Thanks for the response. I was on #sssd and someone said that duplicate
usernames like we have is a no go, so I was planning on just removing local
accounts and deal with the fallout. However, I'm
happy to look for a different fix.
Geoff.
- We are using the implicit files provider
- The sssd.conf file is
[domain/place.edu]id_provider = adaccess_provider = ad
ldap_idmap_range_min = 200000ldap_idmap_range_max =
2000200000ldap_idmap_range_size = 800000ldap_pwd_policy = none
sudo_provider = none
debug_level = 8
[sssd]services = nss, pamconfig_file_version = 2domains = place.edu
[nss]override_shell=/bin/bashoverride_homedir=/home/%ufilter_users =
<stuff>filter_groups = <stuff>
[pam]
- The domain log file is. (There is a failed login attempt in this range of
entries, but it doesn't show up anywhere.)
(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [child_sig_handler] (0x1000):
Waiting for child [19947].(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]]
[child_sig_handler] (0x0020): child [19947]
failed with status [2].(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]]
[nsupdate_child_handler] (0x0040): Dynamic DNS child failed with status
[512](Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]]
[be_nsupdate_done] (0x0040): nsupdate child execution failed [1432158239]:
Dynamic DNS update failed(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]]
[sbus_server_init_new_connection] (0x0200):
Entering.(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]]
[sbus_server_init_new_connection] (0x0200): Adding connection
0x55a3326eac70.(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]]
[sbus_init_connection] (0x0400): Adding connection 0x55a3326eac70(Wed Jan 24
08:53:43 2018) [sssd[be[place.edu]]] [sbus_add_watch] (0x2000):
0x55a3326d8260/0x55a3326ede90 (19), -/W (disabled)(Wed Jan
24 08:53:43 2018) [sssd[be[place.edu]]] [sbus_server_init_new_connection]
(0x0200): Got a connection(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]]
[dp_client_init] (0x0100): Set-up Backend ID
timeout [0x55a3326e7070](Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]]
[sbus_opath_hash_add_iface] (0x0400): Registering interface
org.freedesktop.sssd.DataProvider.Client with path
/org/freedesktop/sssd/dataprovider(Wed Jan 24 08:53:43 2018)
[sssd[be[place.edu]]] [sbus_conn_register_path] (0x0400): Registering object
path /org/freedesktop/sssd/dataprovider with D-Bus
connection(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]]
[sbus_opath_hash_add_iface] (0x0400): Registering interface
org.freedesktop.DBus.Properties with path /org/freedesktop/sssd/dataprovider(Wed
Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [sbus_opath_hash_add_iface]
(0x0400): Registering interface org.freedesktop.DBus.Introspectable with path
/org/freedesktop/sssd/dataprovider(Wed Jan 24
08:53:43 2018) [sssd[be[place.edu]]] [sbus_opath_hash_add_iface] (0x0400):
Registering interface org.freedesktop.sssd.dataprovider with path
/org/freedesktop/sssd/dataprovider(Wed Jan 24 08:53:43
2018) [sssd[be[place.edu]]] [sbus_opath_hash_add_iface] (0x0400): Registering
interface org.freedesktop.sssd.DataProvider.Backend with path
/org/freedesktop/sssd/dataprovider(Wed Jan 24 08:53:43 2018)
[sssd[be[place.edu]]] [sbus_opath_hash_add_iface] (0x0400): Registering
interface org.freedesktop.sssd.DataProvider.Failover with path
/org/freedesktop/sssd/dataprovider(Wed Jan 24 08:53:43 2018)
[sssd[be[place.edu]]] [sbus_server_init_new_connection] (0x0200): Entering.(Wed
Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [sbus_server_init_new_connection]
(0x0200): Adding connection
0x55a3326e8800.(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]]
[sbus_init_connection] (0x0400): Adding connection 0x55a3326e8800(Wed Jan 24
08:53:43 2018) [sssd[be[place.edu]]] [sbus_add_watch]
(0x2000): 0x55a3326d8de0/0x55a3326d9630 (20), -/W (disabled)(Wed Jan 24
08:53:43 2018) [sssd[be[place.edu]]] [sbus_server_init_new_connection]
(0x0200): Got a connection(Wed Jan 24 08:53:43 2018)
[sssd[be[place.edu]]] [dp_client_init] (0x0100): Set-up Backend ID timeout
[0x55a3326f3510](Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]]
[sbus_opath_hash_add_iface] (0x0400): Registering interface
org.freedesktop.sssd.DataProvider.Client with path
/org/freedesktop/sssd/dataprovider(Wed Jan 24 08:53:43 2018)
[sssd[be[place.edu]]] [sbus_conn_register_path] (0x0400): Registering object
path
/org/freedesktop/sssd/dataprovider with D-Bus connection(Wed Jan 24 08:53:43
2018) [sssd[be[place.edu]]] [sbus_opath_hash_add_iface] (0x0400): Registering
interface org.freedesktop.DBus.Properties
with path /org/freedesktop/sssd/dataprovider(Wed Jan 24 08:53:43 2018)
[sssd[be[place.edu]]] [sbus_opath_hash_add_iface] (0x0400): Registering
interface org.freedesktop.DBus.Introspectable with path
/org/freedesktop/sssd/dataprovider(Wed Jan 24 08:53:43 2018)
[sssd[be[place.edu]]] [sbus_opath_hash_add_iface] (0x0400): Registering
interface org.freedesktop.sssd.dataprovider with path
/org/freedesktop/sssd/dataprovider(Wed Jan 24 08:53:43 2018)
[sssd[be[place.edu]]] [sbus_opath_hash_add_iface] (0x0400): Registering
interface org.freedesktop.sssd.DataProvider.Backend with path
/org/freedesktop/sssd/dataprovider(Wed Jan 24 08:53:43 2018)
[sssd[be[place.edu]]] [sbus_opath_hash_add_iface] (0x0400): Registering
interface org.freedesktop.sssd.DataProvider.Failover with path
/org/freedesktop/sssd/dataprovider(Wed Jan 24 08:53:43 2018)
[sssd[be[place.edu]]] [sbus_message_handler] (0x2000): Received SBUS method
org.freedesktop.sssd.DataProvider.Client.Register on path
/org/freedesktop/sssd/dataprovider(Wed Jan 24 08:53:43 2018)
[sssd[be[place.edu]]] [sbus_get_sender_id_send] (0x2000): Not a sysbus message,
quit(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]]
[dp_client_register] (0x0100): Cancel DP ID timeout [0x55a3326f3510](Wed Jan 24
08:53:43 2018) [sssd[be[place.edu]]] [dp_client_register] (0x0100): Added
Frontend client [PAM](Wed Jan 24 08:53:43
2018) [sssd[be[place.edu]]] [sbus_message_handler] (0x2000): Received SBUS
method org.freedesktop.sssd.dataprovider.getDomains on path
/org/freedesktop/sssd/dataprovider(Wed Jan 24 08:53:43 2018)
[sssd[be[place.edu]]] [sbus_get_sender_id_send] (0x2000): Not a sysbus message,
quit(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [dp_attach_req] (0x0400):
DP Request [Subdomains #0]: New request.
Flags [0000].(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [dp_attach_req]
(0x0400): Number of active DP request: 1(Wed Jan 24 08:53:43 2018)
[sssd[be[place.edu]]] [ad_subdomains_handler_send]
(0x0400): Subdomains were recently refreshed, nothing to do(Wed Jan 24 08:53:43
2018) [sssd[be[place.edu]]] [dp_req_done] (0x0400): DP Request [Subdomains #0]:
Request handler finished [0]:
Success(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [_dp_req_recv]
(0x0400): DP Request [Subdomains #0]: Receiving request data.(Wed Jan 24
08:53:43 2018) [sssd[be[place.edu]]]
[dp_req_reply_list_success] (0x0400): DP Request [Subdomains #0]: Finished.
