On (21/11/16 09:01), Longina Przybyszewska wrote:
Thank you for the response.
The problems with login started after upgrades -this is Ubuntu Xenial .
In the meantime I debugged PAM.
I will look now in domain log
I attach sssd.conf and the sequence for 'longina' login from sssd-pam.log
Could it be that the problem is generated by lightdm / PAM?
It seems that there is something wrong in the very last step of the login sequence.
cat common-session |grep -v ^#
session [default=1] pam_permit.so
session requisite pam_deny.so
session required pam_permit.so
session optional pam_umask.so
session required pam_unix.so
session optional pam_sss.so
session optional pam_mount.so
session optional pam_systemd.so
cat lightdm |grep -v ^#
auth requisite pam_nologin.so
auth sufficient pam_succeed_if.so user ingroup nopasswdlogin
@include common-auth
auth optional pam_gnome_keyring.so
auth optional pam_kwallet.so
auth optional pam_kwallet5.so
@include common-account
session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
session required pam_limits.so
@include common-session
session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
session optional pam_gnome_keyring.so auto_start
session optional pam_kwallet.so auto_start
session optional pam_kwallet5.so auto_start
session required pam_env.so readenv=1
session required pam_env.so readenv=1 user_readenv=1 envfile=/etc/default/locale
@include common-password
Best,
Longina
> -----Oprindelig meddelelse-----
> Fra: Jakub Hrozek [mailto:jhrozek@redhat.com]
> Sendt: 17. november 2016 09:25
> Til: sssd-users(a)lists.fedorahosted.org
> Emne: [SSSD-users] Re: sssd-13.4 can't login
>
> On Wed, Nov 09, 2016 at 02:45:56PM +0000, Longina Przybyszewska wrote:
> > Hi again,
> > I still hang on that problem.
> > Client and server are configured in AD trust realm environment.
> > Client and server are joind to a.c.domain;
> > User is from n.c.domain.
> >
> > During login sequence NFS-share (sec=krb5) homedir is mounted with
> right nfsidmapping .
> > User can't login because of access denied to the homedir.
> >
> > If I change mount parameter to sec=sys, user can successfully login.
> >
> > Machine's and user's credentials *are* valid ;
> >
> > ==
> > Ticket cache: FILE:/tmp/krb5cc_332405654_B4r6Sy
> > Default principal: longina(a)N.C.DOMAIN
> >
> > Valid starting Expires Service principal
> > 11/09/2016 15:00:43 11/10/2016 01:00:43
> krbtgt/N.C.DOMAIN(a)N.C.DOMAIN
> > renew until 11/10/2016 01:00:43
> > 11/09/2016 15:00:45 11/10/2016 01:00:43 krbtgt/C.SDU.DK(a)N.C.DOMAIN
> > renew until 11/10/2016 01:00:43
> > 11/09/2016 15:00:45 11/10/2016 01:00:43 nfs/adm-lptest.a.c.domain@
> > renew until 11/10/2016 01:00:43
> > 11/09/2016 15:00:45 11/10/2016 01:00:43 nfs/adm-
> lptest.a.c.domain(a)A.C.DOMAIN
> > renew until 11/10/2016 01:00:43
> > ==
> > Kerberos sequence for login ends with (krb5_child.log) :
> >
> > ==[sss_get_ccache_name_for_principal] (0x2000): krb5_cc_cache_match
> failed: [-1765328243][Can't find client principal longina(a)N.C.DOMAIN in
> cache collection]=
>
> You can ignore this, since you are using the FILE: ccache which is
> doesn't support collections, this error is harmless.
>
> It looks like the krb5_child itself finished fine, according to:
> > (Wed Nov 9 15:00:44 2016) [[sssd[krb5_child[1563]]]] [k5c_send_data]
> (0x0200): Received error code 0
> > (Wed Nov 9 15:00:44 2016) [[sssd[krb5_child[1563]]]]
> [pack_response_packet] (0x2000): response packet size: [142]
> > (Wed Nov 9 15:00:44 2016) [[sssd[krb5_child[1563]]]] [k5c_send_data]
> (0x4000): Response sent.
> > (Wed Nov 9 15:00:44 2016) [[sssd[krb5_child[1563]]]] [main] (0x0400):
> krb5_child completed successfully
>
> So I would suggest to look into the domain logs as well. Chances are
> some other part (maybe the access control later?) is failing.
