Thanks for the response. I was on #sssd and someone said that duplicate usernames like we
have is a no go, so I was planning on just removing local accounts and deal with the
fallout. However, I'm
happy to look for a different fix.
Geoff.
- We are using the implicit files provider
- The sssd.conf file is
[domain/place.edu]id_provider = adaccess_provider = ad
ldap_idmap_range_min = 200000ldap_idmap_range_max = 2000200000ldap_idmap_range_size =
800000ldap_pwd_policy = none
sudo_provider = none
debug_level = 8
[sssd]services = nss, pamconfig_file_version = 2domains =
place.edu
[nss]override_shell=/bin/bashoverride_homedir=/home/%ufilter_users =
<stuff>filter_groups = <stuff>
[pam]
- The domain log file is. (There is a failed login attempt in this range of entries, but
it doesn't show up anywhere.)
(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [child_sig_handler] (0x1000): Waiting for
child [19947].(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [child_sig_handler]
(0x0020): child [19947]
failed with status [2].(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]]
[nsupdate_child_handler] (0x0040): Dynamic DNS child failed with status [512](Wed Jan 24
08:53:43 2018) [sssd[be[place.edu]]]
[be_nsupdate_done] (0x0040): nsupdate child execution failed [1432158239]: Dynamic DNS
update failed(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]]
[sbus_server_init_new_connection] (0x0200):
Entering.(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]]
[sbus_server_init_new_connection] (0x0200): Adding connection 0x55a3326eac70.(Wed Jan 24
08:53:43 2018) [sssd[be[place.edu]]]
[sbus_init_connection] (0x0400): Adding connection 0x55a3326eac70(Wed Jan 24 08:53:43
2018) [sssd[be[place.edu]]] [sbus_add_watch] (0x2000): 0x55a3326d8260/0x55a3326ede90 (19),
-/W (disabled)(Wed Jan
24 08:53:43 2018) [sssd[be[place.edu]]] [sbus_server_init_new_connection] (0x0200): Got a
connection(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [dp_client_init] (0x0100):
Set-up Backend ID
timeout [0x55a3326e7070](Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]]
[sbus_opath_hash_add_iface] (0x0400): Registering interface
org.freedesktop.sssd.DataProvider.Client with path
/org/freedesktop/sssd/dataprovider(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]]
[sbus_conn_register_path] (0x0400): Registering object path
/org/freedesktop/sssd/dataprovider with D-Bus
connection(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [sbus_opath_hash_add_iface]
(0x0400): Registering interface org.freedesktop.DBus.Properties with path
/org/freedesktop/sssd/dataprovider(Wed
Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [sbus_opath_hash_add_iface] (0x0400):
Registering interface org.freedesktop.DBus.Introspectable with path
/org/freedesktop/sssd/dataprovider(Wed Jan 24
08:53:43 2018) [sssd[be[place.edu]]] [sbus_opath_hash_add_iface] (0x0400): Registering
interface org.freedesktop.sssd.dataprovider with path
/org/freedesktop/sssd/dataprovider(Wed Jan 24 08:53:43
2018) [sssd[be[place.edu]]] [sbus_opath_hash_add_iface] (0x0400): Registering interface
org.freedesktop.sssd.DataProvider.Backend with path /org/freedesktop/sssd/dataprovider(Wed
Jan 24 08:53:43 2018)
