On 3 April 2018 at 20:15, Jakub Hrozek <jhrozek(a)redhat.com> wrote:
> On 3 Apr 2018, at 02:24, Lachlan Musicman <datakid(a)gmail.com> wrote:
>
> On 3 April 2018 at 08:23, Lachlan Musicman <datakid(a)gmail.com> wrote:
> On 29 March 2018 at 20:23, Valentin Fischer <valentin(a)servergeek.at>
wrote:
> Permission issue.
>
> Reinstall sssd-common
>
https://lists.fedorahosted.org/archives/list/sssd-users@list
s.fedorahosted.org/message/IMP4NFXOW6RPKB2GIU4WXKLY54CTJG6A/
>
>
> fails with the same errors as reported initially. So running manually in
interactive mode works, but starting via systemctl doesn’t
One difference I can think of between running the deamon on the foreground
versus running as a service is SELinux context. Did you check if maybe
there are some AVC denials if you run sssd as a service?
I'll check the denials - I'm not fully up to speed on AVC denials and
selinux, but some googling suggested this command
# ausearch -m avc -c sssd
<no matches>
Here's the sssd config
[
domain/unixdev.mycompany.com]
cache_credentials = True
krb5_store_password_if_offline = True
ipa_domain =
unixdev.mycompany.com
id_provider = ipa
auth_provider = ipa
access_provider = ipa
ipa_hostname =
vmts-linuxclient1.unixdev.mycompany.com
chpass_provider = ipa
ipa_server = _srv_,
vmdv-linuxidm1.unixdev.mycompany.com
ldap_tls_cacert = /etc/ipa/ca.crt
selinux_provider = none
krb5_auth_timeout = 15
debug_level = 7
[
domain/unixdev.mycompany.com/mycompany.com]
use_fully_qualified_names = False
[sssd]
config_file_version = 2
services = nss, sudo, pam, ssh
domains =
unixdev.mycompany.com
debug_level = 7
domain_resolution_order =
unix.mycompany.com,mycompany.com
full_name_format = %1$s
[nss]
homedir_substring = /home
memcache_timeout = 800
debug_level = 7
enum_cache_timeout = 240
entry_cache_nowait_percentage = 75
[pam]
pam_id_timeout = 15
debug_level = 7
[ssh]
debug_level = 7