getent passwd returns results as I suspect.

# getent passwd wasadmin
wasadmin:*:1209:1209:WebSphere admin:/home/wasadmin:/bin/ksh


Thanks for the suggestion on strace.. I think that helped me find the source of the problem.  I'm guessing that the issue is that there is no 32 bit libnss support?

# file httpd
httpd: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), for GNU/Linux 2.2.5, dynamically linked (uses shared libs), not stripped

munmap(0xf7e52000, 4096)                = 0
open("/opt/ihs/70/lib/libnss_sss.so.2", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/opt/ihs/70/gsk7/lib/libnss_sss.so.2", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY)      = 5
fstat64(5, {st_mode=S_IFREG|0644, st_size=56578, ...}) = 0
mmap2(NULL, 56578, PROT_READ, MAP_PRIVATE, 5, 0) = 0xfffffffff7e45000
close(5)                                = 0
open("/lib/tls/i686/sse2/libnss_sss.so.2", O_RDONLY) = -1 ENOENT (No such file or directory)
stat64("/lib/tls/i686/sse2", 0xffacc128) = -1 ENOENT (No such file or directory)
open("/lib/tls/i686/libnss_sss.so.2", O_RDONLY) = -1 ENOENT (No such file or directory)
stat64("/lib/tls/i686", 0xffacc128)     = -1 ENOENT (No such file or directory)
open("/lib/tls/sse2/libnss_sss.so.2", O_RDONLY) = -1 ENOENT (No such file or directory)
stat64("/lib/tls/sse2", 0xffacc128)     = -1 ENOENT (No such file or directory)
open("/lib/tls/libnss_sss.so.2", O_RDONLY) = -1 ENOENT (No such file or directory)
stat64("/lib/tls", 0xffacc128)          = -1 ENOENT (No such file or directory)
open("/lib/i686/sse2/libnss_sss.so.2", O_RDONLY) = -1 ENOENT (No such file or directory)
stat64("/lib/i686/sse2", 0xffacc128)    = -1 ENOENT (No such file or directory)
open("/lib/i686/libnss_sss.so.2", O_RDONLY) = -1 ENOENT (No such file or directory)
stat64("/lib/i686", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
open("/lib/sse2/libnss_sss.so.2", O_RDONLY) = -1 ENOENT (No such file or directory)
stat64("/lib/sse2", 0xffacc128)         = -1 ENOENT (No such file or directory)
open("/lib/libnss_sss.so.2", O_RDONLY)  = -1 ENOENT (No such file or directory)
stat64("/lib", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
open("/usr/lib/tls/i686/sse2/libnss_sss.so.2", O_RDONLY) = -1 ENOENT (No such file or directory)
stat64("/usr/lib/tls/i686/sse2", 0xffacc128) = -1 ENOENT (No such file or directory)
open("/usr/lib/tls/i686/libnss_sss.so.2", O_RDONLY) = -1 ENOENT (No such file or directory)
stat64("/usr/lib/tls/i686", 0xffacc128) = -1 ENOENT (No such file or directory)
open("/usr/lib/tls/sse2/libnss_sss.so.2", O_RDONLY) = -1 ENOENT (No such file or directory)
stat64("/usr/lib/tls/sse2", 0xffacc128) = -1 ENOENT (No such file or directory)
open("/usr/lib/tls/libnss_sss.so.2", O_RDONLY) = -1 ENOENT (No such file or directory)
stat64("/usr/lib/tls", 0xffacc128)      = -1 ENOENT (No such file or directory)
open("/usr/lib/i686/sse2/libnss_sss.so.2", O_RDONLY) = -1 ENOENT (No such file or directory)
stat64("/usr/lib/i686/sse2", 0xffacc128) = -1 ENOENT (No such file or directory)
open("/usr/lib/i686/libnss_sss.so.2", O_RDONLY) = -1 ENOENT (No such file or directory)
stat64("/usr/lib/i686", 0xffacc128)     = -1 ENOENT (No such file or directory)
open("/usr/lib/sse2/libnss_sss.so.2", O_RDONLY) = -1 ENOENT (No such file or directory)
stat64("/usr/lib/sse2", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
open("/usr/lib/libnss_sss.so.2", O_RDONLY) = -1 ENOENT (No such file or directory)
stat64("/usr/lib", {st_mode=S_IFDIR|0755, st_size=36864, ...}) = 0
munmap(0xf7e45000, 56578)               = 0
write(2, "httpd: bad user name wasadmin\n", 30httpd: bad user name wasadmin
) = 30
exit_group(1)                           = ?




/* -----------------------------
Will Darton

I.T. Operations
Information Services
Navy Federal Credit Union
wk 703.255.8639
cell: 703.232.2344
will_darton@navyfederal.org

*/



From:        Jakub Hrozek <jhrozek@redhat.com>
To:        <sssd-users@lists.fedorahosted.org>,
Date:        05/23/2013 11:31 AM
Subject:        Re: [SSSD-users] IBM IHS Apache and SSSD
Sent by:        <sssd-users-bounces@lists.fedorahosted.org>




On Thu, May 23, 2013 at 10:32:21AM -0400, Will_Darton@navyfederal.org wrote:
>    Does anyone have any experience with using IBM IHS Apache and sssd
>    together?  
>    I've got some RHEL6.4 servers that need to use IBM IHS for apache.
>
>    The 'User <user>' in the httpd.conf file is set to a userid that is
>    present in LDAP ( via sssd) and can be su - <userid> without any issue,
>    but httpd will not start, and kicks back
>
>    httpd: <user> is not a valid user.
>
>    I would think Apache would use nss to get this information, but I can't
>    find any errors in the sssd_nss logs to indicate a problem.
>
>    Thoughts?

Does getent passwd <user> also work fine?

Did you see the user being requested in the NSS logs at all? Please note
that in 6.4 some requests might be served from the memory cache and not
make its way to the nss responder at all. Running sss_cache -UG should
clear the cache for you.

Then I would suggest checking if apache requests the user with standard
interface or whether it just reads /etc/password. Maybe something like:

# strace httpd -DNO_DETACH -DFOREGROUND -k start 2>&1 | grep sss

btw I just ran a 5-minute test here and was able to start Apache
(httpd-2.4.4-2.fc18.x86_64) that used user and group from IPA just fine.
_______________________________________________
sssd-users mailing list
sssd-users@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-users