I tried putting debug level 9 pam section of sssd.conf<br>Below is the messages in sssd_pam.log<br><br><br>(Mon Nov 21 18:03:16 2011) [sssd[pam]] [server_setup] (3): CONFDB: /var/lib/sss/db/config.ldb<br>(Mon Nov 21 18:03:16 2011) [sssd[pam]] [confdb_get_domain_internal] (1): No enumeration for [LDAP]!<br>
(Mon Nov 21 18:03:16 2011) [sssd[pam]] [sbus_init_connection] (5): Adding connection 1DA9EFF0<br>(Mon Nov 21 18:03:16 2011) [sssd[pam]] [sbus_add_watch] (8): 0x1da9f740/0x1da9ea60 (16), -/W (enabled)<br>(Mon Nov 21 18:03:16 2011) [sssd[pam]] [sbus_toggle_watch] (8): 0x1da9f740/0x1da9eab0 (16), R/- (disabled)<br>
(Mon Nov 21 18:03:16 2011) [sssd[pam]] [monitor_common_send_id] (4): Sending ID: (pam,1)<br>(Mon Nov 21 18:03:16 2011) [sssd[pam]] [sbus_add_timeout] (8): 0x1da9faf0<br>(Mon Nov 21 18:03:16 2011) [sssd[pam]] [sbus_toggle_watch] (8): 0x1da9f740/0x1da9eab0 (16), R/- (enabled)<br>
(Mon Nov 21 18:03:16 2011) [sssd[pam]] [sbus_toggle_watch] (8): 0x1da9f740/0x1da9ea60 (16), -/W (disabled)<br>(Mon Nov 21 18:03:16 2011) [sssd[pam]] [sbus_init_connection] (5): Adding connection 1DAA1280<br>(Mon Nov 21 18:03:16 2011) [sssd[pam]] [sbus_add_watch] (8): 0x1daa1b10/0x1daa0440 (17), -/W (enabled)<br>
(Mon Nov 21 18:03:16 2011) [sssd[pam]] [sbus_toggle_watch] (8): 0x1daa1b10/0x1daa0490 (17), R/- (disabled)<br>(Mon Nov 21 18:03:16 2011) [sssd[pam]] [dp_common_send_id] (4): Sending ID to DP: (1,PAM)<br>(Mon Nov 21 18:03:16 2011) [sssd[pam]] [sbus_add_timeout] (8): 0x1daa1fb0<br>
(Mon Nov 21 18:03:16 2011) [sssd[pam]] [sbus_toggle_watch] (8): 0x1daa1b10/0x1daa0490 (17), R/- (enabled)<br>(Mon Nov 21 18:03:16 2011) [sssd[pam]] [sbus_toggle_watch] (8): 0x1daa1b10/0x1daa0440 (17), -/W (disabled)<br>(Mon Nov 21 18:03:16 2011) [sssd[pam]] [sysdb_domain_init_internal] (5): DB File for LDAP: /var/lib/sss/db/cache_LDAP.ldb<br>
(Mon Nov 21 18:03:16 2011) [sssd[pam]] [ldb] (9): trying to load memberof from /usr/lib64/ldb/memberof.so<br>(Mon Nov 21 18:03:16 2011) [sssd[pam]] [ldb] (6): asq: Unable to register control with rootdse!<br>(Mon Nov 21 18:03:16 2011) [sssd[pam]] [sss_process_init] (1): Responder Initialization complete<br>
(Mon Nov 21 18:03:16 2011) [sssd[pam]] [sbus_dispatch] (9): dbus conn: 1DA9EFF0<br>(Mon Nov 21 18:03:16 2011) [sssd[pam]] [sbus_dispatch] (9): dbus conn: 1DA9EFF0<br>(Mon Nov 21 18:03:16 2011) [sssd[pam]] [sbus_dispatch] (9): dbus conn: 1DAA1280<br>
(Mon Nov 21 18:03:16 2011) [sssd[pam]] [sbus_dispatch] (9): dbus conn: 1DAA1280<br>(Mon Nov 21 18:03:16 2011) [sssd[pam]] [sbus_toggle_watch] (8): 0x1daa1b10/0x1daa0490 (17), R/- (disabled)<br>(Mon Nov 21 18:03:16 2011) [sssd[pam]] [sbus_toggle_watch] (8): 0x1daa1b10/0x1daa0440 (17), -/W (enabled)<br>
(Mon Nov 21 18:03:16 2011) [sssd[pam]] [sbus_toggle_watch] (8): 0x1daa1b10/0x1daa0490 (17), R/- (enabled)<br>(Mon Nov 21 18:03:16 2011) [sssd[pam]] [sbus_toggle_watch] (8): 0x1daa1b10/0x1daa0440 (17), -/W (disabled)<br>(Mon Nov 21 18:03:16 2011) [sssd[pam]] [sbus_remove_timeout] (8): 0x1daa1fb0<br>
(Mon Nov 21 18:03:16 2011) [sssd[pam]] [sbus_dispatch] (9): dbus conn: 1DAA1280<br>(Mon Nov 21 18:03:16 2011) [sssd[pam]] [sbus_dispatch] (9): Dispatching.<br>(Mon Nov 21 18:03:16 2011) [sssd[pam]] [dp_id_callback] (4): Got id ack and version (1) from DP<br>