> _______________________________________________
> sssd-users mailing list -- sssd-users(a)lists.fedorahosted.org
> To unsubscribe send an email to sssd-users-leave(a)lists.fedorahosted.org
(Thu Nov 17 11:30:05 2016) [sssd[pam]] [pam_cmd_acct_mgmt] (0x0100):
entering pam_cmd_acct_mgmt
(Thu Nov 17 11:30:05 2016) [sssd[pam]] [sss_parse_name_for_domains] (0x0200): name
'longina(a)n.c.domain' matched expression for domain 'n.c.domain', user is
longina
(Thu Nov 17 11:30:05 2016) [sssd[pam]] [pam_print_data] (0x0100): command:
SSS_PAM_ACCT_MGMT
(Thu Nov 17 11:30:05 2016) [sssd[pam]] [pam_print_data] (0x0100): domain: n.c.domain
(Thu Nov 17 11:30:05 2016) [sssd[pam]] [pam_print_data] (0x0100): user: longina
(Thu Nov 17 11:30:05 2016) [sssd[pam]] [pam_print_data] (0x0100): service: su
(Thu Nov 17 11:30:05 2016) [sssd[pam]] [pam_print_data] (0x0100): tty: /dev/pts/19
(Thu Nov 17 11:30:05 2016) [sssd[pam]] [pam_print_data] (0x0100): ruser: root
(Thu Nov 17 11:30:05 2016) [sssd[pam]] [pam_print_data] (0x0100): rhost: not set
(Thu Nov 17 11:30:05 2016) [sssd[pam]] [pam_print_data] (0x0100): authtok type: 0
(Thu Nov 17 11:30:05 2016) [sssd[pam]] [pam_print_data] (0x0100): newauthtok type: 0
(Thu Nov 17 11:30:05 2016) [sssd[pam]] [pam_print_data] (0x0100): priv: 1
(Thu Nov 17 11:30:05 2016) [sssd[pam]] [pam_print_data] (0x0100): cli_pid: 6611
(Thu Nov 17 11:30:05 2016) [sssd[pam]] [pam_print_data] (0x0100): logon name:
longina(a)n.c.domain
(Thu Nov 17 11:30:05 2016) [sssd[pam]] [sss_ncache_check_str] (0x2000): Checking negative
cache for [NCE/USER/n.c.domain/longina]
(Thu Nov 17 11:30:05 2016) [sssd[pam]] [pam_initgr_check_timeout] (0x4000): User
[longina(a)n.c.domain] not found in PAM cache.
(Thu Nov 17 11:30:05 2016) [sssd[pam]] [sss_dp_issue_request] (0x0400): Issuing request
for [0x410090:3:longina@n.c.domain]
(Thu Nov 17 11:30:05 2016) [sssd[pam]] [sss_dp_get_account_msg] (0x0400): Creating request
for [n.c.domain][0x3][BE_REQ_INITGROUPS][1][name=longina]
(Thu Nov 17 11:30:05 2016) [sssd[pam]] [sbus_add_timeout] (0x2000): 0x1fcbd80
(Thu Nov 17 11:30:05 2016) [sssd[pam]] [sss_dp_internal_get_send] (0x0400): Entering
request [0x410090:3:longina@n.c.domain]
(Thu Nov 17 11:30:05 2016) [sssd[pam]] [sbus_remove_timeout] (0x2000): 0x1fcbd80
(Thu Nov 17 11:30:05 2016) [sssd[pam]] [sbus_dispatch] (0x4000): dbus conn: 0x1fcc1e0
(Thu Nov 17 11:30:05 2016) [sssd[pam]] [sbus_dispatch] (0x4000): Dispatching.
(Thu Nov 17 11:30:05 2016) [sssd[pam]] [sss_dp_get_reply] (0x1000): Got reply from Data
Provider - DP error code: 0 errno: 0 error message: Success
(Thu Nov 17 11:30:05 2016) [sssd[pam]] [pam_check_user_search] (0x0100): Requesting info
for [longina(a)n.c.domain]
(Thu Nov 17 11:30:05 2016) [sssd[pam]] [ldb] (0x4000): Added timed event
"ltdb_callback": 0x1fd4570
(Thu Nov 17 11:30:05 2016) [sssd[pam]] [ldb] (0x4000): Added timed event
"ltdb_timeout": 0x1fd4630
(Thu Nov 17 11:30:05 2016) [sssd[pam]] [ldb] (0x4000): Running timer event 0x1fd4570
"ltdb_callback"
(Thu Nov 17 11:30:05 2016) [sssd[pam]] [ldb] (0x4000): Destroying timer event 0x1fd4630
"ltdb_timeout"
(Thu Nov 17 11:30:05 2016) [sssd[pam]] [ldb] (0x4000): Ending timer event 0x1fd4570
"ltdb_callback"
(Thu Nov 17 11:30:05 2016) [sssd[pam]] [pam_check_user_search] (0x0400): Returning info
for user [longina(a)n.c.domain]
(Thu Nov 17 11:30:05 2016) [sssd[pam]] [pd_set_primary_name] (0x0400): User's primary
name is longina(a)n.c.domain
(Thu Nov 17 11:30:05 2016) [sssd[pam]] [pam_initgr_cache_set] (0x2000):
[longina(a)n.c.domain] added to PAM initgroup cache
(Thu Nov 17 11:30:05 2016) [sssd[pam]] [pam_dp_send_req] (0x0100): Sending request with