Success.(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [dp_req_reply_std]
(0x1000): DP Request [Subdomains #0]: Returning
[Success]: 0,0,Success(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]]
[dp_table_value_destructor] (0x0400): Removing [8:8:0000:<ALL>] from reply
table(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]]
[dp_req_destructor] (0x0400): DP Request [Subdomains #0]: Request removed.(Wed
Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [dp_req_destructor] (0x0400):
Number of active DP request: 0(Wed Jan 24
08:53:43 2018) [sssd[be[place.edu]]] [sbus_message_handler] (0x2000): Received
SBUS method org.freedesktop.sssd.DataProvider.Client.Register on path
/org/freedesktop/sssd/dataprovider(Wed Jan 24
08:53:43 2018) [sssd[be[place.edu]]] [sbus_get_sender_id_send] (0x2000): Not a
sysbus message, quit(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]]
[dp_client_register] (0x0100): Cancel DP ID timeout
[0x55a3326e7070](Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]]
[dp_client_register] (0x0100): Added Frontend client [NSS](Wed Jan 24 08:53:43
2018) [sssd[be[place.edu]]] [sbus_message_handler]
(0x2000): Received SBUS method org.freedesktop.sssd.dataprovider.getDomains on
path /org/freedesktop/sssd/dataprovider(Wed Jan 24 08:53:43 2018)
[sssd[be[place.edu]]] [sbus_get_sender_id_send]
(0x2000): Not a sysbus message, quit(Wed Jan 24 08:53:43 2018)
[sssd[be[place.edu]]] [dp_attach_req] (0x0400): DP Request [Subdomains #1]: New
request. Flags [0000].(Wed Jan 24 08:53:43 2018)
[sssd[be[place.edu]]] [dp_attach_req] (0x0400): Number of active DP request:
1(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [ad_subdomains_handler_send]
(0x0400): Subdomains were recently
refreshed, nothing to do(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]]
[dp_req_done] (0x0400): DP Request [Subdomains #0]: Request handler finished
[0]: Success(Wed Jan 24 08:53:43 2018)
[sssd[be[place.edu]]] [_dp_req_recv] (0x0400): DP Request [Subdomains #0]:
Receiving request data.(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]]
[dp_req_reply_list_success] (0x0400): DP Request
[Subdomains #0]: Finished. Success.(Wed Jan 24 08:53:43 2018)
[sssd[be[place.edu]]] [dp_req_reply_std] (0x1000): DP Request [Subdomains #0]:
Returning [Success]: 0,0,Success(Wed Jan 24 08:53:43 2018)
[sssd[be[place.edu]]] [dp_table_value_destructor] (0x0400): Removing
[8:8:0000:<ALL>] from reply table(Wed Jan 24 08:53:43 2018)
[sssd[be[place.edu]]] [dp_req_destructor] (0x0400): DP Request
[Subdomains #0]: Request removed.(Wed Jan 24 08:53:43 2018)
[sssd[be[place.edu]]] [dp_req_destructor] (0x0400): Number of active DP
request: 0(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]]
[sbus_message_handler] (0x2000): Received SBUS method
org.freedesktop.sssd.DataProvider.Client.Register on path
/org/freedesktop/sssd/dataprovider(Wed Jan 24 08:53:43 2018)
[sssd[be[place.edu]]]
[sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit(Wed Jan 24
08:53:43 2018) [sssd[be[place.edu]]] [dp_client_register] (0x0100): Cancel DP
ID timeout [0x55a3326e7070](Wed Jan 24 08:53:43
2018) [sssd[be[place.edu]]] [dp_client_register] (0x0100): Added Frontend
client [NSS](Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]]
[sbus_message_handler] (0x2000): Received SBUS method
org.freedesktop.sssd.dataprovider.getDomains on path
/org/freedesktop/sssd/dataprovider(Wed Jan 24 08:53:43 2018)
[sssd[be[place.edu]]] [sbus_get_sender_id_send] (0x2000): Not a sysbus message,