[sssd[be[place.edu]]] [sbus_opath_hash_add_iface] (0x0400): Registering interface
org.freedesktop.sssd.DataProvider.Failover with path
/org/freedesktop/sssd/dataprovider(Wed Jan 24 08:53:43 2018)
[sssd[be[place.edu]]] [sbus_server_init_new_connection] (0x0200): Entering.(Wed Jan 24
08:53:43 2018) [sssd[be[place.edu]]] [sbus_server_init_new_connection] (0x0200): Adding
connection
0x55a3326e8800.(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [sbus_init_connection]
(0x0400): Adding connection 0x55a3326e8800(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]]
[sbus_add_watch]
(0x2000): 0x55a3326d8de0/0x55a3326d9630 (20), -/W (disabled)(Wed Jan 24 08:53:43 2018)
[sssd[be[place.edu]]] [sbus_server_init_new_connection] (0x0200): Got a connection(Wed Jan
24 08:53:43 2018)
[sssd[be[place.edu]]] [dp_client_init] (0x0100): Set-up Backend ID timeout
[0x55a3326f3510](Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]]
[sbus_opath_hash_add_iface] (0x0400): Registering interface
org.freedesktop.sssd.DataProvider.Client with path /org/freedesktop/sssd/dataprovider(Wed
Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [sbus_conn_register_path] (0x0400):
Registering object path
/org/freedesktop/sssd/dataprovider with D-Bus connection(Wed Jan 24 08:53:43 2018)
[sssd[be[place.edu]]] [sbus_opath_hash_add_iface] (0x0400): Registering interface
org.freedesktop.DBus.Properties
with path /org/freedesktop/sssd/dataprovider(Wed Jan 24 08:53:43 2018)
[sssd[be[place.edu]]] [sbus_opath_hash_add_iface] (0x0400): Registering interface
org.freedesktop.DBus.Introspectable with path
/org/freedesktop/sssd/dataprovider(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]]
[sbus_opath_hash_add_iface] (0x0400): Registering interface
org.freedesktop.sssd.dataprovider with path
/org/freedesktop/sssd/dataprovider(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]]
[sbus_opath_hash_add_iface] (0x0400): Registering interface
org.freedesktop.sssd.DataProvider.Backend with path
/org/freedesktop/sssd/dataprovider(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]]
[sbus_opath_hash_add_iface] (0x0400): Registering interface
org.freedesktop.sssd.DataProvider.Failover with path
/org/freedesktop/sssd/dataprovider(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]]
[sbus_message_handler] (0x2000): Received SBUS method
org.freedesktop.sssd.DataProvider.Client.Register on path
/org/freedesktop/sssd/dataprovider(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]]
[sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit(Wed Jan 24 08:53:43 2018)
[sssd[be[place.edu]]]
[dp_client_register] (0x0100): Cancel DP ID timeout [0x55a3326f3510](Wed Jan 24 08:53:43
2018) [sssd[be[place.edu]]] [dp_client_register] (0x0100): Added Frontend client [PAM](Wed
Jan 24 08:53:43
2018) [sssd[be[place.edu]]] [sbus_message_handler] (0x2000): Received SBUS method
org.freedesktop.sssd.dataprovider.getDomains on path
/org/freedesktop/sssd/dataprovider(Wed Jan 24 08:53:43 2018)
[sssd[be[place.edu]]] [sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit(Wed
Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [dp_attach_req] (0x0400): DP Request
[Subdomains #0]: New request.