the following data:
(Thu Nov 17 11:30:05 2016) [sssd[pam]] [pam_print_data] (0x0100): command:
SSS_PAM_ACCT_MGMT
(Thu Nov 17 11:30:05 2016) [sssd[pam]] [pam_print_data] (0x0100): domain: n.c.domain
(Thu Nov 17 11:30:05 2016) [sssd[pam]] [pam_print_data] (0x0100): user:
longina(a)n.c.domain
(Thu Nov 17 11:30:05 2016) [sssd[pam]] [pam_print_data] (0x0100): service: su
(Thu Nov 17 11:30:05 2016) [sssd[pam]] [pam_print_data] (0x0100): tty: /dev/pts/19
(Thu Nov 17 11:30:05 2016) [sssd[pam]] [pam_print_data] (0x0100): ruser: root
(Thu Nov 17 11:30:05 2016) [sssd[pam]] [pam_print_data] (0x0100): rhost: not set
(Thu Nov 17 11:30:05 2016) [sssd[pam]] [pam_print_data] (0x0100): authtok type: 0
(Thu Nov 17 11:30:05 2016) [sssd[pam]] [pam_print_data] (0x0100): newauthtok type: 0
(Thu Nov 17 11:30:05 2016) [sssd[pam]] [pam_print_data] (0x0100): priv: 1
(Thu Nov 17 11:30:05 2016) [sssd[pam]] [pam_print_data] (0x0100): cli_pid: 6611
(Thu Nov 17 11:30:05 2016) [sssd[pam]] [pam_print_data] (0x0100): logon name:
longina(a)n.c.domain
(Thu Nov 17 11:30:05 2016) [sssd[pam]] [sbus_add_timeout] (0x2000): 0x1fcd6d0
(Thu Nov 17 11:30:05 2016) [sssd[pam]] [pam_dom_forwarder] (0x0100): pam_dp_send_req
returned 0
(Thu Nov 17 11:30:05 2016) [sssd[pam]] [sss_dp_req_destructor] (0x0400): Deleting request:
[0x410090:3:longina@n.c.domain]
(Thu Nov 17 11:30:06 2016) [sssd[pam]] [sbus_remove_timeout] (0x2000): 0x1fcd6d0
(Thu Nov 17 11:30:06 2016) [sssd[pam]] [sbus_dispatch] (0x4000): dbus conn: 0x1fcc1e0
(Thu Nov 17 11:30:06 2016) [sssd[pam]] [sbus_dispatch] (0x4000): Dispatching.
(Thu Nov 17 11:30:06 2016) [sssd[pam]] [pam_dp_process_reply] (0x0200): received: [0
(Success)][n.c.domain]
(Thu Nov 17 11:30:06 2016) [sssd[pam]] [pam_reply] (0x0200): pam_reply called with result
[0]: Success.
(Thu Nov 17 11:30:06 2016) [sssd[pam]] [pam_reply] (0x0200): blen: 29
(Thu Nov 17 11:30:06 2016) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for
client [0x1fd3fc0][19]
(Thu Nov 17 11:30:06 2016) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for
client [0x1fd3fc0][19]
(Thu Nov 17 11:30:06 2016) [sssd[pam]] [pam_cmd_open_session] (0x0100): entering
pam_cmd_open_session
(Thu Nov 17 11:30:06 2016) [sssd[pam]] [sss_parse_name_for_domains] (0x0200): name
'longina(a)n.c.domain' matched expression for domain 'n.c.domain', user is
longina
(Thu Nov 17 11:30:06 2016) [sssd[pam]] [pam_print_data] (0x0100): command:
SSS_PAM_OPEN_SESSION
(Thu Nov 17 11:30:06 2016) [sssd[pam]] [pam_print_data] (0x0100): domain: n.c.domain
(Thu Nov 17 11:30:06 2016) [sssd[pam]] [pam_print_data] (0x0100): user: longina
(Thu Nov 17 11:30:06 2016) [sssd[pam]] [pam_print_data] (0x0100): service: su
(Thu Nov 17 11:30:06 2016) [sssd[pam]] [pam_print_data] (0x0100): tty: /dev/pts/19
(Thu Nov 17 11:30:06 2016) [sssd[pam]] [pam_print_data] (0x0100): ruser: root
(Thu Nov 17 11:30:06 2016) [sssd[pam]] [pam_print_data] (0x0100): rhost: not set
(Thu Nov 17 11:30:06 2016) [sssd[pam]] [pam_print_data] (0x0100): authtok type: 0
(Thu Nov 17 11:30:06 2016) [sssd[pam]] [pam_print_data] (0x0100): newauthtok type: 0
(Thu Nov 17 11:30:06 2016) [sssd[pam]] [pam_print_data] (0x0100): priv: 1
(Thu Nov 17 11:30:06 2016) [sssd[pam]] [pam_print_data] (0x0100): cli_pid: 6611
(Thu Nov 17 11:30:06 2016) [sssd[pam]] [pam_print_data] (0x0100): logon name:
longina(a)n.c.domain
(Thu Nov 17 11:30:06 2016) [sssd[pam]] [sss_ncache_check_str] (0x2000): Checking negative
cache for [NCE/USER/n.c.domain/longina]
(Thu Nov 17 11:30:06 2016) [sssd[pam]] [pam_initgr_check_timeout] (0x2000): User
[longina(a)n.c.domain] found in PAM cache.