quit(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [dp_attach_req] (0x0400):
DP Request [Subdomains #1]: New request. Flags [0000].(Wed Jan 24 08:53:43
2018) [sssd[be[place.edu]]] [dp_attach_req]
(0x0400): Number of active DP request: 1(Wed Jan 24 08:53:43 2018)
[sssd[be[place.edu]]] [ad_subdomains_handler_send] (0x0400): Subdomains were
recently refreshed, nothing to do(Wed Jan 24 08:53:43
2018) [sssd[be[place.edu]]] [dp_req_done] (0x0400): DP Request [Subdomains #1]:
Request handler finished [0]: Success(Wed Jan 24 08:53:43 2018)
[sssd[be[place.edu]]] [_dp_req_recv] (0x0400): DP
Request [Subdomains #1]: Receiving request data.(Wed Jan 24 08:53:43 2018)
[sssd[be[place.edu]]] [dp_req_reply_list_success] (0x0400): DP Request
[Subdomains #1]: Finished. Success.(Wed Jan 24
08:53:43 2018) [sssd[be[place.edu]]] [dp_req_reply_std] (0x1000): DP Request
[Subdomains #1]: Returning [Success]: 0,0,Success(Wed Jan 24 08:53:43 2018)
[sssd[be[place.edu]]]
[dp_table_value_destructor] (0x0400): Removing [8:8:0000:<ALL>] from reply
table(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [dp_req_destructor]
(0x0400): DP Request [Subdomains #1]: Request
removed.(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [dp_req_destructor]
(0x0400): Number of active DP request: 0(Wed Jan 24 08:53:44 2018)
[sssd[be[place.edu]]] [sbus_server_init_new_connection]
(0x0200): Entering.(Wed Jan 24 08:53:44 2018) [sssd[be[place.edu]]]
[sbus_server_init_new_connection] (0x0200): Adding connection
0x55a3326fa950.(Wed Jan 24 08:53:44 2018) [sssd[be[place.edu]]]
[sbus_init_connection] (0x0400): Adding connection 0x55a3326fa950(Wed Jan 24
08:53:44 2018) [sssd[be[place.edu]]] [sbus_add_watch] (0x2000):
0x55a3326d00c0/0x55a3326fa5b0 (21), -/W (disabled)(Wed Jan
24 08:53:44 2018) [sssd[be[place.edu]]] [sbus_server_init_new_connection]
(0x0200): Got a connection(Wed Jan 24 08:53:44 2018) [sssd[be[place.edu]]]
[dp_client_init] (0x0100): Set-up Backend ID
timeout [0x55a3326e7070](Wed Jan 24 08:53:44 2018) [sssd[be[place.edu]]]
[sbus_opath_hash_add_iface] (0x0400): Registering interface
org.freedesktop.sssd.DataProvider.Client with path
/org/freedesktop/sssd/dataprovider(Wed Jan 24 08:53:44 2018)
[sssd[be[place.edu]]] [sbus_conn_register_path] (0x0400): Registering object
path /org/freedesktop/sssd/dataprovider with D-Bus
connection(Wed Jan 24 08:53:44 2018) [sssd[be[place.edu]]]
[sbus_opath_hash_add_iface] (0x0400): Registering interface
org.freedesktop.DBus.Properties with path /org/freedesktop/sssd/dataprovider(Wed
Jan 24 08:53:44 2018) [sssd[be[place.edu]]] [sbus_opath_hash_add_iface]
(0x0400): Registering interface org.freedesktop.DBus.Introspectable with path
/org/freedesktop/sssd/dataprovider(Wed Jan 24
08:53:44 2018) [sssd[be[place.edu]]] [sbus_opath_hash_add_iface] (0x0400):
Registering interface org.freedesktop.sssd.dataprovider with path
/org/freedesktop/sssd/dataprovider(Wed Jan 24 08:53:44
2018) [sssd[be[place.edu]]] [sbus_opath_hash_add_iface] (0x0400): Registering
interface org.freedesktop.sssd.DataProvider.Backend with path
/org/freedesktop/sssd/dataprovider(Wed Jan 24 08:53:44 2018)
[sssd[be[place.edu]]] [sbus_opath_hash_add_iface] (0x0400): Registering
interface org.freedesktop.sssd.DataProvider.Failover with path
/org/freedesktop/sssd/dataprovider(Wed Jan 24 08:53:44 2018)
[sssd[be[place.edu]]] [sbus_message_handler] (0x2000): Received SBUS method
org.freedesktop.sssd.DataProvider.Client.Register on path
