On 8 Oct 2018, at 15:29, Ondrej Valousek <Ondrej.Valousek(a)s3group.com&gt; wrote: Hi List, Seems like sssd fails to start when I enable infopipe (i.e. add “ifp” to the services list). Log says: (Mon Oct 8 14:18:08 2018) [sssd[ifp]] [sysbus_init] (0x0020): Unable to request name on the system bus: [Connection ":1.33273" is not allowed to own the service "org.freedesktop.sssd.infopipe" due to security policies in the configuration file] (Mon Oct 8 14:18:08 2018) [sssd[ifp]] [sysbus_init] (0x0040): DBus error message: Connection ":1.33273" is not allowed to own the service "org.freedesktop.sssd.infopipe" due to security policies in the configuration file (Mon Oct 8 14:18:08 2018) [sssd[ifp]] [ifp_process_init] (0x0020): Failed to connect to the system message bus This is Centos-7, all updates applied, i.e. dbus-1.10.24, sssd-1.16.0-19.el7 Thanks, Ondrej ----- The information contained in this e-mail and in any attachments is confidential and is designated solely for the attention of the intended recipient(s). If you are not an intended recipient, you must not use, disclose, copy, distribute or retain this e-mail or any part thereof. If you have received this e-mail in error, please notify the sender by return e-mail and delete all copies of this e-mail from your computer system(s). Please direct any additional queries to: communications(a)s3group.com. Thank You. Silicon and Software Systems Limited (S3 Group). Registered in Ireland no. 378073. Registered Office: South County Business Park, Leopardstown, Dublin 18. _______________________________________________ sssd-users mailing list -- sssd-users(a)lists.fedorahosted.org To unsubscribe send an email to sssd-users-leave(a)lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahoste...

On 8 Oct 2018, at 15:29, Ondrej Valousek <Ondrej.Valousek(a)s3group.com&gt; wrote: Hi List, Seems like sssd fails to start when I enable infopipe (i.e. add “ifp” to the services list). Log says: (Mon Oct 8 14:18:08 2018) [sssd[ifp]] [sysbus_init] (0x0020): Unable to request name on the system bus: [Connection ":1.33273" is not allowed to own the service "org.freedesktop.sssd.infopipe" due to security policies in the configuration file] (Mon Oct 8 14:18:08 2018) [sssd[ifp]] [sysbus_init] (0x0040): DBus error message: Connection ":1.33273" is not allowed to own the service "org.freedesktop.sssd.infopipe" due to security policies in the configuration file (Mon Oct 8 14:18:08 2018) [sssd[ifp]] [ifp_process_init] (0x0020): Failed to connect to the system message bus This is Centos-7, all updates applied, i.e. dbus-1.10.24, sssd-1.16.0-19.el7 Thanks, Ondrej ----- The information contained in this e-mail and in any attachments is confidential and is designated solely for the attention of the intended recipient(s). If you are not an intended recipient, you must not use, disclose, copy, distribute or retain this e-mail or any part thereof. If you have received this e-mail in error, please notify the sender by return e-mail and delete all copies of this e-mail from your computer system(s). Please direct any additional queries to: communications(a)s3group.com. Thank You. Silicon and Software Systems Limited (S3 Group). Registered in Ireland no. 378073. Registered Office: South County Business Park, Leopardstown, Dublin 18. _______________________________________________ sssd-users mailing list -- sssd-users(a)lists.fedorahosted.org To unsubscribe send an email to sssd-users-leave(a)lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedoraho sted.org

On 9 Oct 2018, at 10:27, Ondrej Valousek <Ondrej.Valousek(a)s3group.com&gt; wrote: Ok, obviously this error message does not appear when using SystemD, therefore I try to start it as root interactively, i.e. # /usr/sbin/sssd -i -----Original Message----- From: Ondrej Valousek [mailto:Ondrej.Valousek@s3group.com] Sent: Tuesday, October 09, 2018 10:25 AM To: End-user discussions about the System Security Services Daemon <sssd-users(a)lists.fedorahosted.org&gt; Subject: [SSSD-users] Re: sssd fails to start when I enable [ifp] Hi, As root, i.e. "systemctl start sssd" Ondrej -----Original Message----- From: Jakub Hrozek [mailto:jhrozek@redhat.com] Sent: Tuesday, October 09, 2018 10:24 AM To: End-user discussions about the System Security Services Daemon <sssd-users(a)lists.fedorahosted.org&gt; Subject: [SSSD-users] Re: sssd fails to