(Thu Nov 17 11:30:06 2016) [sssd[pam]] [pam_check_user_search] (0x0100): Requesting info
for [longina(a)n.c.domain]
(Thu Nov 17 11:30:06 2016) [sssd[pam]] [ldb] (0x4000): Added timed event
"ltdb_callback": 0x1fd07d0
(Thu Nov 17 11:30:06 2016) [sssd[pam]] [ldb] (0x4000): Added timed event
"ltdb_timeout": 0x1fd0890
(Thu Nov 17 11:30:06 2016) [sssd[pam]] [ldb] (0x4000): Running timer event 0x1fd07d0
"ltdb_callback"
(Thu Nov 17 11:30:06 2016) [sssd[pam]] [ldb] (0x4000): Destroying timer event 0x1fd0890
"ltdb_timeout"
(Thu Nov 17 11:30:06 2016) [sssd[pam]] [ldb] (0x4000): Ending timer event 0x1fd07d0
"ltdb_callback"
(Thu Nov 17 11:30:06 2016) [sssd[pam]] [pam_check_user_search] (0x0400): Returning info
for user [longina(a)n.c.domain]
(Thu Nov 17 11:30:06 2016) [sssd[pam]] [pd_set_primary_name] (0x0400): User's primary
name is longina(a)n.c.domain
(Thu Nov 17 11:30:06 2016) [sssd[pam]] [pam_dp_send_req] (0x0100): Sending request with
the following data:
(Thu Nov 17 11:30:06 2016) [sssd[pam]] [pam_print_data] (0x0100): command:
SSS_PAM_OPEN_SESSION
(Thu Nov 17 11:30:06 2016) [sssd[pam]] [pam_print_data] (0x0100): domain: n.c.domain
(Thu Nov 17 11:30:06 2016) [sssd[pam]] [pam_print_data] (0x0100): user:
longina(a)n.c.domain
(Thu Nov 17 11:30:06 2016) [sssd[pam]] [pam_print_data] (0x0100): service: su
(Thu Nov 17 11:30:06 2016) [sssd[pam]] [pam_print_data] (0x0100): tty: /dev/pts/19
(Thu Nov 17 11:30:06 2016) [sssd[pam]] [pam_print_data] (0x0100): ruser: root
(Thu Nov 17 11:30:06 2016) [sssd[pam]] [pam_print_data] (0x0100): rhost: not set
(Thu Nov 17 11:30:06 2016) [sssd[pam]] [pam_print_data] (0x0100): authtok type: 0
(Thu Nov 17 11:30:06 2016) [sssd[pam]] [pam_print_data] (0x0100): newauthtok type: 0
(Thu Nov 17 11:30:06 2016) [sssd[pam]] [pam_print_data] (0x0100): priv: 1
(Thu Nov 17 11:30:06 2016) [sssd[pam]] [pam_print_data] (0x0100): cli_pid: 6611
(Thu Nov 17 11:30:06 2016) [sssd[pam]] [pam_print_data] (0x0100): logon name:
longina(a)n.c.domain
(Thu Nov 17 11:30:06 2016) [sssd[pam]] [sbus_add_timeout] (0x2000): 0x1fcd640
(Thu Nov 17 11:30:06 2016) [sssd[pam]] [pam_dom_forwarder] (0x0100): pam_dp_send_req
returned 0
(Thu Nov 17 11:30:06 2016) [sssd[pam]] [sbus_remove_timeout] (0x2000): 0x1fcd640
(Thu Nov 17 11:30:06 2016) [sssd[pam]] [sbus_dispatch] (0x4000): dbus conn: 0x1fcc1e0
(Thu Nov 17 11:30:06 2016) [sssd[pam]] [sbus_dispatch] (0x4000): Dispatching.
(Thu Nov 17 11:30:06 2016) [sssd[pam]] [pam_dp_process_reply] (0x0200): received: [0
(Success)][n.c.domain]
(Thu Nov 17 11:30:06 2016) [sssd[pam]] [pam_reply] (0x0200): pam_reply called with result
[0]: Success.