(Mon Nov 21 18:03:16 2011) [sssd[pam]] [sbus_toggle_watch] (8): 0x1da9f740/0x1da9eab0 (16), R/- (disabled)<br>(Mon Nov 21 18:03:16 2011) [sssd[pam]] [sbus_toggle_watch] (8): 0x1da9f740/0x1da9ea60 (16), -/W (enabled)<br>(Mon Nov 21 18:03:16 2011) [sssd[pam]] [sbus_toggle_watch] (8): 0x1da9f740/0x1da9eab0 (16), R/- (enabled)<br>
(Mon Nov 21 18:03:16 2011) [sssd[pam]] [sbus_toggle_watch] (8): 0x1da9f740/0x1da9ea60 (16), -/W (disabled)<br>(Mon Nov 21 18:03:16 2011) [sssd[pam]] [sbus_remove_timeout] (8): 0x1da9faf0<br>(Mon Nov 21 18:03:16 2011) [sssd[pam]] [sbus_dispatch] (9): dbus conn: 1DA9EFF0<br>
(Mon Nov 21 18:03:16 2011) [sssd[pam]] [sbus_dispatch] (9): Dispatching.<br>(Mon Nov 21 18:03:16 2011) [sssd[pam]] [id_callback] (4): Got id ack and version (1) from Monitor<br>(Mon Nov 21 18:03:25 2011) [sssd[pam]] [sbus_dispatch] (9): dbus conn: 1DA9EFF0<br>
(Mon Nov 21 18:03:26 2011) [sssd[pam]] [sbus_dispatch] (9): Dispatching.<br>(Mon Nov 21 18:03:26 2011) [sssd[pam]] [sbus_message_handler] (9): Received SBUS method [ping]<br>(Mon Nov 21 18:03:36 2011) [sssd[pam]] [sbus_dispatch] (9): dbus conn: 1DA9EFF0<br>
(Mon Nov 21 18:03:36 2011) [sssd[pam]] [sbus_dispatch] (9): Dispatching.<br>(Mon Nov 21 18:03:36 2011) [sssd[pam]] [sbus_message_handler] (9): Received SBUS method [ping]<br>(Mon Nov 21 18:03:46 2011) [sssd[pam]] [sbus_dispatch] (9): dbus conn: 1DA9EFF0<br>
(Mon Nov 21 18:03:46 2011) [sssd[pam]] [sbus_dispatch] (9): Dispatching.<br>(Mon Nov 21 18:03:46 2011) [sssd[pam]] [sbus_message_handler] (9): Received SBUS method [ping]<br>(Mon Nov 21 18:03:56 2011) [sssd[pam]] [sbus_dispatch] (9): dbus conn: 1DA9EFF0<br>
(Mon Nov 21 18:03:56 2011) [sssd[pam]] [sbus_dispatch] (9): Dispatching.<br>(Mon Nov 21 18:03:56 2011) [sssd[pam]] [sbus_message_handler] (9): Received SBUS method [ping]<br>(Mon Nov 21 18:04:05 2011) [sssd[pam]] [sbus_dispatch] (9): dbus conn: 1DA9EFF0<br>
(Mon Nov 21 18:04:06 2011) [sssd[pam]] [sbus_dispatch] (9): Dispatching.<br>(Mon Nov 21 18:04:06 2011) [sssd[pam]] [sbus_message_handler] (9): Received SBUS method [ping]<br><br>The initial messages are for when i restart the sssd service.I do not see any specific messaages when i try to do authentication.<br>
I&#39;m not sure how to move fwd from here cause till now the settings i have done seems to be correct.<br><br>Would like to thank for the help I&#39;m getting in this forum hope it will help resolving my issue.<br><br><br>
<br>Thanks<br><br><br><div class="gmail_quote">On Mon, Nov 21, 2011 at 6:43 PM, Jakub Hrozek <span dir="ltr">&lt;<a href="mailto:jhrozek@redhat.com">jhrozek@redhat.com</a>&gt;</span> wrote:<br><blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
<div class="im">On Mon, Nov 21, 2011 at 05:50:40PM +0530, Nitesh Mehare wrote:<br>
&gt;    Was anybody able to look at the trace...<br>
&gt;<br>
&gt;    Thanks ....<br>
&gt;<br>
<br>
</div>Sorry Nitesh, I forgot to reply.<br>
<br>
The trace clearly shows that pam_sss sends data to and receives data<br>
from the private sssd PAM socket:<br>
<br>
-----<br>
stat(&quot;/var/lib/sss/pipes/private/pam&quot;, {st_mode=S_IFSOCK|0600,<br>
st_size=0, ...}) = 0<br>
socket(PF_FILE, SOCK_STREAM, 0)         = 5<br>
fcntl(5, F_GETFL)                       = 0x2 (flags O_RDWR)<br>
fcntl(5, F_SETFL, O_RDWR|O_NONBLOCK)    = 0<br>
fcntl(5, F_GETFD)                       = 0<br>
fcntl(5, F_SETFD, FD_CLOEXEC)           = 0<br>
