30:53 2016) [sssd[pam]] [pam_check_user_search] (0x0400): >Returning info for user [longina@n.c.domain] >(Thu Nov 17 11:30:53 2016) [sssd[pam]] [pd_set_primary_name] (0x0400): User's >primary name is longina@n.c.domain >(Thu Nov 17 11:30:53 2016) [sssd[pam]] [pam_initgr_cache_set] (0x2000): >[longina@n.c.domain] added to PAM initgroup cache >(Thu Nov 17 11:30:53 2016) [sssd[pam]] [pam_dp_send_req] (0x0100): Sending >request with the following data: >(Thu Nov 17 11:30:53 2016) [sssd[pam]] [pam_print_data] (0x0100): command: >SSS_PAM_CLOSE_SESSION >(Thu Nov 17 11:30:53 2016) [sssd[pam]] [pam_print_data] (0x0100): domain: >n.c.domain >(Thu Nov 17 11:30:53 2016) [sssd[pam]] [pam_print_data] (0x0100): user: >longina@n.c.domain >(Thu Nov 17 11:30:53 2016) [sssd[pam]] [pam_print_data] (0x0100): service: su >(Thu Nov 17 11:30:53 2016) [sssd[pam]] [pam_print_data] (0x0100): tty: >/dev/pts/19 >(Thu Nov 17 11:30:53 2016) [sssd[pam]] [pam_print_data] (0x0100): ruser: root >(Thu Nov 17 11:30:53 2016) [sssd[pam]] [pam_print_data] (0x0100): rhost: not >set >(Thu Nov 17 11:30:53 2016) [sssd[pam]] [pam_print_data] (0x0100): authtok >type: 0 >(Thu Nov 17 11:30:53 2016) [sssd[pam]] [pam_print_data] (0x0100): newauthtok >type: 0 >(Thu Nov 17 11:30:53 2016) [sssd[pam]] [pam_print_data] (0x0100): priv: 1 >(Thu Nov 17 11:30:53 2016) [sssd[pam]] [pam_print_data] (0x0100): cli_pid: 6611 >(Thu Nov 17 11:30:53 2016) [sssd[pam]] [pam_print_data] (0x0100): logon name: >longina@n.c.domain >(Thu Nov 17 11:30:53 2016) [sssd[pam]] [sbus_add_timeout] (0x2000): 0x1fcbd80 >(Thu Nov 17 11:30:53 2016) [sssd[pam]] [pam_dom_forwarder] (0x0100): >pam_dp_send_req returned 0 >(Thu Nov 17 11:30:53 2016) [sssd[pam]] [sss_dp_req_destructor] (0x0400): >Deleting request: [0x410090:3:longina@n.c.domain] >(Thu Nov 17 11:30:53 2016) [sssd[pam]] [sbus_remove_timeout] (0x2000): >0x1fcbd80 >(Thu Nov 17 11:30:53 2016) [sssd[pam]] [sbus_dispatch] (0x4000): dbus conn: >0x1fcc1e0 >(Thu Nov 17 11:30:53 2016) [sssd[pam]] [sbus_dispatch] (0x4000): Dispatching. >(Thu Nov 17 11:30:53 2016) [sssd[pam]] [pam_dp_process_reply] (0x0200): >received: [0 (Success)][n.c.domain] >(Thu Nov 17 11:30:53 2016) [sssd[pam]] [pam_reply] (0x0200): pam_reply called >with result [0]: Success. >(Thu Nov 17 11:30:53 2016) [sssd[pam]] [pam_reply] (0x0200): blen: 29 >(Thu Nov 17 11:30:53 2016) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer >re-set for client [0x1fd3fc0][19] >(Thu Nov 17 11:30:53 2016) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer >re-set for client [0x1fd3fc0][19] >(Thu Nov 17 11:30:53 2016) [sssd[pam]] [client_recv] (0x0200): Client >disconnected! >(Thu Nov 17 11:30:53 2016) [sssd[pam]] [client_destructor] (0x2000): >Terminated client [0x1fd3fc0][19] >(Thu Nov 17 11:30:58 2016) [sssd[pam]] [pam_initgr_cache_remove] (0x2000): >[longina@n.c.domain] removed from PAM initgroup cache >(Thu Nov 17 11:30:59 2016) [sssd[pam]] [get_client_cred] (0x4000): Client >creds: euid[0] egid[0] pid[1717]. >(Thu Nov 17 11:30:59 2016) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer >re-set for client [0x1fd3fc0][19] >(Thu Nov 17 11:30:59 2016) [sssd[pam]] [accept_fd_handler] (0x0400): Client >connected to privileged pipe! >(Thu Nov 17 11:30:59 2016) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer >re-set for client [0x1fd3fc0][19] >(Thu Nov 17 11:30:59 2016) [sssd[pam]] [sss_cmd_get_version] (0x0200): >Received client version [3]. >(Thu Nov 17 11:30:59 2016) [sssd[pam]] [sss_cmd_get_version] (0x0200): Offered >version [3]. >(Thu Nov 17 11:30:59 2016) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer >re-set for client [0x1fd3fc0][19] >(Thu Nov 17 11:30:59 2016) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer >re-set for client [0x1fd3fc0][19] >(Thu Nov 17 11:30:59 2016) [sssd[pam]] [pam_cmd_close_session] (0x0100): >entering pam_cmd_close_session >(Thu Nov 17 11:30:59 2016) [sssd[pam]] [sss_parse_name_for_domains] (0x0200): >name 'alongina' matched without domain, user is alongina >(Thu Nov 17 11:30:59 2016) [sssd[pam]] [pam_print_data] (0x0100): command: >SSS_PAM_CLOSE_SESSION >(Thu Nov 17 11:30:59 2016) [sssd[pam]] [pam_print_data] (0x0100): domain: not >set >(Thu Nov 17 11:30:59 