/org/freedesktop/sssd/dataprovider(Wed Jan 24 08:53:44 2018)
[sssd[be[place.edu]]] [sbus_get_sender_id_send] (0x2000): Not a sysbus message,
quit(Wed Jan 24 08:53:44 2018) [sssd[be[place.edu]]] [dp_client_register]
(0x0100): Cancel DP ID timeout
[0x55a3326e7070](Wed Jan 24 08:53:44 2018) [sssd[be[place.edu]]]
[dp_client_register] (0x0100): Added Frontend client [SUDO](Wed Jan 24 08:53:44
2018) [sssd[be[place.edu]]] [sbus_message_handler]
(0x2000): Received SBUS method org.freedesktop.sssd.dataprovider.getDomains on
path /org/freedesktop/sssd/dataprovider(Wed Jan 24 08:53:44 2018)
[sssd[be[place.edu]]] [sbus_get_sender_id_send]
(0x2000): Not a sysbus message, quit(Wed Jan 24 08:53:44 2018)
[sssd[be[place.edu]]] [dp_attach_req] (0x0400): DP Request [Subdomains #2]: New
request. Flags [0000].(Wed Jan 24 08:53:44 2018)
[sssd[be[place.edu]]] [dp_attach_req] (0x0400): Number of active DP request:
1(Wed Jan 24 08:53:44 2018) [sssd[be[place.edu]]] [ad_subdomains_handler_send]
(0x0400): Subdomains were recently
refreshed, nothing to do(Wed Jan 24 08:53:44 2018) [sssd[be[place.edu]]]
[dp_req_done] (0x0400): DP Request [Subdomains #2]: Request handler finished
[0]: Success(Wed Jan 24 08:53:44 2018)
[sssd[be[place.edu]]] [_dp_req_recv] (0x0400): DP Request [Subdomains #2]:
Receiving request data.(Wed Jan 24 08:53:44 2018) [sssd[be[place.edu]]]
[dp_req_reply_list_success] (0x0400): DP Request
[Subdomains #2]: Finished. Success.(Wed Jan 24 08:53:44 2018)
[sssd[be[place.edu]]] [dp_req_reply_std] (0x1000): DP Request [Subdomains #2]:
Returning [Success]: 0,0,Success(Wed Jan 24 08:53:44 2018)
[sssd[be[place.edu]]] [dp_table_value_destructor] (0x0400): Removing
[8:8:0000:<ALL>] from reply table(Wed Jan 24 08:53:44 2018)
[sssd[be[place.edu]]] [dp_req_destructor] (0x0400): DP Request
[Subdomains #2]: Request removed.(Wed Jan 24 08:53:44 2018)
[sssd[be[place.edu]]] [dp_req_destructor] (0x0400): Number of active DP
request: 0
On Wed, 2018-01-24 at 14:37 +0100, Jakub Hrozek wrote:
> On Tue, Jan 23, 2018 at 07:44:04PM -0500, [email protected] wrote:
> > Hi,
> >
> > The troubleshooting guide in the docs said to email the list if the System
> > Error (4) shows up, so I figured I bring this issue up. I'm running sssd
> > version 1.16.0 on Debian testing and recently encountered a new behavior.
> > We set up sssd with active directory based authentication on an already
> > established system. For various reasons there are still local passwd
> > users, some of whom also have ad accounts. What used to happen is that the
> > pam/nsswitch stack was set up so that those users would end up with their
> > passwd id. If they had an ad account they could log in with either their
> > shadow password or their ad password. Right after we upgraded from
> > 1.16.0-1 to 1.16.0-2 any local user generated a System Error (4) in the
> > logs and and local users with ad accounts could no longer use their ad
> > passwords (although they could still use their local passwords). There
> > isn't a lot of information in the logs.
>
> Can you also paste your full configuration and the sssd domain log(s) ?
>
> Does sssd on Debian use the implicit files provider (ps would show a
> sssd_be process running with --name implicit_files)
> _______________________________________________
> sssd-users mailing list -- [email protected]
> To unsubscribe send an email to [email protected]
_______________________________________________
sssd-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