connect(5, {sa_family=AF_FILE,<br>
path=&quot;/var/lib/sss/pipes/private/pam&quot;...}, 110) = 0<br>
poll([{fd=5, events=POLLOUT}], 1, 300000) = 1 ([{fd=5,<br>
revents=POLLOUT}])<br>
write(5, &quot;\24\0\0\0\1\0\0\0\0\0\0\0\0\0\0\0&quot;, 16) = 16<br>
poll([{fd=5, events=POLLOUT}], 1, 300000) = 1 ([{fd=5,<br>
revents=POLLOUT}])<br>
write(5, &quot;\3\0\0\0&quot;, 4)                 = 4<br>
poll([{fd=5, events=POLLIN}], 1, 300000) = 1 ([{fd=5, revents=POLLIN}])<br>
read(5, &quot;\24\0\0\0\1\0\0\0\0\0\0\0\0\0\0\0&quot;, 16) = 16<br>
poll([{fd=5, events=POLLIN}], 1, 300000) = 1 ([{fd=5, revents=POLLIN}])<br>
read(5, &quot;\3\0\0\0&quot;, 4)                  = 4<br>
getsockopt(5, SOL_SOCKET, SO_PEERCRED, &quot;LY\0\0\0\0\0\0\0\0\0\0&quot;, [12]) =<br>
0<br>
poll([{fd=5, events=POLLOUT}], 1, 300000) = 1 ([{fd=5,<br>
revents=POLLOUT}])<br>
write(5, &quot;]\0\0\0\364\0\0\0\0\0\0\0\0\0\0\0&quot;, 16) = 16<br>
poll([{fd=5, events=POLLOUT}], 1, 300000) = 1 ([{fd=5,<br>
revents=POLLOUT}])<br>
write(5, &quot;IPAM\1\0\0\0\t\0\0\0nitback1\0\2\0\0\0\5\0\0\0su-&quot;..., 77) =<br>
77<br>
poll([{fd=5, events=POLLIN}], 1, 300000) = 1 ([{fd=5, revents=POLLIN}])<br>
read(5, &quot;%\0\0\0\364\0\0\0\0\0\0\0\0\0\0\0&quot;, 16) = 16<br>
poll([{fd=5, events=POLLIN}], 1, 300000) = 1 ([{fd=5, revents=POLLIN}])<br>
read(5, &quot;\0\0\0\0\1\0\0\0\2\0\0\0\5\0\0\0LDAP\0&quot;, 21) = 21<br>
----<br>
<br>
I&#39;m not sure why pam_sss wouldn&#39;t show in the secure logs...<br>
<br>
Does SSSD print anything /var/log/sssd/sssd_pam.log when you put<br>
&#39;debug_level = 9&#39; into the [pam] section of the SSSD config?<br>
<div class="im"><br>
<br>
&gt;        Tha above trace I have take with selinux is disabled.The setting of<br>
&gt;        selinux is as follows<br>
&gt;<br>
&gt;        bash-3.2# cat /etc/selinux/config<br>
&gt;        # This file controls the state of SELinux on the system.<br>
&gt;        # SELINUX= can take one of these three values:<br>
</div>&gt;        #A A A A A A  enforcing - SELinux security policy is enforced.<br>
&gt;        #A A A A A A  permissive - SELinux prints warnings instead of<br>
&gt;        enforcing.<br>
&gt;        #A A A A A A  disabled - SELinux is fully disabled.<br>
<div class="im">&gt;        SELINUX=disabled<br>
&gt;        # SELINUXTYPE= type of policy in use. Possible values are:<br>
</div>&gt;        #A A A A A A  targeted - Only targeted network daemons are protected.<br>
&gt;        #A A A A A A  strict - Full SELinux protection.<br>
<div class="im">&gt;        SELINUXTYPE=targeted<br>
&gt;        bash-3.2#<br>
&gt;<br>
&gt;        I&#39;m not sure how to check for AVC denials when selinux is set to<br>
&gt;        enforcing.Could you tell me how to do that.<br>
&gt;<br>
&gt;        Thanks...<br>
&gt;<br>
<br>
</div>When SELinux is disabled, it can&#39;t generate any AVC denial messages nor<br>
it can block access to the pipes (which was my concern).<br>
<div class="HOEnZb"><div class="h5">_______________________________________________<br>
sssd-devel mailing list<br>
<a href="mailto:sssd-devel@lists.fedorahosted.org">sssd-devel@lists.fedorahosted.org</a><br>
<a href="https://fedorahosted.org/mailman/listinfo/sssd-devel" target="_blank">https://fedorahosted.org/mailman/listinfo/sssd-devel</a><br>
</div></div></blockquote></div><br>