Thanks for the response. I was on #sssd and someone said that duplicate usernames like we have is a no go,
so I was planning on just removing local accounts and deal with the fallout. However, I'm happy to look for a different fix.
Geoff.
- We are using the implicit files provider
- The sssd.conf file is
[domain/place.edu]
id_provider = ad
access_provider = ad
ldap_idmap_range_min = 200000
ldap_idmap_range_max = 2000200000
ldap_idmap_range_size = 800000
ldap_pwd_policy = none
sudo_provider = none
debug_level = 8
[sssd]
services = nss, pam
config_file_version = 2
domains = place.edu
[nss]
override_shell=/bin/bash
override_homedir=/home/%u
filter_users = <stuff>
filter_groups = <stuff>
[pam]
- The domain log file is. (There is a failed login attempt in this range of entries, but it doesn't show up anywhere.)
(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [child_sig_handler] (0x1000): Waiting for child [19947].
(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [child_sig_handler] (0x0020): child [19947] failed with status [2].
(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [nsupdate_child_handler] (0x0040): Dynamic DNS child failed with status [512]
(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [be_nsupdate_done] (0x0040): nsupdate child execution failed [1432158239]: Dynamic DNS update failed
(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [sbus_server_init_new_connection] (0x0200): Entering.
(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [sbus_server_init_new_connection] (0x0200): Adding connection 0x55a3326eac70.
(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [sbus_init_connection] (0x0400): Adding connection 0x55a3326eac70
(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [sbus_add_watch] (0x2000): 0x55a3326d8260/0x55a3326ede90 (19), -/W (disabled)
(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [sbus_server_init_new_connection] (0x0200): Got a connection
(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [dp_client_init] (0x0100): Set-up Backend ID timeout [0x55a3326e7070]
(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [sbus_opath_hash_add_iface] (0x0400): Registering interface org.freedesktop.sssd.DataProvider.Client with path /org/freedesktop/sssd/dataprovider
(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [sbus_conn_register_path] (0x0400): Registering object path /org/freedesktop/sssd/dataprovider with D-Bus connection
(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [sbus_opath_hash_add_iface] (0x0400): Registering interface org.freedesktop.DBus.Properties with path /org/freedesktop/sssd/dataprovider
(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [sbus_opath_hash_add_iface] (0x0400): Registering interface org.freedesktop.DBus.Introspectable with path /org/freedesktop/sssd/dataprovider
(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [sbus_opath_hash_add_iface] (0x0400): Registering interface org.freedesktop.sssd.dataprovider with path /org/freedesktop/sssd/dataprovider
(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [sbus_opath_hash_add_iface] (0x0400): Registering interface org.freedesktop.sssd.DataProvider.Backend with path /org/freedesktop/sssd/dataprovider
(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [sbus_opath_hash_add_iface] (0x0400): Registering interface org.freedesktop.sssd.DataProvider.Failover with path /org/freedesktop/sssd/dataprovider
(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [sbus_server_init_new_connection] (0x0200): Entering.
(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [sbus_server_init_new_connection] (0x0200): Adding connection 0x55a3326e8800.
