On (17/08/17 12:38), Louis Garcia wrote: >Sorry to mail you directly but I think the sssd user mailing list is not >accepting my emails. I replied twice to this thread yesterday and both >bounced. >
I have no idea why you have problems to send a mails there. >These are the logs you wanted. Let me know how you want to proceed. > >#cat /etc/sssd/sssd.conf >[sssd] >domains = files >services = nss, pam > >[pam] >debug_level = 9 > >[domain/files] >id_provider = files >auth_provider = krb5 >debug_level = 9 > >krb5_server = panther.montclaire.local >krb5_realm = MONTCLAIRE.LOCAL > You might also ser krb5_store_password_if_offline = True cache_credentials = True So hash of password will be cached and you would be able to authenticate offline. And first option is for "automatic kinit" when you move from offline to online mode. But both options are unrelated. >#pgrep -af sssd >667 /usr/sbin/sssd -i -f >681 /usr/libexec/sssd/sssd_be --domain files --uid 0 --gid 0 >--debug-to-files >722 /usr/libexec/sssd/sssd_nss --uid 0 --gid 0 --debug-to-files >723 /usr/libexec/sssd/sssd_pam --uid 0 --gid 0 --debug-to-files That output is expected. Unfortunately, I cannot see any attempt for authentication in log files. sh$ zgrep -E "dp_pam|command:" sssd_files.log.v2.gz (Wed Aug 16 20:25:36 2017) [sssd[be[files]]] [dp_pam_handler] (0x0100): Got request with the following data (Wed Aug 16 20:25:36 2017) [sssd[be[files]]] [pam_print_data] (0x0100): command: SSS_PAM_CLOSE_SESSION (Wed Aug 16 20:25:36 2017) [sssd[be[files]]] [dp_pam_reply] (0x1000): DP Request [PAM Close Session]: Sending result [0][files] (Wed Aug 16 20:25:36 2017) [sssd[be[files]]] [dp_pam_handler] (0x0100): Got request with the following data (Wed Aug 16 20:25:36 2017) [sssd[be[files]]] [pam_print_data] (0x0100): command: SSS_PAM_CLOSE_SESSION (Wed Aug 16 20:25:36 2017) [sssd[be[files]]] [dp_pam_reply] (0x1000): DP Request [PAM Close Session]: Sending result [0][files] (Wed Aug 16 20:26:09 2017) [sssd[be[files]]] [dp_pam_handler] (0x0100): Got request with the following data (Wed Aug 16 20:26:09 2017) [sssd[be[files]]] [pam_print_data] (0x0100): command: SSS_PAM_OPEN_SESSION (Wed Aug 16 20:26:09 2017) [sssd[be[files]]] [dp_pam_reply] (0x1000): DP Request [PAM Open Session]: Sending result [0][files] (Wed Aug 16 20:26:09 2017) [sssd[be[files]]] [dp_pam_handler] (0x0100): Got request with the following data (Wed Aug 16 20:26:09 2017) [sssd[be[files]]] [pam_print_data] (0x0100): command: SSS_PAM_OPEN_SESSION (Wed Aug 16 20:26:09 2017) [sssd[be[files]]] [dp_pam_reply] (0x1000): DP Request [PAM Open Session]: Sending result [0][files] (Wed Aug 16 20:26:39 2017) [sssd[be[files]]] [dp_pam_handler] (0x0100): Got request with the following data (Wed Aug 16 20:26:39 2017) [sssd[be[files]]] [pam_print_data] (0x0100): command: SSS_PAM_OPEN_SESSION (Wed Aug 16 20:26:39 2017) [sssd[be[files]]] [dp_pam_reply] (0x1000): DP Request [PAM Open Session]: Sending result [0][files] (Wed Aug 16 20:26:39 2017) [sssd[be[files]]] [dp_pam_handler] (0x0100): Got request with the following data (Wed Aug 16 20:26:39 2017) [sssd[be[files]]] [pam_print_data] (0x0100): command: SSS_PAM_OPEN_SESSION (Wed Aug 16 20:26:39 2017) [sssd[be[files]]] [dp_pam_reply] (0x1000): DP Request [PAM Open Session]: Sending result [0][files] How do you test? ssh/su/tty ? Are /etc/pam.d/system-auth /etc/pam.d/password-auth the same? I expected related part of journal which would match ssh or su (pam related parts). Because we have sssd logs for sssd troubleshooting :-) Adding sssd-users back to CC. LS _______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected]
