Thanks for the response. I was on #sssd and someone said that duplicate usernames like we have is a no go,
so I was planning on just removing local accounts and deal with the fallout. However, I'm happy to look for a different fix.

Geoff.

- We are using the implicit files provider

- The sssd.conf file is

[domain/place.edu]
id_provider = ad
access_provider = ad

ldap_idmap_range_min = 200000
ldap_idmap_range_max = 2000200000
ldap_idmap_range_size = 800000
ldap_pwd_policy = none

sudo_provider = none

debug_level = 8

[sssd]
services = nss, pam
config_file_version = 2
domains = place.edu

[nss]
override_shell=/bin/bash
override_homedir=/home/%u
filter_users = <stuff>
filter_groups = <stuff>

[pam]

- The domain log file is. (There is a failed login attempt in this range of entries, but it doesn't show up anywhere.)

(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [child_sig_handler] (0x1000): Waiting for child [19947].
(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [child_sig_handler] (0x0020): child [19947] failed with status [2].
(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [nsupdate_child_handler] (0x0040): Dynamic DNS child failed with status [512]
(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [be_nsupdate_done] (0x0040): nsupdate child execution failed [1432158239]: Dynamic DNS update failed
(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [sbus_server_init_new_connection] (0x0200): Entering.
(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [sbus_server_init_new_connection] (0x0200): Adding connection 0x55a3326eac70.
(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [sbus_init_connection] (0x0400): Adding connection 0x55a3326eac70
(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [sbus_add_watch] (0x2000): 0x55a3326d8260/0x55a3326ede90 (19), -/W (disabled)
(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [sbus_server_init_new_connection] (0x0200): Got a connection
(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [dp_client_init] (0x0100): Set-up Backend ID timeout [0x55a3326e7070]
(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [sbus_opath_hash_add_iface] (0x0400): Registering interface org.freedesktop.sssd.DataProvider.Client with path /org/freedesktop/sssd/dataprovider
(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [sbus_conn_register_path] (0x0400): Registering object path /org/freedesktop/sssd/dataprovider with D-Bus connection
(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [sbus_opath_hash_add_iface] (0x0400): Registering interface org.freedesktop.DBus.Properties with path /org/freedesktop/sssd/dataprovider
(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [sbus_opath_hash_add_iface] (0x0400): Registering interface org.freedesktop.DBus.Introspectable with path /org/freedesktop/sssd/dataprovider
(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [sbus_opath_hash_add_iface] (0x0400): Registering interface org.freedesktop.sssd.dataprovider with path /org/freedesktop/sssd/dataprovider
(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [sbus_opath_hash_add_iface] (0x0400): Registering interface org.freedesktop.sssd.DataProvider.Backend with path /org/freedesktop/sssd/dataprovider
(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [sbus_opath_hash_add_iface] (0x0400): Registering interface org.freedesktop.sssd.DataProvider.Failover with path /org/freedesktop/sssd/dataprovider
(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [sbus_server_init_new_connection] (0x0200): Entering.
(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [sbus_server_init_new_connection] (0x0200): Adding connection 0x55a3326e8800.
(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [sbus_init_connection] (0x0400): Adding connection 0x55a3326e8800
(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [sbus_add_watch] (0x2000): 0x55a3326d8de0/0x55a3326d9630 (20), -/W (disabled)
(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [sbus_server_init_new_connection] (0x0200): Got a connection
(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [dp_client_init] (0x0100): Set-up Backend ID timeout [0x55a3326f3510]
(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [sbus_opath_hash_add_iface] (0x0400): Registering interface org.freedesktop.sssd.DataProvider.Client with path /org/freedesktop/sssd/dataprovider
