We have many workstation with fedora 27 and freeipa, and every 10-18 days one of user can't log in. I do not understand why this happens. Reinstalling free-ipa, cleaning /var/lib/sssd folder does not help, only totally reinstall with / wipe (user /home does not change) solve this problem.
Some logs with debug 9 (Tue Feb 6 13:13:43 2018) [sssd[pam]] [cache_req_search_send] (0x0400): CR #2: Returning [te...@example.com] from cache (Tue Feb 6 13:13:43 2018) [sssd[pam]] [cache_req_search_ncache_filter] (0x0400): CR #2: This request type does not support filtering result by negative cache (Tue Feb 6 13:13:43 2018) [sssd[pam]] [cache_req_create_and_add_result] (0x0400): CR #2: Found 2 entries in domain example.com (Tue Feb 6 13:13:43 2018) [sssd[pam]] [cache_req_done] (0x0400): CR #2: Finished: Success (Tue Feb 6 13:13:43 2018) [sssd[pam]] [pd_set_primary_name] (0x0400): User's primary name is te...@example.com (Tue Feb 6 13:13:43 2018) [sssd[pam]] [pam_initgr_cache_set] (0x2000): [test1] added to PAM initgroup cache (Tue Feb 6 13:13:43 2018) [sssd[pam]] [pam_dp_send_req] (0x0100): Sending request with the following data: (Tue Feb 6 13:13:43 2018) [sssd[pam]] [pam_print_data] (0x0100): command: SSS_PAM_ACCT_MGMT (Tue Feb 6 13:13:43 2018) [sssd[pam]] [pam_print_data] (0x0100): domain: example.com (Tue Feb 6 13:13:43 2018) [sssd[pam]] [pam_print_data] (0x0100): user: te...@example.com (Tue Feb 6 13:13:43 2018) [sssd[pam]] [pam_print_data] (0x0100): service: login (Tue Feb 6 13:13:43 2018) [sssd[pam]] [pam_print_data] (0x0100): tty: tty4 (Tue Feb 6 13:13:43 2018) [sssd[pam]] [pam_print_data] (0x0100): ruser: not set (Tue Feb 6 13:13:43 2018) [sssd[pam]] [pam_print_data] (0x0100): rhost: not set (Tue Feb 6 13:13:43 2018) [sssd[pam]] [pam_print_data] (0x0100): authtok type: 0 (Tue Feb 6 13:13:43 2018) [sssd[pam]] [pam_print_data] (0x0100): newauthtok type: 0 (Tue Feb 6 13:13:43 2018) [sssd[pam]] [pam_print_data] (0x0100): priv: 1 (Tue Feb 6 13:13:43 2018) [sssd[pam]] [pam_print_data] (0x0100): cli_pid: 3012 (Tue Feb 6 13:13:43 2018) [sssd[pam]] [pam_print_data] (0x0100): logon name: test1 (Tue Feb 6 13:13:43 2018) [sssd[pam]] [sbus_add_timeout] (0x2000): 0x55f5f30fb5d0 (Tue Feb 6 13:13:43 2018) [sssd[pam]] [pam_dom_forwarder] (0x0100): pam_dp_send_req returned 0 (Tue Feb 6 13:13:43 2018) [sssd[pam]] [sbus_remove_timeout] (0x2000): 0x55f5f30fb5d0 (Tue Feb 6 13:13:43 2018) [sssd[pam]] [sbus_dispatch] (0x4000): dbus conn: 0x55f5f30e7620 (Tue Feb 6 13:13:43 2018) [sssd[pam]] [sbus_dispatch] (0x4000): Dispatching. (Tue Feb 6 13:13:43 2018) [sssd[pam]] [pam_dp_process_reply] (0x0200): received: [4 (System error)][example.com] (Tue Feb 6 13:13:43 2018) [sssd[pam]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x55f5f30fde90 pam system-auth #%PAM-1.0 # This file is auto-generated. # User changes will be destroyed the next time authconfig is run. auth required pam_env.so auth required pam_faildelay.so delay=2000000 auth [default=1 ignore=ignore success=ok] pam_succeed_if.so uid >= 1000 quiet auth [default=1 ignore=ignore success=ok] pam_localuser.so auth sufficient pam_unix.so nullok try_first_pass auth requisite pam_succeed_if.so uid >= 1000 quiet_success auth sufficient pam_sss.so forward_pass auth required pam_deny.so account required pam_unix.so account sufficient pam_localuser.so account sufficient pam_succeed_if.so uid < 1000 quiet account [default=bad success=ok user_unknown=ignore] pam_sss.so account required pam_permit.so password requisite pam_pwquality.so try_first_pass local_users_only retry=3 authtok_type= password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok password sufficient pam_sss.so use_authtok password required pam_deny.so session optional pam_keyinit.so revoke session required pam_limits.so -session optional pam_systemd.so session optional pam_oddjob_mkhomedir.so umask=0077 session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid session required pam_unix.so session optional pam_sss.so _______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org