Flags [0000].(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [dp_attach_req] (0x0400):
Number of active DP request: 1(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]]
[ad_subdomains_handler_send]
(0x0400): Subdomains were recently refreshed, nothing to do(Wed Jan 24 08:53:43 2018)
[sssd[be[place.edu]]] [dp_req_done] (0x0400): DP Request [Subdomains #0]: Request handler
finished [0]:
Success(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [_dp_req_recv] (0x0400): DP
Request [Subdomains #0]: Receiving request data.(Wed Jan 24 08:53:43 2018)
[sssd[be[place.edu]]]
[dp_req_reply_list_success] (0x0400): DP Request [Subdomains #0]: Finished. Success.(Wed
Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [dp_req_reply_std] (0x1000): DP Request
[Subdomains #0]: Returning
[Success]: 0,0,Success(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]]
[dp_table_value_destructor] (0x0400): Removing [8:8:0000:<ALL>] from reply table(Wed
Jan 24 08:53:43 2018) [sssd[be[place.edu]]]
[dp_req_destructor] (0x0400): DP Request [Subdomains #0]: Request removed.(Wed Jan 24
08:53:43 2018) [sssd[be[place.edu]]] [dp_req_destructor] (0x0400): Number of active DP
request: 0(Wed Jan 24
08:53:43 2018) [sssd[be[place.edu]]] [sbus_message_handler] (0x2000): Received SBUS method
org.freedesktop.sssd.DataProvider.Client.Register on path
/org/freedesktop/sssd/dataprovider(Wed Jan 24
08:53:43 2018) [sssd[be[place.edu]]] [sbus_get_sender_id_send] (0x2000): Not a sysbus
message, quit(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [dp_client_register]
(0x0100): Cancel DP ID timeout
[0x55a3326e7070](Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [dp_client_register]
(0x0100): Added Frontend client [NSS](Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]]
[sbus_message_handler]
(0x2000): Received SBUS method org.freedesktop.sssd.dataprovider.getDomains on path
/org/freedesktop/sssd/dataprovider(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]]
[sbus_get_sender_id_send]
(0x2000): Not a sysbus message, quit(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]]
[dp_attach_req] (0x0400): DP Request [Subdomains #1]: New request. Flags [0000].(Wed Jan
24 08:53:43 2018)
[sssd[be[place.edu]]] [dp_attach_req] (0x0400): Number of active DP request: 1(Wed Jan 24
08:53:43 2018) [sssd[be[place.edu]]] [ad_subdomains_handler_send] (0x0400): Subdomains
were recently
refreshed, nothing to do(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [dp_req_done]
(0x0400): DP Request [Subdomains #0]: Request handler finished [0]: Success(Wed Jan 24
08:53:43 2018)
[sssd[be[place.edu]]] [_dp_req_recv] (0x0400): DP Request [Subdomains #0]: Receiving
request data.(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [dp_req_reply_list_success]
(0x0400): DP Request
[Subdomains #0]: Finished. Success.(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]]
[dp_req_reply_std] (0x1000): DP Request [Subdomains #0]: Returning [Success]:
0,0,Success(Wed Jan 24 08:53:43 2018)
[sssd[be[place.edu]]] [dp_table_value_destructor] (0x0400): Removing
[8:8:0000:<ALL>] from reply table(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]]
[dp_req_destructor] (0x0400): DP Request
[Subdomains #0]: Request removed.(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]]
[dp_req_destructor] (0x0400): Number of active DP request: 0(Wed Jan 24 08:53:43 2018)
[sssd[be[place.edu]]]
[sbus_message_handler] (0x2000): Received SBUS method
org.freedesktop.sssd.DataProvider.Client.Register on path
/org/freedesktop/sssd/dataprovider(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]]
[sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit(Wed Jan 24 08:53:43 2018)