2016) [sssd[pam]] [pam_print_data] (0x0100): user: >alongina >(Thu Nov 17 11:30:59 2016) [sssd[pam]] [pam_print_data] (0x0100): service: >lightdm >(Thu Nov 17 11:30:59 2016) [sssd[pam]] [pam_print_data] (0x0100): tty: :0 >(Thu Nov 17 11:30:59 2016) [sssd[pam]] [pam_print_data] (0x0100): ruser: not >set >(Thu Nov 17 11:30:59 2016) [sssd[pam]] [pam_print_data] (0x0100): rhost: not >set >(Thu Nov 17 11:30:59 2016) [sssd[pam]] [pam_print_data] (0x0100): authtok >type: 0 >(Thu Nov 17 11:30:59 2016) [sssd[pam]] [pam_print_data] (0x0100): newauthtok >type: 0 >(Thu Nov 17 11:30:59 2016) [sssd[pam]] [pam_print_data] (0x0100): priv: 1 >(Thu Nov 17 11:30:59 2016) [sssd[pam]] [pam_print_data] (0x0100): cli_pid: 1717 >(Thu Nov 17 11:30:59 2016) [sssd[pam]] [pam_print_data] (0x0100): logon name: >alongina >(Thu Nov 17 11:30:59 2016) [sssd[pam]] [pam_reply] (0x0200): pam_reply called >with result [10]: User not known to the underlying authentication module. >(Thu Nov 17 11:30:59 2016) [sssd[pam]] [pam_reply] (0x0200): blen: 8 Is it a typo? because the user "alongina" was not recognized as a sssd user. Therefore there is a pam error "User not known to the underlying authentication module" Different user was used in previous pam actions "longina@n.c.domain" >(Thu Nov 17 11:30:59 2016) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer >re-set for client [0x1fd3fc0][19] >(Thu Nov 17 11:30:59 2016) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer >re-set for client [0x1fd3fc0][19] >(Thu Nov 17 11:30:59 2016) [sssd[pam]] [client_recv] (0x0200): Client >disconnected! >(Thu Nov 17 11:30:59 2016) [sssd[pam]] [client_destructor] (0x2000): >Terminated client [0x1fd3fc0][19] >(Thu Nov 17 11:31:00 2016) [sssd[pam]] [get_client_cred] (0x4000): Client >creds: euid[0] egid[0] pid[6669]. >(Thu Nov 17 11:31:00 2016) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer >re-set for client [0x1fd3fc0][19] >(Thu Nov 17 11:31:00 2016) [sssd[pam]] [accept_fd_handler] (0x0400): Client >connected to privileged pipe! >(Thu Nov 17 11:31:00 2016) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer >re-set for client [0x1fd3fc0][19] >(Thu Nov 17 11:31:00 2016) [sssd[pam]] [sss_cmd_get_version] (0x0200): >Received client version [3]. >(Thu Nov 17 11:31:00 2016) [sssd[pam]] [sss_cmd_get_version] (0x0200): Offered >version [3]. >(Thu Nov 17 11:31:00 2016) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer >re-set for client [0x1fd3fc0][19] >(Thu Nov 17 11:31:00 2016) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer >re-set for client [0x1fd3fc0][19] >(Thu Nov 17 11:31:00 2016) [sssd[pam]] [pam_cmd_open_session] (0x0100): >entering pam_cmd_open_session >(Thu Nov 17 11:31:00 2016) [sssd[pam]] [sss_parse_name_for_domains] (0x0200): >name 'lightdm' matched without domain, user is lightdm >(Thu Nov 17 11:31:00 2016) [sssd[pam]] [pam_print_data] (0x0100): command: >SSS_PAM_OPEN_SESSION >(Thu Nov 17 11:31:00 2016) [sssd[pam]] [pam_print_data] (0x0100): domain: not >set >(Thu Nov 17 11:31:00 2016) [sssd[pam]] [pam_print_data] (0x0100): user: lightdm >(Thu Nov 17 11:31:00 2016) [sssd[pam]] [pam_print_data] (0x0100): service: >lightdm-greeter >(Thu Nov 17 11:31:00 2016) [sssd[pam]] [pam_print_data] (0x0100): tty: :0 >(Thu Nov 17 11:31:00 2016) [sssd[pam]] [pam_print_data] (0x0100): ruser: not >set >(Thu Nov 17 11:31:00 2016) [sssd[pam]] [pam_print_data] (0x0100): rhost: not >set >(Thu Nov 17 11:31:00 2016) [sssd[pam]] [pam_print_data] (0x0100): authtok >type: 0 >(Thu Nov 17 11:31:00 2016) [sssd[pam]] [pam_print_data] (0x0100): newauthtok >type: 0 >(Thu Nov 17 11:31:00 2016) [sssd[pam]] [pam_print_data] (0x0100): priv: 1 >(Thu Nov 17 11:31:00 2016) [sssd[pam]] [pam_print_data] (0x0100): cli_pid: 6669 >(Thu Nov 17 11:31:00 2016) [sssd[pam]] [pam_print_data] (0x0100): logon name: >lightdm >(Thu Nov 17 11:31:00 2016) [sssd[pam]] [pam_reply] (0x0200): pam_reply called >with result [10]: User not known to the underlying authentication module. I think it is expected user lightdm is not handled by sssd. So I am not sure wheter it could cause a problem. The only problem could be caused by gpo and that service "lightdm-greeter" is not allowed by default. LS _______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org