(Thu Nov 17 11:30:06 2016) [sssd[pam]] [pam_reply] (0x0200): blen: 29
(Thu Nov 17 11:30:06 2016) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for
client [0x1fd3fc0][19]
(Thu Nov 17 11:30:10 2016) [sssd[pam]] [pam_initgr_cache_remove] (0x2000):
[longina(a)n.c.domain] removed from PAM initgroup cache
(Thu Nov 17 11:30:12 2016) [sssd[pam]] [sbus_dispatch] (0x4000): dbus conn: 0x1fcfa30
(Thu Nov 17 11:30:12 2016) [sssd[pam]] [sbus_dispatch] (0x4000): Dispatching.
(Thu Nov 17 11:30:12 2016) [sssd[pam]] [sbus_message_handler] (0x2000): Received SBUS
method org.freedesktop.sssd.service.ping on path /org/freedesktop/sssd/service
(Thu Nov 17 11:30:12 2016) [sssd[pam]] [sbus_get_sender_id_send] (0x2000): Not a sysbus
message, quit
(Thu Nov 17 11:30:22 2016) [sssd[pam]] [sbus_dispatch] (0x4000): dbus conn: 0x1fcfa30
(Thu Nov 17 11:30:22 2016) [sssd[pam]] [sbus_dispatch] (0x4000): Dispatching.
(Thu Nov 17 11:30:22 2016) [sssd[pam]] [sbus_message_handler] (0x2000): Received SBUS
method org.freedesktop.sssd.service.ping on path /org/freedesktop/sssd/service
(Thu Nov 17 11:30:22 2016) [sssd[pam]] [sbus_get_sender_id_send] (0x2000): Not a sysbus
message, quit
(Thu Nov 17 11:30:32 2016) [sssd[pam]] [sbus_dispatch] (0x4000): dbus conn: 0x1fcfa30
(Thu Nov 17 11:30:32 2016) [sssd[pam]] [sbus_dispatch] (0x4000): Dispatching.
(Thu Nov 17 11:30:32 2016) [sssd[pam]] [sbus_message_handler] (0x2000): Received SBUS
method org.freedesktop.sssd.service.ping on path /org/freedesktop/sssd/service
(Thu Nov 17 11:30:32 2016) [sssd[pam]] [sbus_get_sender_id_send] (0x2000): Not a sysbus
message, quit
(Thu Nov 17 11:30:42 2016) [sssd[pam]] [sbus_dispatch] (0x4000): dbus conn: 0x1fcfa30
(Thu Nov 17 11:30:42 2016) [sssd[pam]] [sbus_dispatch] (0x4000): Dispatching.
(Thu Nov 17 11:30:42 2016) [sssd[pam]] [sbus_message_handler] (0x2000): Received SBUS
method org.freedesktop.sssd.service.ping on path /org/freedesktop/sssd/service
(Thu Nov 17 11:30:42 2016) [sssd[pam]] [sbus_get_sender_id_send] (0x2000): Not a sysbus
message, quit
(Thu Nov 17 11:30:52 2016) [sssd[pam]] [sbus_dispatch] (0x4000): dbus conn: 0x1fcfa30
(Thu Nov 17 11:30:52 2016) [sssd[pam]] [sbus_dispatch] (0x4000): Dispatching.
(Thu Nov 17 11:30:52 2016) [sssd[pam]] [sbus_message_handler] (0x2000): Received SBUS
method org.freedesktop.sssd.service.ping on path /org/freedesktop/sssd/service
(Thu Nov 17 11:30:52 2016) [sssd[pam]] [sbus_get_sender_id_send] (0x2000): Not a sysbus
message, quit
(Thu Nov 17 11:30:53 2016) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for
client [0x1fd3fc0][19]
(Thu Nov 17 11:30:53 2016) [sssd[pam]] [pam_cmd_close_session] (0x0100): entering
pam_cmd_close_session
(Thu Nov 17 11:30:53 2016) [sssd[pam]] [sss_parse_name_for_domains] (0x0200): name
'longina(a)n.c.domain' matched expression for domain 'n.c.domain', user is
longina
(Thu Nov 17 11:30:53 2016) [sssd[pam]] [pam_print_data] (0x0100): command:
SSS_PAM_CLOSE_SESSION
(Thu Nov 17 11:30:53 2016) [sssd[pam]] [pam_print_data] (0x0100): domain: n.c.domain
(Thu Nov 17 11:30:53 2016) [sssd[pam]] [pam_print_data] (0x0100): user: longina
(Thu Nov 17 11:30:53 2016) [sssd[pam]] [pam_print_data] (0x0100): service: su
(Thu Nov 17 11:30:53 2016) [sssd[pam]] [pam_print_data] (0x0100): tty: /dev/pts/19
(Thu Nov 17 11:30:53 2016) [sssd[pam]] [pam_print_data] (0x0100): ruser: root
(Thu Nov 17 11:30:53 2016) [sssd[pam]] [pam_print_data] (0x0100): rhost: not set
(Thu Nov 17 11:30:53 2016) [sssd[pam]] [pam_print_data] (0x0100): authtok type: 0
(Thu Nov 17 11:30:53 2016) [sssd[pam]] [pam_print_data] (0x0100): newauthtok type: 0
(Thu Nov 17 11:30:53 2016) [sssd[pam]] [pam_print_data] (0x0100): priv: 1
(Thu Nov 17 11:30:53 2016) [sssd[pam]] [pam_print_data] (0x0100): cli_pid: 6611
(Thu Nov 17 11:30:53 2016) [sssd[pam]] [pam_print_data] (0x0100): logon name:
longina(a)n.c.domain
(Thu Nov 17 11:30:53 2016) [sssd[pam]] [sss_ncache_check_str] (0x2000): Checking negative
cache for [NCE/USER/n.c.domain/longina]
(Thu Nov 17 11:30:53 2016) [sssd[pam]] [pam_initgr_check_timeout] (0x4000): User
[longina(a)n.c.domain] not found in PAM cache.