[sssd[be[place.edu]]] [dp_client_register] (0x0100): Cancel DP ID timeout
[0x55a3326e7070](Wed Jan 24 08:53:43
2018) [sssd[be[place.edu]]] [dp_client_register] (0x0100): Added Frontend client [NSS](Wed
Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [sbus_message_handler] (0x2000): Received SBUS
method
org.freedesktop.sssd.dataprovider.getDomains on path
/org/freedesktop/sssd/dataprovider(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]]
[sbus_get_sender_id_send] (0x2000): Not a sysbus message,
quit(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [dp_attach_req] (0x0400): DP Request
[Subdomains #1]: New request. Flags [0000].(Wed Jan 24 08:53:43 2018)
[sssd[be[place.edu]]] [dp_attach_req]
(0x0400): Number of active DP request: 1(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]]
[ad_subdomains_handler_send] (0x0400): Subdomains were recently refreshed, nothing to
do(Wed Jan 24 08:53:43
2018) [sssd[be[place.edu]]] [dp_req_done] (0x0400): DP Request [Subdomains #1]: Request
handler finished [0]: Success(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]]
[_dp_req_recv] (0x0400): DP
Request [Subdomains #1]: Receiving request data.(Wed Jan 24 08:53:43 2018)
[sssd[be[place.edu]]] [dp_req_reply_list_success] (0x0400): DP Request [Subdomains #1]:
Finished. Success.(Wed Jan 24
08:53:43 2018) [sssd[be[place.edu]]] [dp_req_reply_std] (0x1000): DP Request [Subdomains
#1]: Returning [Success]: 0,0,Success(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]]
[dp_table_value_destructor] (0x0400): Removing [8:8:0000:<ALL>] from reply table(Wed
Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [dp_req_destructor] (0x0400): DP Request
[Subdomains #1]: Request
removed.(Wed Jan 24 08:53:43 2018) [sssd[be[place.edu]]] [dp_req_destructor] (0x0400):
Number of active DP request: 0(Wed Jan 24 08:53:44 2018) [sssd[be[place.edu]]]
[sbus_server_init_new_connection]
(0x0200): Entering.(Wed Jan 24 08:53:44 2018) [sssd[be[place.edu]]]
[sbus_server_init_new_connection] (0x0200): Adding connection 0x55a3326fa950.(Wed Jan 24
08:53:44 2018) [sssd[be[place.edu]]]
[sbus_init_connection] (0x0400): Adding connection 0x55a3326fa950(Wed Jan 24 08:53:44
2018) [sssd[be[place.edu]]] [sbus_add_watch] (0x2000): 0x55a3326d00c0/0x55a3326fa5b0 (21),
-/W (disabled)(Wed Jan
24 08:53:44 2018) [sssd[be[place.edu]]] [sbus_server_init_new_connection] (0x0200): Got a
connection(Wed Jan 24 08:53:44 2018) [sssd[be[place.edu]]] [dp_client_init] (0x0100):
Set-up Backend ID
timeout [0x55a3326e7070](Wed Jan 24 08:53:44 2018) [sssd[be[place.edu]]]
[sbus_opath_hash_add_iface] (0x0400): Registering interface
org.freedesktop.sssd.DataProvider.Client with path
/org/freedesktop/sssd/dataprovider(Wed Jan 24 08:53:44 2018) [sssd[be[place.edu]]]
[sbus_conn_register_path] (0x0400): Registering object path
/org/freedesktop/sssd/dataprovider with D-Bus
connection(Wed Jan 24 08:53:44 2018) [sssd[be[place.edu]]] [sbus_opath_hash_add_iface]
(0x0400): Registering interface org.freedesktop.DBus.Properties with path
/org/freedesktop/sssd/dataprovider(Wed
Jan 24 08:53:44 2018) [sssd[be[place.edu]]] [sbus_opath_hash_add_iface] (0x0400):
Registering interface org.freedesktop.DBus.Introspectable with path
/org/freedesktop/sssd/dataprovider(Wed Jan 24
08:53:44 2018) [sssd[be[place.edu]]] [sbus_opath_hash_add_iface] (0x0400): Registering
interface org.freedesktop.sssd.dataprovider with path
/org/freedesktop/sssd/dataprovider(Wed Jan 24 08:53:44
2018) [sssd[be[place.edu]]] [sbus_opath_hash_add_iface] (0x0400): Registering interface
org.freedesktop.sssd.DataProvider.Backend with path /org/freedesktop/sssd/dataprovider(Wed
Jan 24 08:53:44 2018)