start when I enable [ifp] Do you run sssd as root or the unprivileged sssd user? > On 8 Oct 2018, at 15:29, Ondrej Valousek <Ondrej.Valousek(a)s3group.com&gt; wrote: > > Hi List, > Seems like sssd fails to start when I enable infopipe (i.e. add “ifp” to the services list). > Log says: > (Mon Oct 8 14:18:08 2018) [sssd[ifp]] [sysbus_init] (0x0020): Unable > to request name on the system bus: [Connection ":1.33273" is not > allowed to own the service "org.freedesktop.sssd.infopipe" due to > security policies in the configuration file] (Mon Oct 8 14:18:08 > 2018) [sssd[ifp]] [sysbus_init] (0x0040): DBus error message: > Connection ":1.33273" is not allowed to own the service > "org.freedesktop.sssd.infopipe" due to security policies in the > configuration file (Mon Oct 8 14:18:08 2018) [sssd[ifp]] > [ifp_process_init] (0x0020): Failed to connect to the system message > bus > > This is Centos-7, all updates applied, i.e. dbus-1.10.24, > sssd-1.16.0-19.el7 > > Thanks, > Ondrej > ----- > > The information contained in this e-mail and in any attachments is confidential and is designated solely for the attention of the intended recipient(s). If you are not an intended recipient, you must not use, disclose, copy, distribute or retain this e-mail or any part thereof. If you have received this e-mail in error, please notify the sender by return e-mail and delete all copies of this e-mail from your computer system(s). Please direct any additional queries to: > communications(a)s3group.com. Thank You. Silicon and Software Systems Limited (S3 Group). Registered in Ireland no. 378073. Registered Office: South County Business Park, Leopardstown, Dublin 18. > _______________________________________________ > sssd-users mailing list -- sssd-users(a)lists.fedorahosted.org To > unsubscribe send an email to sssd-users-leave(a)lists.fedorahosted.org > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html > List Guidelines: > https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorah > o > sted.org _______________________________________________ sssd-users mailing list -- sssd-users(a)lists.fedorahosted.org To unsubscribe send an email to sssd-users-leave(a)lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedoraho sted.org ----- The information contained in this e-mail and in any attachments is confidential and is designated solely for the attention of the intended recipient(s). If you are not an intended recipient, you must not use, disclose, copy, distribute or retain this e-mail or any part thereof. If you have received this e-mail in error, please notify the sender by return e-mail and delete all copies of this e-mail from your computer system(s). Please direct any additional queries to: communications(a)s3group.com. Thank You. Silicon and Software Systems Limited (S3 Group). Registered in Ireland no. 378073. Registered Office: South County Business Park, Leopardstown, Dublin 18. _______________________________________________ sssd-users mailing list -- sssd-users(a)lists.fedorahosted.org To unsubscribe send an email to sssd-users-leave(a)lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedoraho sted.org ----- The information contained in this e-mail and in any attachments is confidential and is designated solely for the attention of the intended recipient(s). If you are not an intended recipient, you must not use, disclose, copy, distribute or retain this e-mail or any part thereof. If you have received this e-mail in error, please notify the sender by return e-mail and delete all copies of this e-mail from your computer system(s). Please direct any additional queries to: communications(a)s3group.com. Thank You. Silicon and Software Systems Limited (S3 Group). Registered in Ireland no. 378073. Registered Office: South County Business Park, Leopardstown, Dublin 18. _______________________________________________ sssd-users mailing list -- sssd-users(a)lists.fedorahosted.org To unsubscribe send an email to sssd-users-leave(a)lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedoraho sted.org

Ok I know what is going on. Sssd-dbus package is necessary accessory for the InfoPipe. So if you need InfoPipe, you need to install sssd-dbus (not installed by default). Fine, but nobody told me that once you install this package, you are also expected to restart dbus service. I guess this needs a bit polishing...