(Thu Nov 17 11:30:53 2016) [sssd[pam]] [sss_dp_issue_request] (0x0400): Issuing request
for [0x410090:3:longina@n.c.domain]
(Thu Nov 17 11:30:53 2016) [sssd[pam]] [sss_dp_get_account_msg] (0x0400): Creating request
for [n.c.domain][0x3][BE_REQ_INITGROUPS][1][name=longina]
(Thu Nov 17 11:30:53 2016) [sssd[pam]] [sbus_add_timeout] (0x2000): 0x1fcd6d0
(Thu Nov 17 11:30:53 2016) [sssd[pam]] [sss_dp_internal_get_send] (0x0400): Entering
request [0x410090:3:longina@n.c.domain]
(Thu Nov 17 11:30:53 2016) [sssd[pam]] [sbus_remove_timeout] (0x2000): 0x1fcd6d0
(Thu Nov 17 11:30:53 2016) [sssd[pam]] [sbus_dispatch] (0x4000): dbus conn: 0x1fcc1e0
(Thu Nov 17 11:30:53 2016) [sssd[pam]] [sbus_dispatch] (0x4000): Dispatching.
(Thu Nov 17 11:30:53 2016) [sssd[pam]] [sss_dp_get_reply] (0x1000): Got reply from Data
Provider - DP error code: 0 errno: 0 error message: Success
(Thu Nov 17 11:30:53 2016) [sssd[pam]] [pam_check_user_search] (0x0100): Requesting info
for [longina(a)n.c.domain]
(Thu Nov 17 11:30:53 2016) [sssd[pam]] [ldb] (0x4000): Added timed event
"ltdb_callback": 0x1fd07d0
(Thu Nov 17 11:30:53 2016) [sssd[pam]] [ldb] (0x4000): Added timed event
"ltdb_timeout": 0x1fd0890
(Thu Nov 17 11:30:53 2016) [sssd[pam]] [ldb] (0x4000): Running timer event 0x1fd07d0
"ltdb_callback"
(Thu Nov 17 11:30:53 2016) [sssd[pam]] [ldb] (0x4000): Destroying timer event 0x1fd0890
"ltdb_timeout"
(Thu Nov 17 11:30:53 2016) [sssd[pam]] [ldb] (0x4000): Ending timer event 0x1fd07d0
"ltdb_callback"
(Thu Nov 17 11:30:53 2016) [sssd[pam]] [pam_check_user_search] (0x0400): Returning info
for user [longina(a)n.c.domain]
(Thu Nov 17 11:30:53 2016) [sssd[pam]] [pd_set_primary_name] (0x0400): User's primary
name is longina(a)n.c.domain
(Thu Nov 17 11:30:53 2016) [sssd[pam]] [pam_initgr_cache_set] (0x2000):
[longina(a)n.c.domain] added to PAM initgroup cache
(Thu Nov 17 11:30:53 2016) [sssd[pam]] [pam_dp_send_req] (0x0100): Sending request with
the following data:
(Thu Nov 17 11:30:53 2016) [sssd[pam]] [pam_print_data] (0x0100): command:
SSS_PAM_CLOSE_SESSION
(Thu Nov 17 11:30:53 2016) [sssd[pam]] [pam_print_data] (0x0100): domain: n.c.domain
(Thu Nov 17 11:30:53 2016) [sssd[pam]] [pam_print_data] (0x0100): user:
longina(a)n.c.domain
(Thu Nov 17 11:30:53 2016) [sssd[pam]] [pam_print_data] (0x0100): service: su
(Thu Nov 17 11:30:53 2016) [sssd[pam]] [pam_print_data] (0x0100): tty: /dev/pts/19
(Thu Nov 17 11:30:53 2016) [sssd[pam]] [pam_print_data] (0x0100): ruser: root
(Thu Nov 17 11:30:53 2016) [sssd[pam]] [pam_print_data] (0x0100): rhost: not set
(Thu Nov 17 11:30:53 2016) [sssd[pam]] [pam_print_data] (0x0100): authtok type: 0
(Thu Nov 17 11:30:53 2016) [sssd[pam]] [pam_print_data] (0x0100): newauthtok type: 0
(Thu Nov 17 11:30:53 2016) [sssd[pam]] [pam_print_data] (0x0100): priv: 1
(Thu Nov 17 11:30:53 2016) [sssd[pam]] [pam_print_data] (0x0100): cli_pid: 6611
(Thu Nov 17 11:30:53 2016) [sssd[pam]] [pam_print_data] (0x0100): logon name:
longina(a)n.c.domain
(Thu Nov 17 11:30:53 2016) [sssd[pam]] [sbus_add_timeout] (0x2000): 0x1fcbd80
(Thu Nov 17 11:30:53 2016) [sssd[pam]] [pam_dom_forwarder] (0x0100): pam_dp_send_req
returned 0
(Thu Nov 17 11:30:53 2016) [sssd[pam]] [sss_dp_req_destructor] (0x0400): Deleting request:
[0x410090:3:longina@n.c.domain]
(Thu Nov 17 11:30:53 2016) [sssd[pam]] [sbus_remove_timeout] (0x2000): 0x1fcbd80
(Thu Nov 17 11:30:53 2016) [sssd[pam]] [sbus_dispatch] (0x4000): dbus conn: 0x1fcc1e0
(Thu Nov 17 11:30:53 2016) [sssd[pam]] [sbus_dispatch] (0x4000): Dispatching.
(Thu Nov 17 11:30:53 2016) [sssd[pam]] [pam_dp_process_reply] (0x0200): received: [0
(Success)][n.c.domain]
(Thu Nov 17 11:30:53 2016) [sssd[pam]] [pam_reply] (0x0200): pam_reply called with result
[0]: Success.
(Thu Nov 17 11:30:53 2016) [sssd[pam]] [pam_reply] (0x0200): blen: 29
(Thu Nov 17 11:30:53 2016) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for
client [0x1fd3fc0][19]
(Thu Nov 17 11:30:53 2016) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for
client [0x1fd3fc0][19]
(Thu Nov 17 11:30:53 2016) [sssd[pam]] [client_recv] (0x0200): Client disconnected!
(Thu Nov 17 11:30:53 2016) [sssd[pam]] [client_destructor] (0x2000): Terminated client
[0x1fd3fc0][19]
(Thu Nov 17 11:30:58 2016) [sssd[pam]] [pam_initgr_cache_remove] (0x2000):
[longina(a)n.c.domain] removed from PAM initgroup cache
(Thu Nov 17 11:30:59 2016) [sssd[pam]] [get_client_cred] (0x4000): Client creds: euid[0]
egid[0] pid[1717].
(Thu Nov 17 11:30:59 2016) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for
client [0x1fd3fc0][19]
(Thu Nov 17 11:30:59 2016) [sssd[pam]] [accept_fd_handler] (0x0400): Client connected to
privileged pipe!
(Thu Nov 17 11:30:59 2016) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for
client [0x1fd3fc0][19]
(Thu Nov 17 11:30:59 2016) [sssd[pam]] [sss_cmd_get_version] (0x0200): Received client
version [3].
(Thu Nov 17 11:30:59 2016) [sssd[pam]] [sss_cmd_get_version] (0x0200): Offered version
[3].
(Thu Nov 17 11:30:59 2016) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for
client [0x1fd3fc0][19]
(Thu Nov 17 11:30:59 2016) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for
client [0x1fd3fc0][19]
(Thu Nov 17 11:30:59 2016) [sssd[pam]] [pam_cmd_close_session] (0x0100): entering
pam_cmd_close_session
(Thu Nov 17 11:30:59 2016) [sssd[pam]] [sss_parse_name_for_domains] (0x0200): name
'alongina' matched without domain, user is alongina
(Thu Nov 17 11:30:59 2016) [sssd[pam]] [pam_print_data] (0x0100): command:
SSS_PAM_CLOSE_SESSION
(Thu Nov 17 11:30:59 2016) [sssd[pam]] [pam_print_data] (0x0100): domain: not set
(Thu Nov 17 11:30:59 2016) [sssd[pam]] [pam_print_data] (0x0100): user: alongina
(Thu Nov 17 11:30:59 2016) [sssd[pam]] [pam_print_data] (0x0100): service: lightdm
(Thu Nov 17 11:30:59 2016) [sssd[pam]] [pam_print_data] (0x0100): tty: :0
(Thu Nov 17 11:30:59 2016) [sssd[pam]] [pam_print_data] (0x0100): ruser: not set
(Thu Nov 17 11:30:59 2016) [sssd[pam]] [pam_print_data] (0x0100): rhost: not set
(Thu Nov 17 11:30:59 2016) [sssd[pam]] [pam_print_data] (0x0100): authtok type: 0
(Thu Nov 17 11:30:59 2016) [sssd[pam]] [pam_print_data] (0x0100): newauthtok type: 0
(Thu Nov 17 11:30:59 2016) [sssd[pam]] [pam_print_data] (0x0100): priv: 1
(Thu Nov 17 11:30:59 2016) [sssd[pam]] [pam_print_data] (0x0100): cli_pid: 1717
(Thu Nov 17 11:30:59 2016) [sssd[pam]] [pam_print_data] (0x0100): logon name: alongina
(Thu Nov 17 11:30:59 2016) [sssd[pam]] [pam_reply] (0x0200): pam_reply called with result
[10]: User not known to the underlying authentication module.