[sssd[be[place.edu]]] [sbus_opath_hash_add_iface] (0x0400): Registering interface
org.freedesktop.sssd.DataProvider.Failover with path
/org/freedesktop/sssd/dataprovider(Wed Jan 24 08:53:44 2018)
[sssd[be[place.edu]]] [sbus_message_handler] (0x2000): Received SBUS method
org.freedesktop.sssd.DataProvider.Client.Register on path
/org/freedesktop/sssd/dataprovider(Wed Jan 24 08:53:44 2018)
[sssd[be[place.edu]]] [sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit(Wed
Jan 24 08:53:44 2018) [sssd[be[place.edu]]] [dp_client_register] (0x0100): Cancel DP ID
timeout
[0x55a3326e7070](Wed Jan 24 08:53:44 2018) [sssd[be[place.edu]]] [dp_client_register]
(0x0100): Added Frontend client [SUDO](Wed Jan 24 08:53:44 2018) [sssd[be[place.edu]]]
[sbus_message_handler]
(0x2000): Received SBUS method org.freedesktop.sssd.dataprovider.getDomains on path
/org/freedesktop/sssd/dataprovider(Wed Jan 24 08:53:44 2018) [sssd[be[place.edu]]]
[sbus_get_sender_id_send]
(0x2000): Not a sysbus message, quit(Wed Jan 24 08:53:44 2018) [sssd[be[place.edu]]]
[dp_attach_req] (0x0400): DP Request [Subdomains #2]: New request. Flags [0000].(Wed Jan
24 08:53:44 2018)
[sssd[be[place.edu]]] [dp_attach_req] (0x0400): Number of active DP request: 1(Wed Jan 24
08:53:44 2018) [sssd[be[place.edu]]] [ad_subdomains_handler_send] (0x0400): Subdomains
were recently
refreshed, nothing to do(Wed Jan 24 08:53:44 2018) [sssd[be[place.edu]]] [dp_req_done]
(0x0400): DP Request [Subdomains #2]: Request handler finished [0]: Success(Wed Jan 24
08:53:44 2018)
[sssd[be[place.edu]]] [_dp_req_recv] (0x0400): DP Request [Subdomains #2]: Receiving
request data.(Wed Jan 24 08:53:44 2018) [sssd[be[place.edu]]] [dp_req_reply_list_success]
(0x0400): DP Request
[Subdomains #2]: Finished. Success.(Wed Jan 24 08:53:44 2018) [sssd[be[place.edu]]]
[dp_req_reply_std] (0x1000): DP Request [Subdomains #2]: Returning [Success]:
0,0,Success(Wed Jan 24 08:53:44 2018)
[sssd[be[place.edu]]] [dp_table_value_destructor] (0x0400): Removing
[8:8:0000:<ALL>] from reply table(Wed Jan 24 08:53:44 2018) [sssd[be[place.edu]]]
[dp_req_destructor] (0x0400): DP Request
[Subdomains #2]: Request removed.(Wed Jan 24 08:53:44 2018) [sssd[be[place.edu]]]
[dp_req_destructor] (0x0400): Number of active DP request: 0
On Wed, 2018-01-24 at 14:37 +0100, Jakub Hrozek wrote:
On Tue, Jan 23, 2018 at 07:44:04PM -0500, goehle(a)gmail.com wrote:
> Hi,
>
> The troubleshooting guide in the docs said to email the list if the System
> Error (4) shows up, so I figured I bring this issue up. I'm running sssd
> version 1.16.0 on Debian testing and recently encountered a new behavior.
> We set up sssd with active directory based authentication on an already
> established system. For various reasons there are still local passwd
> users, some of whom also have ad accounts. What used to happen is that the
> pam/nsswitch stack was set up so that those users would end up with their
> passwd id. If they had an ad account they could log in with either their
> shadow password or their ad password. Right after we upgraded from
> 1.16.0-1 to 1.16.0-2 any local user generated a System Error (4) in the
> logs and and local users with ad accounts could no longer use their ad
> passwords (although they could still use their local passwords). There
> isn't a lot of information in the logs.
Can you also paste your full configuration and the sssd domain log(s) ?
Does sssd on Debian use the implicit files provider (ps would show a
sssd_be process running with --name implicit_files)
_______________________________________________
sssd-users mailing list -- sssd-users(a)lists.fedorahosted.org
To unsubscribe send an email to sssd-users-leave(a)lists.fedorahosted.org