On Thu, Jun 15, 2017 at 04:28:13AM -0000, john.bowman--- via FreeIPA-users wrote:
After upping the log levels on sssd on one of the failing servers I
saw this in one of the sssd log files:
from sssd_pamd.log:
(Wed Jun 14 23:16:05 2017) [sssd[pam]] [sss_ncache_check_str] (0x2000): Checking negative
cache for [NCE/USER/domain.tld/jbowman]
(Wed Jun 14 23:16:05 2017) [sssd[pam]] [sss_dp_issue_request] (0x0400): Issuing request
for [0x41b5c0:3:jbowman@domain.tld]
(Wed Jun 14 23:16:05 2017) [sssd[pam]] [sss_dp_get_account_msg] (0x0400): Creating
request for [domain.tld][3][1][name=jbowman]
(Wed Jun 14 23:16:05 2017) [sssd[pam]] [sbus_add_timeout] (0x2000): 0x20ef8a0
(Wed Jun 14 23:16:05 2017) [sssd[pam]] [sss_dp_internal_get_send] (0x0400): Entering
request [0x41b5c0:3:jbowman@domain.tld]
(Wed Jun 14 23:16:05 2017) [sssd[pam]] [sbus_remove_timeout] (0x2000): 0x20ef8a0
(Wed Jun 14 23:16:05 2017) [sssd[pam]] [sss_dp_get_reply] (0x1000): Got reply from Data
Provider - DP error code: 3 errno: 22 error message: Init Groups Failed
(Wed Jun 14 23:16:05 2017) [sssd[pam]] [pam_check_user_dp_callback] (0x0040): Unable to
get information from Data Provider
Error: 3, 22, Init Groups Failed
from sssd_domain.tld.log
(Wed Jun 14 22:55:37 2017) [sssd[be[domain.tld]]] [hbac_eval_user_element] (0x0080):
Parse error on [cn=system: manage service
principals+nsuniqueid=e8d2f834-512111e7-9205b5bf-43202000,cn=permissions,cn=pbac,dc=domain,dc=tld]
Yes, only recent vresions of sssd can skip over the replication
conflicts. I would recommend to clear the conflicts manually.
> (Wed Jun 14 22:55:37 2017) [sssd[be[domain.tld]]] [hbac_ctx_to_rules] (0x0020): Could
not construct eval request
> (Wed Jun 14 22:55:37 2017) [sssd[be[domain.tld]]] [ipa_hbac_evaluate_rules] (0x0020):
Could not construct HBAC rules
> (Wed Jun 14 22:55:37 2017) [sssd[be[domain.tld]]] [sdap_id_op_destroy] (0x4000):
releasing operation connection
> (Wed Jun 14 22:55:37 2017) [sssd[be[domain.tld]]] [be_pam_handler_callback] (0x0100):
Backend returned: (3, 4, <NULL>) [Internal Error (System error)]
> (Wed Jun 14 22:55:37 2017) [sssd[be[domain.tld]]] [be_pam_handler_callback] (0x0100):
Sending result [4][domain.tld]
> (Wed Jun 14 22:55:37 2017) [sssd[be[domainn.tld]]] [be_pam_handler_callback]
(0x0100): Sent result [4][domain.tld]
> (Wed Jun 14 22:55:37 2017) [sssd[be[domain.tld]]] [sdap_process_result] (0x2000):
Trace: sh[0x7ea6b0], connected[1], ops[(nil)], ldap[0x844de0]
> (Wed Jun 14 22:55:37 2017) [sssd[be[domain.tld]]] [sdap_process_result] (0x2000):
Trace: ldap_result found nothing!
> (Wed Jun 14 22:55:38 2017) [sssd[be[domain.tld]]] [sbus_dispatch] (0x4000): dbus
conn: 7B2A00
> (Wed Jun 14 22:55:38 2017) [sssd[be[domain.tld]]] [sbus_dispatch] (0x4000):
Dispatching.
> (Wed Jun 14 22:55:38 2017) [sssd[be[domain.tld]]] [sbus_message_handler] (0x4000):
Received SBUS method [ping]
>
> I saw a similar issue in a previous posting to the list:
>
https://www.redhat.com/archives/freeipa-users/2017-January/msg00286.html
>
> I was wondering if these errors might be related to the issues I'm seeing
currently since they seem very similar so far...
> _______________________________________________
> FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
> To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org