(Thu Nov 17 11:30:59 2016) [sssd[pam]] [pam_reply] (0x0200): blen: 8
Is it a typo?
because the user "alongina" was not recognized as a sssd user.
Therefore there is a pam error "User not known to the underlying authentication
module"
Different user was used in previous pam actions "longina(a)n.c.domain"
(Thu Nov 17 11:30:59 2016) [sssd[pam]] [reset_idle_timer] (0x4000):
Idle timer re-set for client [0x1fd3fc0][19]
(Thu Nov 17 11:30:59 2016) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for
client [0x1fd3fc0][19]
(Thu Nov 17 11:30:59 2016) [sssd[pam]] [client_recv] (0x0200): Client disconnected!
(Thu Nov 17 11:30:59 2016) [sssd[pam]] [client_destructor] (0x2000): Terminated client
[0x1fd3fc0][19]
(Thu Nov 17 11:31:00 2016) [sssd[pam]] [get_client_cred] (0x4000): Client creds: euid[0]
egid[0] pid[6669].
(Thu Nov 17 11:31:00 2016) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for
client [0x1fd3fc0][19]
(Thu Nov 17 11:31:00 2016) [sssd[pam]] [accept_fd_handler] (0x0400): Client connected to
privileged pipe!
(Thu Nov 17 11:31:00 2016) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for
client [0x1fd3fc0][19]
(Thu Nov 17 11:31:00 2016) [sssd[pam]] [sss_cmd_get_version] (0x0200): Received client
version [3].
(Thu Nov 17 11:31:00 2016) [sssd[pam]] [sss_cmd_get_version] (0x0200): Offered version
[3].
(Thu Nov 17 11:31:00 2016) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for
client [0x1fd3fc0][19]
(Thu Nov 17 11:31:00 2016) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for
client [0x1fd3fc0][19]
(Thu Nov 17 11:31:00 2016) [sssd[pam]] [pam_cmd_open_session] (0x0100): entering
pam_cmd_open_session
(Thu Nov 17 11:31:00 2016) [sssd[pam]] [sss_parse_name_for_domains] (0x0200): name
'lightdm' matched without domain, user is lightdm
(Thu Nov 17 11:31:00 2016) [sssd[pam]] [pam_print_data] (0x0100): command:
SSS_PAM_OPEN_SESSION
(Thu Nov 17 11:31:00 2016) [sssd[pam]] [pam_print_data] (0x0100): domain: not set
(Thu Nov 17 11:31:00 2016) [sssd[pam]] [pam_print_data] (0x0100): user: lightdm
(Thu Nov 17 11:31:00 2016) [sssd[pam]] [pam_print_data] (0x0100): service:
lightdm-greeter
(Thu Nov 17 11:31:00 2016) [sssd[pam]] [pam_print_data] (0x0100): tty: :0
(Thu Nov 17 11:31:00 2016) [sssd[pam]] [pam_print_data] (0x0100): ruser: not set
(Thu Nov 17 11:31:00 2016) [sssd[pam]] [pam_print_data] (0x0100): rhost: not set
(Thu Nov 17 11:31:00 2016) [sssd[pam]] [pam_print_data] (0x0100): authtok type: 0
(Thu Nov 17 11:31:00 2016) [sssd[pam]] [pam_print_data] (0x0100): newauthtok type: 0
(Thu Nov 17 11:31:00 2016) [sssd[pam]] [pam_print_data] (0x0100): priv: 1
(Thu Nov 17 11:31:00 2016) [sssd[pam]] [pam_print_data] (0x0100): cli_pid: 6669
(Thu Nov 17 11:31:00 2016) [sssd[pam]] [pam_print_data] (0x0100): logon name: lightdm
(Thu Nov 17 11:31:00 2016) [sssd[pam]] [pam_reply] (0x0200): pam_reply called with result
[10]: User not known to the underlying authentication module.
I think it is expected
user lightdm is not handled by sssd.
So I am not sure wheter it could cause a problem.
The only problem could be caused by gpo and that service "lightdm-greeter"
is not allowed by default.
LS