Ondrej -----Original Message----- From: Ondrej Valousek [mailto:Ondrej.Valousek@s3group.com] Sent: Tuesday, October 09, 2018 10:56 AM To: End-user discussions about the System Security Services Daemon <sssd-users(a)lists.fedorahosted.org&gt; Subject: [SSSD-users] Re: sssd fails to start when I enable [ifp] The same error I receive when I try to start the ifp service manually: # /usr/libexec/sssd/sssd_ifp --uid 0 --gid 0 --dbus-activated --logger=stderr ... (Tue Oct 9 09:53:40 2018) [sssd[ifp]] [parse_attr_list_ex] (0x2000): Added allowed attr sn to whitelist (Tue Oct 9 09:53:40 2018) [sssd[ifp]] [parse_attr_list_ex] (0x2000): Added default attr name to whitelist (Tue Oct 9 09:53:40 2018) [sssd[ifp]] [parse_attr_list_ex] (0x2000): Added default attr uidNumber to whitelist (Tue Oct 9 09:53:40 2018) [sssd[ifp]] [parse_attr_list_ex] (0x2000): Added default attr gidNumber to whitelist (Tue Oct 9 09:53:40 2018) [sssd[ifp]] [parse_attr_list_ex] (0x2000): Added default attr gecos to whitelist (Tue Oct 9 09:53:40 2018) [sssd[ifp]] [parse_attr_list_ex] (0x2000): Added default attr homeDirectory to whitelist (Tue Oct 9 09:53:40 2018) [sssd[ifp]] [parse_attr_list_ex] (0x2000): Added default attr loginShell to whitelist (Tue Oct 9 09:53:40 2018) [sssd[ifp]] [parse_attr_list_ex] (0x2000): Added default attr groups to whitelist (Tue Oct 9 09:53:40 2018) [sssd[ifp]] [parse_attr_list_ex] (0x2000): Added default attr domain to whitelist (Tue Oct 9 09:53:40 2018) [sssd[ifp]] [parse_attr_list_ex] (0x2000): Added default attr domainname to whitelist (Tue Oct 9 09:53:40 2018) [sssd[ifp]] [sysbus_init] (0x0020): Unable to request name on the system bus: [Connection ":1.33561" is not allowed to own the service "org.freedesktop.sssd.infopipe" due to security policies in the configuration file] (Tue Oct 9 09:53:40 2018) [sssd[ifp]] [sysbus_init] (0x0040): DBus error message: Connection ":1.33561" is not allowed to own the service "org.freedesktop.sssd.infopipe" due to security policies in the configuration file (Tue Oct 9 09:53:40 2018) [sssd[ifp]] [ifp_process_init] (0x0020): Failed to connect to the system message bus (Tue Oct 9 09:53:40 2018) [sssd[ifp]] [sss_responder_ctx_destructor] (0x0400): Responder is being shut down -----Original Message----- From: Jakub Hrozek [mailto:jhrozek@redhat.com] Sent: Tuesday, October 09, 2018 10:29 AM To: End-user discussions about the System Security Services Daemon <sssd-users(a)lists.fedorahosted.org&gt; Cc: Pavel Březina <pbrezina(a)redhat.com&gt; Subject: [SSSD-users] Re: sssd fails to start when I enable [ifp] Interesting..Pavel, do you have some idea? > On 9 Oct 2018, at 10:27, Ondrej Valousek <Ondrej.Valousek(a)s3group.com&gt; wrote: > > Ok, obviously this error message does not appear when using SystemD, therefore I try to start it as root interactively, i.e. > # /usr/sbin/sssd -i > > -----Original Message----- > From: Ondrej Valousek [mailto:Ondrej.Valousek@s3group.com] > Sent: Tuesday, October 09, 2018 10:25 AM > To: End-user discussions about the System Security Services Daemon > <sssd-users(a)lists.fedorahosted.org&gt; > Subject: [SSSD-users] Re: sssd fails to start when I enable [ifp] > > Hi, > As root, i.e. "systemctl start sssd" > Ondrej > > -----Original Message----- > From: Jakub Hrozek [mailto:jhrozek@redhat.com] > Sent: Tuesday, October 09, 2018 10:24 AM > To: End-user discussions about the System Security Services Daemon > <sssd-users(a)lists.fedorahosted.org&gt; > Subject: [SSSD-users] Re: sssd fails to start when I enable [ifp] > > Do you run sssd as root or the unprivileged sssd user? > >> On 8 Oct 2018, at 15:29, Ondrej Valousek <Ondrej.Valousek(a)s3group.com&gt; wrote: >> >> Hi List, >> Seems like sssd fails to start when I enable infopipe (i.e. add “ifp” to the services list). >> Log says: >> (Mon Oct 8 14:18:08 2018) [sssd[ifp]] [sysbus_init] (0x0020): Unable >> to request name on the system bus: [Connection ":1.33273" is not >> allowed to own the service "org.freedesktop.sssd.infopipe" due to >> security policies in the configuration file] (Mon Oct 8 14:18:08 >> 2018) [sssd[ifp]] [sysbus_init] (0x0040): DBus error message: >> Connection ":1.33273" is not allowed to own the service >> "org.freedesktop.sssd.infopipe" due to security policies in the >> configuration file (Mon Oct 8 14:18:08 2018) [sssd[ifp]] >> [ifp_process_init] (0x0020): Failed to connect to the system message >> bus >> >> This is Centos-7, all updates applied, i.e. dbus-1.10.24, >> sssd-1.16.0-19.el7 >> >> Thanks, >> Ondrej >> ----- >> >> The information contained in this e-mail and in any attachments is confidential and is designated solely for the attention of the intended recipient(s). If you are not an intended recipient, you must not use, disclose, copy, distribute or retain this e-mail or any part thereof. If you have received this e-mail in error, please notify the sender by return e-mail and delete all copies of this e-mail from your computer system(s). Please direct any additional queries to: >> communications(a)s3group.com. Thank