> Lukas Slebodnik <lslebodn@redhat.com> hat am 14. November 2016 um 17:18 geschrieben:
>
>
> On (14/11/16 17:09), Ronny Forberger wrote:
> >> Lukas Slebodnik <lslebodn@redhat.com> hat am 14. November 2016 um 11:36
> >> geschrieben:
> >>
> >>
> >> On (14/11/16 11:34), Ronny Forberger wrote:
> >> >> Lukas Slebodnik <lslebodn@redhat.com> hat am 14. November 2016 um 10:04
> >> >> geschrieben:
> >> >>
> >> >>
> >> >> On (13/11/16 16:03), ronnyforberger@ronnyforberger.de wrote:
> >> >> >I found out, that /var/run/sss needed mode 0755.
> >> >> >
> >> >> >But I still cannot use passwords.
> >> >> >My /etc/pam.d/system looks like the following:
> >> >> >
> >> >> What do you meand by cannot use password?
> >> >> How do you authenticate ssh (or login on tty)
> >> >> Are you able to resolve user with "getent passwd" or "id"?
> >> >I cannot login using password or use sudo using password. Neigher by ssh,
> >> >login
> >> >on tty.
> >> >
> >> >I can see the users through getent passwd and id.
> >> >
> >> >The debug log of pam_sssd.so says:
> >> >
> >> >
> >> >Nov 13 17:31:59 macy sudo: in openpam_dispatch(): /usr/local/lib/pam_sss.so:
> >> >pam_sm_authenticate(): authentication error
> >> >Nov 13 17:32:01 macy su: in openpam_dispatch(): calling pam_sm_setcred() in
> >> >/usr/local/lib/pam_sss.so
> >> >Nov 13 17:32:01 macy su: in pam_get_item(): entering: PAM_SERVICE
> >> >Nov 13 17:32:01 macy su: in pam_get_item(): returning PAM_SUCCESS
> >> >Nov 13 17:32:01 macy su: in pam_get_item(): entering: PAM_USER
> >> >Nov 13 17:32:01 macy su: in pam_get_item(): returning PAM_SUCCESS
> >> >Nov 13 17:32:01 macy su: in pam_get_item(): entering: PAM_TTY
> >> >Nov 13 17:32:01 macy su: in pam_get_item(): returning PAM_SUCCESS
> >> >Nov 13 17:32:01 macy su: in pam_get_item(): entering: PAM_RUSER
> >> >Nov 13 17:32:01 macy su: in pam_get_item(): returning PAM_SUCCESS
> >> >Nov 13 17:32:01 macy su: in pam_get_item(): entering: PAM_RHOST
> >> >Nov 13 17:32:01 macy su: in pam_get_item(): returning PAM_SUCCESS
> >> >Nov 13 17:32:01 macy su: in pam_get_item(): entering: PAM_AUTHTOK
> >> >Nov 13 17:32:01 macy su: in pam_get_item(): returning PAM_SUCCESS
> >> >Nov 13 17:32:01 macy su: in pam_get_item(): entering: PAM_OLDAUTHTOK
> >> >Nov 13 17:32:01 macy su: in pam_get_item(): returning PAM_SUCCESS
> >> >Nov 13 17:32:01 macy su: in pam_set_data(): entering: 'pam_sss:fd_destructor'
> >> >Nov 13 17:32:01 macy su: in pam_set_data(): returning PAM_SUCCESS
> >> >Nov 13 17:32:01 macy su: in openpam_dispatch(): /usr/local/lib/pam_sss.so:
> >> >pam_sm_setcred(): success
> >> >
> >> Those messages are from syslog.
> >> You need to find a problem in sssd logs.
> >> https://fedorahosted.org/sssd/wiki/Troubleshooting
> >Ok, here is the PAM log from sssd:
> >
> >(Mon Nov 14 17:06:41 2016) [sssd[pam]] [pam_cmd_acct_mgmt] (0x0100): entering
> >pam_cmd_acct_mgmt
> >(Mon Nov 14 17:06:41 2016) [sssd[pam]] [pam_print_data] (0x0100): command:
> >PAM_ACCT_MGMT
> >(Mon Nov 14 17:06:41 2016) [sssd[pam]] [pam_print_data] (0x0100): domain: not
> >set
> There are just log messages from debug_level 0x0100.
>
> I assume you set "debug_level = 0x0100" into pam section.
> But 0x0100 is a bitmask style and does not contain debug
> messages with lover debug level.
>
> Could you sed "debug_level = 0x03f0" or non-bitmask version
> "debug_level = 7"?
>
> Please attach log sssd_pam.log and sssd_$domain.log files
> as attachments to the mail.