(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [sbus_init_connection] (0x0400): Adding connection 0x55a3326e8800
(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [sbus_add_watch] (0x2000): 0x55a3326d8de0/0x55a3326d9630 (20), -/W (disabled)
(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [sbus_server_init_new_connection] (0x0200): Got a connection
(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [dp_client_init] (0x0100): Set-up Backend ID timeout [0x55a3326f3510]
(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [sbus_opath_hash_add_iface] (0x0400): Registering interface org.freedesktop.sssd.DataProvider.Client with path /org/freedesktop/sssd/dataprovider
(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [sbus_conn_register_path] (0x0400): Registering object path /org/freedesktop/sssd/dataprovider with D-Bus connection
(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [sbus_opath_hash_add_iface] (0x0400): Registering interface org.freedesktop.DBus.Properties with path /org/freedesktop/sssd/dataprovider
(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [sbus_opath_hash_add_iface] (0x0400): Registering interface org.freedesktop.DBus.Introspectable with path /org/freedesktop/sssd/dataprovider
(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [sbus_opath_hash_add_iface] (0x0400): Registering interface org.freedesktop.sssd.dataprovider with path /org/freedesktop/sssd/dataprovider
(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [sbus_opath_hash_add_iface] (0x0400): Registering interface org.freedesktop.sssd.DataProvider.Backend with path /org/freedesktop/sssd/dataprovider
(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [sbus_opath_hash_add_iface] (0x0400): Registering interface org.freedesktop.sssd.DataProvider.Failover with path /org/freedesktop/sssd/dataprovider
(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [sbus_message_handler] (0x2000): Received SBUS method org.freedesktop.sssd.DataProvider.Client.Register on path /org/freedesktop/sssd/dataprovider
(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit
(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [dp_client_register] (0x0100): Cancel DP ID timeout [0x55a3326f3510]
(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [dp_client_register] (0x0100): Added Frontend client [PAM]
(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [sbus_message_handler] (0x2000): Received SBUS method org.freedesktop.sssd.dataprovider.getDomains on path /org/freedesktop/sssd/dataprovider
(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit
(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [dp_attach_req] (0x0400): DP Request [Subdomains #0]: New request. Flags [0000].
(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [dp_attach_req] (0x0400): Number of active DP request: 1
(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [ad_subdomains_handler_send] (0x0400): Subdomains were recently refreshed, nothing to do
(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [dp_req_done] (0x0400): DP Request [Subdomains #0]: Request handler finished [0]: Success
(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [_dp_req_recv] (0x0400): DP Request [Subdomains #0]: Receiving request data.
(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [dp_req_reply_list_success] (0x0400): DP Request [Subdomains #0]: Finished. Success.
(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [dp_req_reply_std] (0x1000): DP Request [Subdomains #0]: Returning [Success]: 0,0,Success
(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [dp_table_value_destructor] (0x0400): Removing [8:8:0000:<ALL>] from reply table
(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [dp_req_destructor] (0x0400): DP Request [Subdomains #0]: Request removed.
(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [dp_req_destructor] (0x0400): Number of active DP request: 0
(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [sbus_message_handler] (0x2000): Received SBUS method org.freedesktop.sssd.DataProvider.Client.Register on path /org/freedesktop/sssd/dataprovider
(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit
(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [dp_client_register] (0x0100): Cancel DP ID timeout [0x55a3326e7070]
(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [dp_client_register] (0x0100): Added Frontend client [NSS]
(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [sbus_message_handler] (0x2000): Received SBUS method org.freedesktop.sssd.dataprovider.getDomains on path /org/freedesktop/sssd/dataprovider
(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit
(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [dp_attach_req] (0x0400): DP Request [Subdomains #1]: New request. Flags [0000].
(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [dp_attach_req] (0x0400): Number of active DP request: 1
(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [ad_subdomains_handler_send] (0x0400): Subdomains were recently refreshed, nothing to do
(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [dp_req_done] (0x0400): DP Request [Subdomains #0]: Request handler finished [0]: Success
(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [_dp_req_recv] (0x0400): DP Request [Subdomains #0]: Receiving request data.
(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [dp_req_reply_list_success] (0x0400): DP Request [Subdomains #0]: Finished. Success.
(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [dp_req_reply_std] (0x1000): DP Request [Subdomains #0]: Returning [Success]: 0,0,Success
(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [dp_table_value_destructor] (0x0400): Removing [8:8:0000:<ALL>] from reply table
(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [dp_req_destructor] (0x0400): DP Request [Subdomains #0]: Request removed.
(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [dp_req_destructor] (0x0400): Number of active DP request: 0
(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [sbus_message_handler] (0x2000): Received SBUS method org.freedesktop.sssd.DataProvider.Client.Register on path /org/freedesktop/sssd/dataprovider
(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit
(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [dp_client_register] (0x0100): Cancel DP ID timeout [0x55a3326e7070]
(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [dp_client_register] (0x0100): Added Frontend client [NSS]
(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [sbus_message_handler] (0x2000): Received SBUS method org.freedesktop.sssd.dataprovider.getDomains on path /org/freedesktop/sssd/dataprovider
(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit
(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [dp_attach_req] (0x0400): DP Request [Subdomains #1]: New request. Flags [0000].
(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [dp_attach_req] (0x0400): Number of active DP request: 1
(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [ad_subdomains_handler_send] (0x0400): Subdomains were recently refreshed, nothing to do
(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [dp_req_done] (0x0400): DP Request [Subdomains #1]: Request handler finished [0]: Success
(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [_dp_req_recv] (0x0400): DP Request [Subdomains #1]: Receiving request data.
(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [dp_req_reply_list_success] (0x0400): DP Request [Subdomains #1]: Finished. Success.
(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [dp_req_reply_std] (0x1000): DP Request [Subdomains #1]: Returning [Success]: 0,0,Success
(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [dp_table_value_destructor] (0x0400): Removing [8:8:0000:<ALL>] from reply table
(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [dp_req_destructor] (0x0400): DP Request [Subdomains #1]: Request removed.
(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [dp_req_destructor] (0x0400): Number of active DP request: 0
(Wed Jan 24 08:53:44 2018) [sssd[be[place.edu]]] [sbus_server_init_new_connection] (0x0200): Entering.
(Wed Jan 24 08:53:44 2018) [sssd[be[place.edu]]] [sbus_server_init_new_connection] (0x0200): Adding connection 0x55a3326fa950.
(Wed Jan 24 08:53:44 2018) [sssd[be[place.edu]]] [sbus_init_connection] (0x0400): Adding connection 0x55a3326fa950
(Wed Jan 24 08:53:44 2018) [sssd[be[place.edu]]] [sbus_add_watch] (0x2000): 0x55a3326d00c0/0x55a3326fa5b0 (21), -/W (disabled)
(Wed Jan 24 08:53:44 2018) [sssd[be[place.edu]]] [sbus_server_init_new_connection] (0x0200): Got a connection
(Wed Jan 24 08:53:44 2018) [sssd[be[place.edu]]] [dp_client_init] (0x0100): Set-up Backend ID timeout [0x55a3326e7070]
(Wed Jan 24 08:53:44 2018) [sssd[be[place.edu]]] [sbus_opath_hash_add_iface] (0x0400): Registering interface org.freedesktop.sssd.DataProvider.Client with path /org/freedesktop/sssd/dataprovider
(Wed Jan 24 08:53:44 2018) [sssd[be[place.edu]]] [sbus_conn_register_path] (0x0400): Registering object path /org/freedesktop/sssd/dataprovider with D-Bus connection
(Wed Jan 24 08:53:44 2018) [sssd[be[place.edu]]] [sbus_opath_hash_add_iface] (0x0400): Registering interface org.freedesktop.DBus.Properties with path /org/freedesktop/sssd/dataprovider
(Wed Jan 24 08:53:44 2018) [sssd[be[place.edu]]] [sbus_opath_hash_add_iface] (0x0400): Registering interface org.freedesktop.DBus.Introspectable with path /org/freedesktop/sssd/dataprovider
(Wed Jan 24 08:53:44 2018) [sssd[be[place.edu]]] [sbus_opath_hash_add_iface] (0x0400): Registering interface org.freedesktop.sssd.dataprovider with path /org/freedesktop/sssd/dataprovider
(Wed Jan 24 08:53:44 2018) [sssd[be[place.edu]]] [sbus_opath_hash_add_iface] (0x0400): Registering interface org.freedesktop.sssd.DataProvider.Backend with path /org/freedesktop/sssd/dataprovider
(Wed Jan 24 08:53:44 2018) [sssd[be[place.edu]]] [sbus_opath_hash_add_iface] (0x0400): Registering interface org.freedesktop.sssd.DataProvider.Failover with path /org/freedesktop/sssd/dataprovider
(Wed Jan 24 08:53:44 2018) [sssd[be[place.edu]]] [sbus_message_handler] (0x2000): Received SBUS method org.freedesktop.sssd.DataProvider.Client.Register on path /org/freedesktop/sssd/dataprovider
(Wed Jan 24 08:53:44 2018) [sssd[be[place.edu]]] [sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit
(Wed Jan 24 08:53:44 2018) [sssd[be[place.edu]]] [dp_client_register] (0x0100): Cancel DP ID timeout [0x55a3326e7070]
(Wed Jan 24 08:53:44 2018) [sssd[be[place.edu]]] [dp_client_register] (0x0100): Added Frontend client [SUDO]
(Wed Jan 24 08:53:44 2018) [sssd[be[place.edu]]] [sbus_message_handler] (0x2000): Received SBUS method org.freedesktop.sssd.dataprovider.getDomains on path /org/freedesktop/sssd/dataprovider
(Wed Jan 24 08:53:44 2018) [sssd[be[place.edu]]] [sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit
(Wed Jan 24 08:53:44 2018) [sssd[be[place.edu]]] [dp_attach_req] (0x0400): DP Request [Subdomains #2]: New request. Flags [0000].
(Wed Jan 24 08:53:44 2018) [sssd[be[place.edu]]] [dp_attach_req] (0x0400): Number of active DP request: 1
(Wed Jan 24 08:53:44 2018) [sssd[be[place.edu]]] [ad_subdomains_handler_send] (0x0400): Subdomains were recently refreshed, nothing to do
(Wed Jan 24 08:53:44 2018) [sssd[be[place.edu]]] [dp_req_done] (0x0400): DP Request [Subdomains #2]: Request handler finished [0]: Success
(Wed Jan 24 08:53:44 2018) [sssd[be[place.edu]]] [_dp_req_recv] (0x0400): DP Request [Subdomains #2]: Receiving request data.
(Wed Jan 24 08:53:44 2018) [sssd[be[place.edu]]] [dp_req_reply_list_success] (0x0400): DP Request [Subdomains #2]: Finished. Success.
(Wed Jan 24 08:53:44 2018) [sssd[be[place.edu]]] [dp_req_reply_std] (0x1000): DP Request [Subdomains #2]: Returning [Success]: 0,0,Success
(Wed Jan 24 08:53:44 2018) [sssd[be[place.edu]]] [dp_table_value_destructor] (0x0400): Removing [8:8:0000:<ALL>] from reply table
(Wed Jan 24 08:53:44 2018) [sssd[be[place.edu]]] [dp_req_destructor] (0x0400): DP Request [Subdomains #2]: Request removed.
(Wed Jan 24 08:53:44 2018) [sssd[be[place.edu]]] [dp_req_destructor] (0x0400): Number of active DP request: 0
On Wed, 2018-01-24 at 14:37 +0100, Jakub Hrozek wrote:
On Tue, Jan 23, 2018 at 07:44:04PM -0500, goehle@gmail.com wrote:
Hi,
The troubleshooting guide in the docs said to email the list if the System
Error (4) shows up, so I figured I bring this issue up. I'm running sssd
version 1.16.0 on Debian testing and recently encountered a new behavior.
We set up sssd with active directory based authentication on an already
established system. For various reasons there are still local passwd
users, some of whom also have ad accounts. What used to happen is that the
pam/nsswitch stack was set up so that those users would end up with their
passwd id. If they had an ad account they could log in with either their
shadow password or their ad password. Right after we upgraded from
1.16.0-1 to 1.16.0-2 any local user generated a System Error (4) in the
logs and and local users with ad accounts could no longer use their ad
passwords (although they could still use their local passwords). There
isn't a lot of information in the logs.
Can you also paste your full configuration and the sssd domain log(s) ?
Does sssd on Debian use the implicit files provider (ps would show a
sssd_be process running with --name implicit_files)
_______________________________________________
sssd-users mailing list -- sssd-users@lists.fedorahosted.org
To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org