(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [sbus_conn_register_path] (0x0400): Registering object path /org/freedesktop/sssd/dataprovider with D-Bus connection
(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [sbus_opath_hash_add_iface] (0x0400): Registering interface org.freedesktop.DBus.Properties with path /org/freedesktop/sssd/dataprovider
(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [sbus_opath_hash_add_iface] (0x0400): Registering interface org.freedesktop.DBus.Introspectable with path /org/freedesktop/sssd/dataprovider
(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [sbus_opath_hash_add_iface] (0x0400): Registering interface org.freedesktop.sssd.dataprovider with path /org/freedesktop/sssd/dataprovider
(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [sbus_opath_hash_add_iface] (0x0400): Registering interface org.freedesktop.sssd.DataProvider.Backend with path /org/freedesktop/sssd/dataprovider
(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [sbus_opath_hash_add_iface] (0x0400): Registering interface org.freedesktop.sssd.DataProvider.Failover with path /org/freedesktop/sssd/dataprovider
(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [sbus_message_handler] (0x2000): Received SBUS method org.freedesktop.sssd.DataProvider.Client.Register on path /org/freedesktop/sssd/dataprovider
(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit
(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [dp_client_register] (0x0100): Cancel DP ID timeout [0x55a3326f3510]
(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [dp_client_register] (0x0100): Added Frontend client [PAM]
(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [sbus_message_handler] (0x2000): Received SBUS method org.freedesktop.sssd.dataprovider.getDomains on path /org/freedesktop/sssd/dataprovider
(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit
(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [dp_attach_req] (0x0400): DP Request [Subdomains #0]: New request. Flags [0000].
(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [dp_attach_req] (0x0400): Number of active DP request: 1
(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [ad_subdomains_handler_send] (0x0400): Subdomains were recently refreshed, nothing to do
(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [dp_req_done] (0x0400): DP Request [Subdomains #0]: Request handler finished [0]: Success
(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [_dp_req_recv] (0x0400): DP Request [Subdomains #0]: Receiving request data.
(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [dp_req_reply_list_success] (0x0400): DP Request [Subdomains #0]: Finished. Success.
(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [dp_req_reply_std] (0x1000): DP Request [Subdomains #0]: Returning [Success]: 0,0,Success
(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [dp_table_value_destructor] (0x0400): Removing [8:8:0000:<ALL>] from reply table
(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [dp_req_destructor] (0x0400): DP Request [Subdomains #0]: Request removed.
(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [dp_req_destructor] (0x0400): Number of active DP request: 0
(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [sbus_message_handler] (0x2000): Received SBUS method org.freedesktop.sssd.DataProvider.Client.Register on path /org/freedesktop/sssd/dataprovider
(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit
(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [dp_client_register] (0x0100): Cancel DP ID timeout [0x55a3326e7070]
(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [dp_client_register] (0x0100): Added Frontend client [NSS]
(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [sbus_message_handler] (0x2000): Received SBUS method org.freedesktop.sssd.dataprovider.getDomains on path /org/freedesktop/sssd/dataprovider
(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit
(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [dp_attach_req] (0x0400): DP Request [Subdomains #1]: New request. Flags [0000].
(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [dp_attach_req] (0x0400): Number of active DP request: 1
(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [ad_subdomains_handler_send] (0x0400): Subdomains were recently refreshed, nothing to do
(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [dp_req_done] (0x0400): DP Request [Subdomains #0]: Request handler finished [0]: Success
(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [_dp_req_recv] (0x0400): DP Request [Subdomains #0]: Receiving request data.
(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [dp_req_reply_list_success] (0x0400): DP Request [Subdomains #0]: Finished. Success.
(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [dp_req_reply_std] (0x1000): DP Request [Subdomains #0]: Returning [Success]: 0,0,Success
(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [dp_table_value_destructor] (0x0400): Removing [8:8:0000:<ALL>] from reply table
(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [dp_req_destructor] (0x0400): DP Request [Subdomains #0]: Request removed.
(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [dp_req_destructor] (0x0400): Number of active DP request: 0
(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [sbus_message_handler] (0x2000): Received SBUS method org.freedesktop.sssd.DataProvider.Client.Register on path /org/freedesktop/sssd/dataprovider
(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit
(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [dp_client_register] (0x0100): Cancel DP ID timeout [0x55a3326e7070]
(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [dp_client_register] (0x0100): Added Frontend client [NSS]
(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [sbus_message_handler] (0x2000): Received SBUS method org.freedesktop.sssd.dataprovider.getDomains on path /org/freedesktop/sssd/dataprovider
(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit
(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [dp_attach_req] (0x0400): DP Request [Subdomains #1]: New request. Flags [0000].
(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [dp_attach_req] (0x0400): Number of active DP request: 1
(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [ad_subdomains_handler_send] (0x0400): Subdomains were recently refreshed, nothing to do
(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [dp_req_done] (0x0400): DP Request [Subdomains #1]: Request handler finished [0]: Success
(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [_dp_req_recv] (0x0400): DP Request [Subdomains #1]: Receiving request data.
(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [dp_req_reply_list_success] (0x0400): DP Request [Subdomains #1]: Finished. Success.
(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [dp_req_reply_std] (0x1000): DP Request [Subdomains #1]: Returning [Success]: 0,0,Success
(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [dp_table_value_destructor] (0x0400): Removing [8:8:0000:<ALL>] from reply table
(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [dp_req_destructor] (0x0400): DP Request [Subdomains #1]: Request removed.
(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [dp_req_destructor] (0x0400): Number of active DP request: 0
(Wed Jan 24 08:53:44 2018) [sssd[be[place.edu]]] [sbus_server_init_new_connection] (0x0200): Entering.
(Wed Jan 24 08:53:44 2018) [sssd[be[place.edu]]] [sbus_server_init_new_connection] (0x0200): Adding connection 0x55a3326fa950.
(Wed Jan 24 08:53:44 2018) [sssd[be[place.edu]]] [sbus_init_connection] (0x0400): Adding connection 0x55a3326fa950
(Wed Jan 24 08:53:44 2018) [sssd[be[place.edu]]] [sbus_add_watch] (0x2000): 0x55a3326d00c0/0x55a3326fa5b0 (21), -/W (disabled)
(Wed Jan 24 08:53:44 2018) [sssd[be[place.edu]]] [sbus_server_init_new_connection] (0x0200): Got a connection
(Wed Jan 24 08:53:44 2018) [sssd[be[place.edu]]] [dp_client_init] (0x0100): Set-up Backend ID timeout [0x55a3326e7070]
(Wed Jan 24 08:53:44 2018) [sssd[be[place.edu]]] [sbus_opath_hash_add_iface] (0x0400): Registering interface org.freedesktop.sssd.DataProvider.Client with path /org/freedesktop/sssd/dataprovider
(Wed Jan 24 08:53:44 2018) [sssd[be[place.edu]]] [sbus_conn_register_path] (0x0400): Registering object path /org/freedesktop/sssd/dataprovider with D-Bus connection
(Wed Jan 24 08:53:44 2018) [sssd[be[place.edu]]] [sbus_opath_hash_add_iface] (0x0400): Registering interface org.freedesktop.DBus.Properties with path /org/freedesktop/sssd/dataprovider
(Wed Jan 24 08:53:44 2018) [sssd[be[place.edu]]] [sbus_opath_hash_add_iface] (0x0400): Registering interface org.freedesktop.DBus.Introspectable with path /org/freedesktop/sssd/dataprovider
(Wed Jan 24 08:53:44 2018) [sssd[be[place.edu]]] [sbus_opath_hash_add_iface] (0x0400): Registering interface org.freedesktop.sssd.dataprovider with path /org/freedesktop/sssd/dataprovider
(Wed Jan 24 08:53:44 2018) [sssd[be[place.edu]]] [sbus_opath_hash_add_iface] (0x0400): Registering interface org.freedesktop.sssd.DataProvider.Backend with path /org/freedesktop/sssd/dataprovider
(Wed Jan 24 08:53:44 2018) [sssd[be[place.edu]]] [sbus_opath_hash_add_iface] (0x0400): Registering interface org.freedesktop.sssd.DataProvider.Failover with path /org/freedesktop/sssd/dataprovider
(Wed Jan 24 08:53:44 2018) [sssd[be[place.edu]]] [sbus_message_handler] (0x2000): Received SBUS method org.freedesktop.sssd.DataProvider.Client.Register on path /org/freedesktop/sssd/dataprovider
(Wed Jan 24 08:53:44 2018) [sssd[be[place.edu]]] [sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit
(Wed Jan 24 08:53:44 2018) [sssd[be[place.edu]]] [dp_client_register] (0x0100): Cancel DP ID timeout [0x55a3326e7070]
(Wed Jan 24 08:53:44 2018) [sssd[be[place.edu]]] [dp_client_register] (0x0100): Added Frontend client [SUDO]
(Wed Jan 24 08:53:44 2018) [sssd[be[place.edu]]] [sbus_message_handler] (0x2000): Received SBUS method org.freedesktop.sssd.dataprovider.getDomains on path /org/freedesktop/sssd/dataprovider
(Wed Jan 24 08:53:44 2018) [sssd[be[place.edu]]] [sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit
(Wed Jan 24 08:53:44 2018) [sssd[be[place.edu]]] [dp_attach_req] (0x0400): DP Request [Subdomains #2]: New request. Flags [0000].
(Wed Jan 24 08:53:44 2018) [sssd[be[place.edu]]] [dp_attach_req] (0x0400): Number of active DP request: 1
(Wed Jan 24 08:53:44 2018) [sssd[be[place.edu]]] [ad_subdomains_handler_send] (0x0400): Subdomains were recently refreshed, nothing to do
(Wed Jan 24 08:53:44 2018) [sssd[be[place.edu]]] [dp_req_done] (0x0400): DP Request [Subdomains #2]: Request handler finished [0]: Success
(Wed Jan 24 08:53:44 2018) [sssd[be[place.edu]]] [_dp_req_recv] (0x0400): DP Request [Subdomains #2]: Receiving request data.
(Wed Jan 24 08:53:44 2018) [sssd[be[place.edu]]] [dp_req_reply_list_success] (0x0400): DP Request [Subdomains #2]: Finished. Success.
(Wed Jan 24 08:53:44 2018) [sssd[be[place.edu]]] [dp_req_reply_std] (0x1000): DP Request [Subdomains #2]: Returning [Success]: 0,0,Success
(Wed Jan 24 08:53:44 2018) [sssd[be[place.edu]]] [dp_table_value_destructor] (0x0400): Removing [8:8:0000:<ALL>] from reply table
(Wed Jan 24 08:53:44 2018) [sssd[be[place.edu]]] [dp_req_destructor] (0x0400): DP Request [Subdomains #2]: Request removed.
(Wed Jan 24 08:53:44 2018) [sssd[be[place.edu]]] [dp_req_destructor] (0x0400): Number of active DP request: 0


On Wed, 2018-01-24 at 14:37 +0100, Jakub Hrozek wrote:
On Tue, Jan 23, 2018 at 07:44:04PM -0500, goehle@gmail.com wrote:
Hi, The troubleshooting guide in the docs said to email the list if the System Error (4) shows up, so I figured I bring this issue up. I'm running sssd version 1.16.0 on Debian testing and recently encountered a new behavior. We set up sssd with active directory based authentication on an already established system. For various reasons there are still local passwd users, some of whom also have ad accounts. What used to happen is that the pam/nsswitch stack was set up so that those users would end up with their passwd id. If they had an ad account they could log in with either their shadow password or their ad password. Right after we upgraded from 1.16.0-1 to 1.16.0-2 any local user generated a System Error (4) in the logs and and local users with ad accounts could no longer use their ad passwords (although they could still use their local passwords). There isn't a lot of information in the logs.
Can you also paste your full configuration and the sssd domain log(s) ? Does sssd on Debian use the implicit files provider (ps would show a sssd_be process running with --name implicit_files) _______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org