You. Silicon and Software Systems Limited (S3 Group). Registered in Ireland no. 378073. Registered Office: South County Business Park, Leopardstown, Dublin 18. >> _______________________________________________ >> sssd-users mailing list -- sssd-users(a)lists.fedorahosted.org To >> unsubscribe send an email to sssd-users-leave(a)lists.fedorahosted.org >> Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html >> List Guidelines: >> https://fedoraproject.org/wiki/Mailing_list_guidelines >> List Archives: >> https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorah >> o >> sted.org > _______________________________________________ > sssd-users mailing list -- sssd-users(a)lists.fedorahosted.org To > unsubscribe send an email to sssd-users-leave(a)lists.fedorahosted.org > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html > List Guidelines: > https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedoraho > sted.org > > ----- > > The information contained in this e-mail and in any attachments is confidential and is designated solely for the attention of the intended recipient(s). If you are not an intended recipient, you must not use, disclose, copy, distribute or retain this e-mail or any part thereof. If you have received this e-mail in error, please notify the sender by return e-mail and delete all copies of this e-mail from your computer system(s). Please direct any additional queries to: communications(a)s3group.com. Thank You. Silicon and Software Systems Limited (S3 Group). Registered in Ireland no. 378073. Registered Office: South County Business Park, Leopardstown, Dublin 18. > _______________________________________________ > sssd-users mailing list -- sssd-users(a)lists.fedorahosted.org To > unsubscribe send an email to sssd-users-leave(a)lists.fedorahosted.org > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html > List Guidelines: > https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedoraho > sted.org > > ----- > > The information contained in this e-mail and in any attachments is confidential and is designated solely for the attention of the intended recipient(s). If you are not an intended recipient, you must not use, disclose, copy, distribute or retain this e-mail or any part thereof. If you have received this e-mail in error, please notify the sender by return e-mail and delete all copies of this e-mail from your computer system(s). Please direct any additional queries to: communications(a)s3group.com. Thank You. Silicon and Software Systems Limited (S3 Group). Registered in Ireland no. 378073. Registered Office: South County Business Park, Leopardstown, Dublin 18. > _______________________________________________ > sssd-users mailing list -- sssd-users(a)lists.fedorahosted.org To > unsubscribe send an email to sssd-users-leave(a)lists.fedorahosted.org > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html > List Guidelines: > https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedoraho > sted.org _______________________________________________ sssd-users mailing list -- sssd-users(a)lists.fedorahosted.org To unsubscribe send an email to sssd-users-leave(a)lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahoste... ----- The information contained in this e-mail and in any attachments is confidential and is designated solely for the attention of the intended recipient(s). If you are not an intended recipient, you must not use, disclose, copy, distribute or retain this e-mail or any part thereof. If you have received this e-mail in error, please notify the sender by return e-mail and delete all copies of this e-mail from your computer system(s). Please direct any additional queries to: communications(a)s3group.com. Thank You. Silicon and Software Systems Limited (S3 Group). Registered in Ireland no. 378073. Registered Office: South County Business Park, Leopardstown, Dublin 18. _______________________________________________ sssd-users mailing list -- sssd-users(a)lists.fedorahosted.org To unsubscribe send an email to sssd-users-leave(a)lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahoste... ----- The information contained in this e-mail and in any attachments is confidential and is designated solely for the attention of the intended recipient(s). If you are not an intended recipient, you must not use, disclose, copy, distribute or retain this e-mail or any part thereof. If you have received this e-mail in error, please notify the sender by return e-mail and delete all copies of this e-mail from your computer system(s). Please direct any additional queries to: communications(a)s3group.com. Thank You. Silicon and Software Systems Limited (S3 Group). Registered in Ireland no. 378073. Registered Office: South County Business Park, Leopardstown, Dublin 18. _______________________________________________ sssd-users mailing list -- sssd-users(a)lists.fedorahosted.org To unsubscribe send an email to sssd-users-leave(a)lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahoste...