Hi List, Seems like sssd fails to start when I enable infopipe (i.e. add "ifp" to the services list). Log says: (Mon Oct 8 14:18:08 2018) [sssd[ifp]] [sysbus_init] (0x0020): Unable to request name on the system bus: [Connection ":1.33273" is not allowed to own the service "org.freedesktop.sssd.infopipe" due to security policies in the configuration file] (Mon Oct 8 14:18:08 2018) [sssd[ifp]] [sysbus_init] (0x0040): DBus error message: Connection ":1.33273" is not allowed to own the service "org.freedesktop.sssd.infopipe" due to security policies in the configuration file (Mon Oct 8 14:18:08 2018) [sssd[ifp]] [ifp_process_init] (0x0020): Failed to connect to the system message bus
This is Centos-7, all updates applied, i.e. dbus-1.10.24, sssd-1.16.0-19.el7
Thanks, Ondrej
-----
The information contained in this e-mail and in any attachments is confidential and is designated solely for the attention of the intended recipient(s). If you are not an intended recipient, you must not use, disclose, copy, distribute or retain this e-mail or any part thereof. If you have received this e-mail in error, please notify the sender by return e-mail and delete all copies of this e-mail from your computer system(s). Please direct any additional queries to: communications@s3group.com. Thank You. Silicon and Software Systems Limited (S3 Group). Registered in Ireland no. 378073. Registered Office: South County Business Park, Leopardstown, Dublin 18.
Do you run sssd as root or the unprivileged sssd user?
On 8 Oct 2018, at 15:29, Ondrej Valousek Ondrej.Valousek@s3group.com wrote:
Hi List, Seems like sssd fails to start when I enable infopipe (i.e. add “ifp” to the services list). Log says: (Mon Oct 8 14:18:08 2018) [sssd[ifp]] [sysbus_init] (0x0020): Unable to request name on the system bus: [Connection ":1.33273" is not allowed to own the service "org.freedesktop.sssd.infopipe" due to security policies in the configuration file] (Mon Oct 8 14:18:08 2018) [sssd[ifp]] [sysbus_init] (0x0040): DBus error message: Connection ":1.33273" is not allowed to own the service "org.freedesktop.sssd.infopipe" due to security policies in the configuration file (Mon Oct 8 14:18:08 2018) [sssd[ifp]] [ifp_process_init] (0x0020): Failed to connect to the system message bus
This is Centos-7, all updates applied, i.e. dbus-1.10.24, sssd-1.16.0-19.el7
Thanks, Ondrej
The information contained in this e-mail and in any attachments is confidential and is designated solely for the attention of the intended recipient(s). If you are not an intended recipient, you must not use, disclose, copy, distribute or retain this e-mail or any part thereof. If you have received this e-mail in error, please notify the sender by return e-mail and delete all copies of this e-mail from your computer system(s). Please direct any additional queries to: communications@s3group.com. Thank You. Silicon and Software Systems Limited (S3 Group). Registered in Ireland no. 378073. Registered Office: South County Business Park, Leopardstown, Dublin 18. _______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.o...
Hi, As root, i.e. "systemctl start sssd" Ondrej
-----Original Message----- From: Jakub Hrozek [mailto:jhrozek@redhat.com] Sent: Tuesday, October 09, 2018 10:24 AM To: End-user discussions about the System Security Services Daemon sssd-users@lists.fedorahosted.org Subject: [SSSD-users] Re: sssd fails to start when I enable [ifp]
Do you run sssd as root or the unprivileged sssd user?
On 8 Oct 2018, at 15:29, Ondrej Valousek Ondrej.Valousek@s3group.com wrote:
Hi List, Seems like sssd fails to start when I enable infopipe (i.e. add “ifp” to the services list). Log says: (Mon Oct 8 14:18:08 2018) [sssd[ifp]] [sysbus_init] (0x0020): Unable to request name on the system bus: [Connection ":1.33273" is not allowed to own the service "org.freedesktop.sssd.infopipe" due to security policies in the configuration file] (Mon Oct 8 14:18:08 2018) [sssd[ifp]] [sysbus_init] (0x0040): DBus error message: Connection ":1.33273" is not allowed to own the service "org.freedesktop.sssd.infopipe" due to security policies in the configuration file (Mon Oct 8 14:18:08 2018) [sssd[ifp]] [ifp_process_init] (0x0020): Failed to connect to the system message bus
This is Centos-7, all updates applied, i.e. dbus-1.10.24, sssd-1.16.0-19.el7
Thanks, Ondrej
The information contained in this e-mail and in any attachments is confidential and is designated solely for the attention of the intended recipient(s). If you are not an intended recipient, you must not use, disclose, copy, distribute or retain this e-mail or any part thereof. If you have received this e-mail in error, please notify the sender by return e-mail and delete all copies of this e-mail from your computer system(s). Please direct any additional queries to: communications@s3group.com. Thank You. Silicon and Software Systems Limited (S3 Group). Registered in Ireland no. 378073. Registered Office: South County Business Park, Leopardstown, Dublin 18. _______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedoraho sted.org
_______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.o...
-----
The information contained in this e-mail and in any attachments is confidential and is designated solely for the attention of the intended recipient(s). If you are not an intended recipient, you must not use, disclose, copy, distribute or retain this e-mail or any part thereof. If you have received this e-mail in error, please notify the sender by return e-mail and delete all copies of this e-mail from your computer system(s). Please direct any additional queries to: communications@s3group.com. Thank You. Silicon and Software Systems Limited (S3 Group). Registered in Ireland no. 378073. Registered Office: South County Business Park, Leopardstown, Dublin 18.
Ok, obviously this error message does not appear when using SystemD, therefore I try to start it as root interactively, i.e. # /usr/sbin/sssd -i
-----Original Message----- From: Ondrej Valousek [mailto:Ondrej.Valousek@s3group.com] Sent: Tuesday, October 09, 2018 10:25 AM To: End-user discussions about the System Security Services Daemon sssd-users@lists.fedorahosted.org Subject: [SSSD-users] Re: sssd fails to start when I enable [ifp]
Hi, As root, i.e. "systemctl start sssd" Ondrej
-----Original Message----- From: Jakub Hrozek [mailto:jhrozek@redhat.com] Sent: Tuesday, October 09, 2018 10:24 AM To: End-user discussions about the System Security Services Daemon sssd-users@lists.fedorahosted.org Subject: [SSSD-users] Re: sssd fails to start when I enable [ifp]
Do you run sssd as root or the unprivileged sssd user?
On 8 Oct 2018, at 15:29, Ondrej Valousek Ondrej.Valousek@s3group.com wrote:
Hi List, Seems like sssd fails to start when I enable infopipe (i.e. add “ifp” to the services list). Log says: (Mon Oct 8 14:18:08 2018) [sssd[ifp]] [sysbus_init] (0x0020): Unable to request name on the system bus: [Connection ":1.33273" is not allowed to own the service "org.freedesktop.sssd.infopipe" due to security policies in the configuration file] (Mon Oct 8 14:18:08 2018) [sssd[ifp]] [sysbus_init] (0x0040): DBus error message: Connection ":1.33273" is not allowed to own the service "org.freedesktop.sssd.infopipe" due to security policies in the configuration file (Mon Oct 8 14:18:08 2018) [sssd[ifp]] [ifp_process_init] (0x0020): Failed to connect to the system message bus
This is Centos-7, all updates applied, i.e. dbus-1.10.24, sssd-1.16.0-19.el7
Thanks, Ondrej
The information contained in this e-mail and in any attachments is confidential and is designated solely for the attention of the intended recipient(s). If you are not an intended recipient, you must not use, disclose, copy, distribute or retain this e-mail or any part thereof. If you have received this e-mail in error, please notify the sender by return e-mail and delete all copies of this e-mail from your computer system(s). Please direct any additional queries to: communications@s3group.com. Thank You. Silicon and Software Systems Limited (S3 Group). Registered in Ireland no. 378073. Registered Office: South County Business Park, Leopardstown, Dublin 18. _______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedoraho sted.org
_______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.o...
-----
The information contained in this e-mail and in any attachments is confidential and is designated solely for the attention of the intended recipient(s). If you are not an intended recipient, you must not use, disclose, copy, distribute or retain this e-mail or any part thereof. If you have received this e-mail in error, please notify the sender by return e-mail and delete all copies of this e-mail from your computer system(s). Please direct any additional queries to: communications@s3group.com. Thank You. Silicon and Software Systems Limited (S3 Group). Registered in Ireland no. 378073. Registered Office: South County Business Park, Leopardstown, Dublin 18. _______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.o...
-----
The information contained in this e-mail and in any attachments is confidential and is designated solely for the attention of the intended recipient(s). If you are not an intended recipient, you must not use, disclose, copy, distribute or retain this e-mail or any part thereof. If you have received this e-mail in error, please notify the sender by return e-mail and delete all copies of this e-mail from your computer system(s). Please direct any additional queries to: communications@s3group.com. Thank You. Silicon and Software Systems Limited (S3 Group). Registered in Ireland no. 378073. Registered Office: South County Business Park, Leopardstown, Dublin 18.
Interesting..Pavel, do you have some idea?
On 9 Oct 2018, at 10:27, Ondrej Valousek Ondrej.Valousek@s3group.com wrote:
Ok, obviously this error message does not appear when using SystemD, therefore I try to start it as root interactively, i.e. # /usr/sbin/sssd -i
-----Original Message----- From: Ondrej Valousek [mailto:Ondrej.Valousek@s3group.com] Sent: Tuesday, October 09, 2018 10:25 AM To: End-user discussions about the System Security Services Daemon sssd-users@lists.fedorahosted.org Subject: [SSSD-users] Re: sssd fails to start when I enable [ifp]
Hi, As root, i.e. "systemctl start sssd" Ondrej
-----Original Message----- From: Jakub Hrozek [mailto:jhrozek@redhat.com] Sent: Tuesday, October 09, 2018 10:24 AM To: End-user discussions about the System Security Services Daemon sssd-users@lists.fedorahosted.org Subject: [SSSD-users] Re: sssd fails to start when I enable [ifp]
Do you run sssd as root or the unprivileged sssd user?
On 8 Oct 2018, at 15:29, Ondrej Valousek Ondrej.Valousek@s3group.com wrote:
Hi List, Seems like sssd fails to start when I enable infopipe (i.e. add “ifp” to the services list). Log says: (Mon Oct 8 14:18:08 2018) [sssd[ifp]] [sysbus_init] (0x0020): Unable to request name on the system bus: [Connection ":1.33273" is not allowed to own the service "org.freedesktop.sssd.infopipe" due to security policies in the configuration file] (Mon Oct 8 14:18:08 2018) [sssd[ifp]] [sysbus_init] (0x0040): DBus error message: Connection ":1.33273" is not allowed to own the service "org.freedesktop.sssd.infopipe" due to security policies in the configuration file (Mon Oct 8 14:18:08 2018) [sssd[ifp]] [ifp_process_init] (0x0020): Failed to connect to the system message bus
This is Centos-7, all updates applied, i.e. dbus-1.10.24, sssd-1.16.0-19.el7
Thanks, Ondrej
The information contained in this e-mail and in any attachments is confidential and is designated solely for the attention of the intended recipient(s). If you are not an intended recipient, you must not use, disclose, copy, distribute or retain this e-mail or any part thereof. If you have received this e-mail in error, please notify the sender by return e-mail and delete all copies of this e-mail from your computer system(s). Please direct any additional queries to: communications@s3group.com. Thank You. Silicon and Software Systems Limited (S3 Group). Registered in Ireland no. 378073. Registered Office: South County Business Park, Leopardstown, Dublin 18. _______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedoraho sted.org
sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.o...
The information contained in this e-mail and in any attachments is confidential and is designated solely for the attention of the intended recipient(s). If you are not an intended recipient, you must not use, disclose, copy, distribute or retain this e-mail or any part thereof. If you have received this e-mail in error, please notify the sender by return e-mail and delete all copies of this e-mail from your computer system(s). Please direct any additional queries to: communications@s3group.com. Thank You. Silicon and Software Systems Limited (S3 Group). Registered in Ireland no. 378073. Registered Office: South County Business Park, Leopardstown, Dublin 18. _______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.o...
The information contained in this e-mail and in any attachments is confidential and is designated solely for the attention of the intended recipient(s). If you are not an intended recipient, you must not use, disclose, copy, distribute or retain this e-mail or any part thereof. If you have received this e-mail in error, please notify the sender by return e-mail and delete all copies of this e-mail from your computer system(s). Please direct any additional queries to: communications@s3group.com. Thank You. Silicon and Software Systems Limited (S3 Group). Registered in Ireland no. 378073. Registered Office: South County Business Park, Leopardstown, Dublin 18. _______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.o...
The same error I receive when I try to start the ifp service manually: # /usr/libexec/sssd/sssd_ifp --uid 0 --gid 0 --dbus-activated --logger=stderr ... (Tue Oct 9 09:53:40 2018) [sssd[ifp]] [parse_attr_list_ex] (0x2000): Added allowed attr sn to whitelist (Tue Oct 9 09:53:40 2018) [sssd[ifp]] [parse_attr_list_ex] (0x2000): Added default attr name to whitelist (Tue Oct 9 09:53:40 2018) [sssd[ifp]] [parse_attr_list_ex] (0x2000): Added default attr uidNumber to whitelist (Tue Oct 9 09:53:40 2018) [sssd[ifp]] [parse_attr_list_ex] (0x2000): Added default attr gidNumber to whitelist (Tue Oct 9 09:53:40 2018) [sssd[ifp]] [parse_attr_list_ex] (0x2000): Added default attr gecos to whitelist (Tue Oct 9 09:53:40 2018) [sssd[ifp]] [parse_attr_list_ex] (0x2000): Added default attr homeDirectory to whitelist (Tue Oct 9 09:53:40 2018) [sssd[ifp]] [parse_attr_list_ex] (0x2000): Added default attr loginShell to whitelist (Tue Oct 9 09:53:40 2018) [sssd[ifp]] [parse_attr_list_ex] (0x2000): Added default attr groups to whitelist (Tue Oct 9 09:53:40 2018) [sssd[ifp]] [parse_attr_list_ex] (0x2000): Added default attr domain to whitelist (Tue Oct 9 09:53:40 2018) [sssd[ifp]] [parse_attr_list_ex] (0x2000): Added default attr domainname to whitelist (Tue Oct 9 09:53:40 2018) [sssd[ifp]] [sysbus_init] (0x0020): Unable to request name on the system bus: [Connection ":1.33561" is not allowed to own the service "org.freedesktop.sssd.infopipe" due to security policies in the configuration file] (Tue Oct 9 09:53:40 2018) [sssd[ifp]] [sysbus_init] (0x0040): DBus error message: Connection ":1.33561" is not allowed to own the service "org.freedesktop.sssd.infopipe" due to security policies in the configuration file (Tue Oct 9 09:53:40 2018) [sssd[ifp]] [ifp_process_init] (0x0020): Failed to connect to the system message bus (Tue Oct 9 09:53:40 2018) [sssd[ifp]] [sss_responder_ctx_destructor] (0x0400): Responder is being shut down
-----Original Message----- From: Jakub Hrozek [mailto:jhrozek@redhat.com] Sent: Tuesday, October 09, 2018 10:29 AM To: End-user discussions about the System Security Services Daemon sssd-users@lists.fedorahosted.org Cc: Pavel Březina pbrezina@redhat.com Subject: [SSSD-users] Re: sssd fails to start when I enable [ifp]
Interesting..Pavel, do you have some idea?
On 9 Oct 2018, at 10:27, Ondrej Valousek Ondrej.Valousek@s3group.com wrote:
Ok, obviously this error message does not appear when using SystemD, therefore I try to start it as root interactively, i.e. # /usr/sbin/sssd -i
-----Original Message----- From: Ondrej Valousek [mailto:Ondrej.Valousek@s3group.com] Sent: Tuesday, October 09, 2018 10:25 AM To: End-user discussions about the System Security Services Daemon sssd-users@lists.fedorahosted.org Subject: [SSSD-users] Re: sssd fails to start when I enable [ifp]
Hi, As root, i.e. "systemctl start sssd" Ondrej
-----Original Message----- From: Jakub Hrozek [mailto:jhrozek@redhat.com] Sent: Tuesday, October 09, 2018 10:24 AM To: End-user discussions about the System Security Services Daemon sssd-users@lists.fedorahosted.org Subject: [SSSD-users] Re: sssd fails to start when I enable [ifp]
Do you run sssd as root or the unprivileged sssd user?
On 8 Oct 2018, at 15:29, Ondrej Valousek Ondrej.Valousek@s3group.com wrote:
Hi List, Seems like sssd fails to start when I enable infopipe (i.e. add “ifp” to the services list). Log says: (Mon Oct 8 14:18:08 2018) [sssd[ifp]] [sysbus_init] (0x0020): Unable to request name on the system bus: [Connection ":1.33273" is not allowed to own the service "org.freedesktop.sssd.infopipe" due to security policies in the configuration file] (Mon Oct 8 14:18:08 2018) [sssd[ifp]] [sysbus_init] (0x0040): DBus error message: Connection ":1.33273" is not allowed to own the service "org.freedesktop.sssd.infopipe" due to security policies in the configuration file (Mon Oct 8 14:18:08 2018) [sssd[ifp]] [ifp_process_init] (0x0020): Failed to connect to the system message bus
This is Centos-7, all updates applied, i.e. dbus-1.10.24, sssd-1.16.0-19.el7
Thanks, Ondrej
The information contained in this e-mail and in any attachments is confidential and is designated solely for the attention of the intended recipient(s). If you are not an intended recipient, you must not use, disclose, copy, distribute or retain this e-mail or any part thereof. If you have received this e-mail in error, please notify the sender by return e-mail and delete all copies of this e-mail from your computer system(s). Please direct any additional queries to: communications@s3group.com. Thank You. Silicon and Software Systems Limited (S3 Group). Registered in Ireland no. 378073. Registered Office: South County Business Park, Leopardstown, Dublin 18. _______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorah o sted.org
sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedoraho sted.org
The information contained in this e-mail and in any attachments is confidential and is designated solely for the attention of the intended recipient(s). If you are not an intended recipient, you must not use, disclose, copy, distribute or retain this e-mail or any part thereof. If you have received this e-mail in error, please notify the sender by return e-mail and delete all copies of this e-mail from your computer system(s). Please direct any additional queries to: communications@s3group.com. Thank You. Silicon and Software Systems Limited (S3 Group). Registered in Ireland no. 378073. Registered Office: South County Business Park, Leopardstown, Dublin 18. _______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedoraho sted.org
The information contained in this e-mail and in any attachments is confidential and is designated solely for the attention of the intended recipient(s). If you are not an intended recipient, you must not use, disclose, copy, distribute or retain this e-mail or any part thereof. If you have received this e-mail in error, please notify the sender by return e-mail and delete all copies of this e-mail from your computer system(s). Please direct any additional queries to: communications@s3group.com. Thank You. Silicon and Software Systems Limited (S3 Group). Registered in Ireland no. 378073. Registered Office: South County Business Park, Leopardstown, Dublin 18. _______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedoraho sted.org
_______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.o...
-----
The information contained in this e-mail and in any attachments is confidential and is designated solely for the attention of the intended recipient(s). If you are not an intended recipient, you must not use, disclose, copy, distribute or retain this e-mail or any part thereof. If you have received this e-mail in error, please notify the sender by return e-mail and delete all copies of this e-mail from your computer system(s). Please direct any additional queries to: communications@s3group.com. Thank You. Silicon and Software Systems Limited (S3 Group). Registered in Ireland no. 378073. Registered Office: South County Business Park, Leopardstown, Dublin 18.
Ok I know what is going on. Sssd-dbus package is necessary accessory for the InfoPipe. So if you need InfoPipe, you need to install sssd-dbus (not installed by default). Fine, but nobody told me that once you install this package, you are also expected to restart dbus service. I guess this needs a bit polishing...
Ondrej
-----Original Message----- From: Ondrej Valousek [mailto:Ondrej.Valousek@s3group.com] Sent: Tuesday, October 09, 2018 10:56 AM To: End-user discussions about the System Security Services Daemon sssd-users@lists.fedorahosted.org Subject: [SSSD-users] Re: sssd fails to start when I enable [ifp]
The same error I receive when I try to start the ifp service manually: # /usr/libexec/sssd/sssd_ifp --uid 0 --gid 0 --dbus-activated --logger=stderr ... (Tue Oct 9 09:53:40 2018) [sssd[ifp]] [parse_attr_list_ex] (0x2000): Added allowed attr sn to whitelist (Tue Oct 9 09:53:40 2018) [sssd[ifp]] [parse_attr_list_ex] (0x2000): Added default attr name to whitelist (Tue Oct 9 09:53:40 2018) [sssd[ifp]] [parse_attr_list_ex] (0x2000): Added default attr uidNumber to whitelist (Tue Oct 9 09:53:40 2018) [sssd[ifp]] [parse_attr_list_ex] (0x2000): Added default attr gidNumber to whitelist (Tue Oct 9 09:53:40 2018) [sssd[ifp]] [parse_attr_list_ex] (0x2000): Added default attr gecos to whitelist (Tue Oct 9 09:53:40 2018) [sssd[ifp]] [parse_attr_list_ex] (0x2000): Added default attr homeDirectory to whitelist (Tue Oct 9 09:53:40 2018) [sssd[ifp]] [parse_attr_list_ex] (0x2000): Added default attr loginShell to whitelist (Tue Oct 9 09:53:40 2018) [sssd[ifp]] [parse_attr_list_ex] (0x2000): Added default attr groups to whitelist (Tue Oct 9 09:53:40 2018) [sssd[ifp]] [parse_attr_list_ex] (0x2000): Added default attr domain to whitelist (Tue Oct 9 09:53:40 2018) [sssd[ifp]] [parse_attr_list_ex] (0x2000): Added default attr domainname to whitelist (Tue Oct 9 09:53:40 2018) [sssd[ifp]] [sysbus_init] (0x0020): Unable to request name on the system bus: [Connection ":1.33561" is not allowed to own the service "org.freedesktop.sssd.infopipe" due to security policies in the configuration file] (Tue Oct 9 09:53:40 2018) [sssd[ifp]] [sysbus_init] (0x0040): DBus error message: Connection ":1.33561" is not allowed to own the service "org.freedesktop.sssd.infopipe" due to security policies in the configuration file (Tue Oct 9 09:53:40 2018) [sssd[ifp]] [ifp_process_init] (0x0020): Failed to connect to the system message bus (Tue Oct 9 09:53:40 2018) [sssd[ifp]] [sss_responder_ctx_destructor] (0x0400): Responder is being shut down
-----Original Message----- From: Jakub Hrozek [mailto:jhrozek@redhat.com] Sent: Tuesday, October 09, 2018 10:29 AM To: End-user discussions about the System Security Services Daemon sssd-users@lists.fedorahosted.org Cc: Pavel Březina pbrezina@redhat.com Subject: [SSSD-users] Re: sssd fails to start when I enable [ifp]
Interesting..Pavel, do you have some idea?
On 9 Oct 2018, at 10:27, Ondrej Valousek Ondrej.Valousek@s3group.com wrote:
Ok, obviously this error message does not appear when using SystemD, therefore I try to start it as root interactively, i.e. # /usr/sbin/sssd -i
-----Original Message----- From: Ondrej Valousek [mailto:Ondrej.Valousek@s3group.com] Sent: Tuesday, October 09, 2018 10:25 AM To: End-user discussions about the System Security Services Daemon sssd-users@lists.fedorahosted.org Subject: [SSSD-users] Re: sssd fails to start when I enable [ifp]
Hi, As root, i.e. "systemctl start sssd" Ondrej
-----Original Message----- From: Jakub Hrozek [mailto:jhrozek@redhat.com] Sent: Tuesday, October 09, 2018 10:24 AM To: End-user discussions about the System Security Services Daemon sssd-users@lists.fedorahosted.org Subject: [SSSD-users] Re: sssd fails to start when I enable [ifp]
Do you run sssd as root or the unprivileged sssd user?
On 8 Oct 2018, at 15:29, Ondrej Valousek Ondrej.Valousek@s3group.com wrote:
Hi List, Seems like sssd fails to start when I enable infopipe (i.e. add “ifp” to the services list). Log says: (Mon Oct 8 14:18:08 2018) [sssd[ifp]] [sysbus_init] (0x0020): Unable to request name on the system bus: [Connection ":1.33273" is not allowed to own the service "org.freedesktop.sssd.infopipe" due to security policies in the configuration file] (Mon Oct 8 14:18:08 2018) [sssd[ifp]] [sysbus_init] (0x0040): DBus error message: Connection ":1.33273" is not allowed to own the service "org.freedesktop.sssd.infopipe" due to security policies in the configuration file (Mon Oct 8 14:18:08 2018) [sssd[ifp]] [ifp_process_init] (0x0020): Failed to connect to the system message bus
This is Centos-7, all updates applied, i.e. dbus-1.10.24, sssd-1.16.0-19.el7
Thanks, Ondrej
The information contained in this e-mail and in any attachments is confidential and is designated solely for the attention of the intended recipient(s). If you are not an intended recipient, you must not use, disclose, copy, distribute or retain this e-mail or any part thereof. If you have received this e-mail in error, please notify the sender by return e-mail and delete all copies of this e-mail from your computer system(s). Please direct any additional queries to: communications@s3group.com. Thank You. Silicon and Software Systems Limited (S3 Group). Registered in Ireland no. 378073. Registered Office: South County Business Park, Leopardstown, Dublin 18. _______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorah o sted.org
sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedoraho sted.org
The information contained in this e-mail and in any attachments is confidential and is designated solely for the attention of the intended recipient(s). If you are not an intended recipient, you must not use, disclose, copy, distribute or retain this e-mail or any part thereof. If you have received this e-mail in error, please notify the sender by return e-mail and delete all copies of this e-mail from your computer system(s). Please direct any additional queries to: communications@s3group.com. Thank You. Silicon and Software Systems Limited (S3 Group). Registered in Ireland no. 378073. Registered Office: South County Business Park, Leopardstown, Dublin 18. _______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedoraho sted.org
The information contained in this e-mail and in any attachments is confidential and is designated solely for the attention of the intended recipient(s). If you are not an intended recipient, you must not use, disclose, copy, distribute or retain this e-mail or any part thereof. If you have received this e-mail in error, please notify the sender by return e-mail and delete all copies of this e-mail from your computer system(s). Please direct any additional queries to: communications@s3group.com. Thank You. Silicon and Software Systems Limited (S3 Group). Registered in Ireland no. 378073. Registered Office: South County Business Park, Leopardstown, Dublin 18. _______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedoraho sted.org
_______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.o...
-----
The information contained in this e-mail and in any attachments is confidential and is designated solely for the attention of the intended recipient(s). If you are not an intended recipient, you must not use, disclose, copy, distribute or retain this e-mail or any part thereof. If you have received this e-mail in error, please notify the sender by return e-mail and delete all copies of this e-mail from your computer system(s). Please direct any additional queries to: communications@s3group.com. Thank You. Silicon and Software Systems Limited (S3 Group). Registered in Ireland no. 378073. Registered Office: South County Business Park, Leopardstown, Dublin 18. _______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.o...
-----
The information contained in this e-mail and in any attachments is confidential and is designated solely for the attention of the intended recipient(s). If you are not an intended recipient, you must not use, disclose, copy, distribute or retain this e-mail or any part thereof. If you have received this e-mail in error, please notify the sender by return e-mail and delete all copies of this e-mail from your computer system(s). Please direct any additional queries to: communications@s3group.com. Thank You. Silicon and Software Systems Limited (S3 Group). Registered in Ireland no. 378073. Registered Office: South County Business Park, Leopardstown, Dublin 18.
On 10/9/18 11:06 AM, Ondrej Valousek wrote:
Ok I know what is going on. Sssd-dbus package is necessary accessory for the InfoPipe. So if you need InfoPipe, you need to install sssd-dbus (not installed by default). Fine, but nobody told me that once you install this package, you are also expected to restart dbus service. I guess this needs a bit polishing...
It installs a dbus policy configuration file that is required by dbus. D-Bus should be watching the directory for changes though. Please, file an sssd ticket for this and we will investigate further.
I think this is a nice task for Tomas (CC)
Ondrej
-----Original Message----- From: Ondrej Valousek [mailto:Ondrej.Valousek@s3group.com] Sent: Tuesday, October 09, 2018 10:56 AM To: End-user discussions about the System Security Services Daemon sssd-users@lists.fedorahosted.org Subject: [SSSD-users] Re: sssd fails to start when I enable [ifp]
The same error I receive when I try to start the ifp service manually: # /usr/libexec/sssd/sssd_ifp --uid 0 --gid 0 --dbus-activated --logger=stderr ... (Tue Oct 9 09:53:40 2018) [sssd[ifp]] [parse_attr_list_ex] (0x2000): Added allowed attr sn to whitelist (Tue Oct 9 09:53:40 2018) [sssd[ifp]] [parse_attr_list_ex] (0x2000): Added default attr name to whitelist (Tue Oct 9 09:53:40 2018) [sssd[ifp]] [parse_attr_list_ex] (0x2000): Added default attr uidNumber to whitelist (Tue Oct 9 09:53:40 2018) [sssd[ifp]] [parse_attr_list_ex] (0x2000): Added default attr gidNumber to whitelist (Tue Oct 9 09:53:40 2018) [sssd[ifp]] [parse_attr_list_ex] (0x2000): Added default attr gecos to whitelist (Tue Oct 9 09:53:40 2018) [sssd[ifp]] [parse_attr_list_ex] (0x2000): Added default attr homeDirectory to whitelist (Tue Oct 9 09:53:40 2018) [sssd[ifp]] [parse_attr_list_ex] (0x2000): Added default attr loginShell to whitelist (Tue Oct 9 09:53:40 2018) [sssd[ifp]] [parse_attr_list_ex] (0x2000): Added default attr groups to whitelist (Tue Oct 9 09:53:40 2018) [sssd[ifp]] [parse_attr_list_ex] (0x2000): Added default attr domain to whitelist (Tue Oct 9 09:53:40 2018) [sssd[ifp]] [parse_attr_list_ex] (0x2000): Added default attr domainname to whitelist (Tue Oct 9 09:53:40 2018) [sssd[ifp]] [sysbus_init] (0x0020): Unable to request name on the system bus: [Connection ":1.33561" is not allowed to own the service "org.freedesktop.sssd.infopipe" due to security policies in the configuration file] (Tue Oct 9 09:53:40 2018) [sssd[ifp]] [sysbus_init] (0x0040): DBus error message: Connection ":1.33561" is not allowed to own the service "org.freedesktop.sssd.infopipe" due to security policies in the configuration file (Tue Oct 9 09:53:40 2018) [sssd[ifp]] [ifp_process_init] (0x0020): Failed to connect to the system message bus (Tue Oct 9 09:53:40 2018) [sssd[ifp]] [sss_responder_ctx_destructor] (0x0400): Responder is being shut down
-----Original Message----- From: Jakub Hrozek [mailto:jhrozek@redhat.com] Sent: Tuesday, October 09, 2018 10:29 AM To: End-user discussions about the System Security Services Daemon sssd-users@lists.fedorahosted.org Cc: Pavel Březina pbrezina@redhat.com Subject: [SSSD-users] Re: sssd fails to start when I enable [ifp]
Interesting..Pavel, do you have some idea?
On 9 Oct 2018, at 10:27, Ondrej Valousek Ondrej.Valousek@s3group.com wrote:
Ok, obviously this error message does not appear when using SystemD, therefore I try to start it as root interactively, i.e. # /usr/sbin/sssd -i
-----Original Message----- From: Ondrej Valousek [mailto:Ondrej.Valousek@s3group.com] Sent: Tuesday, October 09, 2018 10:25 AM To: End-user discussions about the System Security Services Daemon sssd-users@lists.fedorahosted.org Subject: [SSSD-users] Re: sssd fails to start when I enable [ifp]
Hi, As root, i.e. "systemctl start sssd" Ondrej
-----Original Message----- From: Jakub Hrozek [mailto:jhrozek@redhat.com] Sent: Tuesday, October 09, 2018 10:24 AM To: End-user discussions about the System Security Services Daemon sssd-users@lists.fedorahosted.org Subject: [SSSD-users] Re: sssd fails to start when I enable [ifp]
Do you run sssd as root or the unprivileged sssd user?
On 8 Oct 2018, at 15:29, Ondrej Valousek Ondrej.Valousek@s3group.com wrote:
Hi List, Seems like sssd fails to start when I enable infopipe (i.e. add “ifp” to the services list). Log says: (Mon Oct 8 14:18:08 2018) [sssd[ifp]] [sysbus_init] (0x0020): Unable to request name on the system bus: [Connection ":1.33273" is not allowed to own the service "org.freedesktop.sssd.infopipe" due to security policies in the configuration file] (Mon Oct 8 14:18:08 2018) [sssd[ifp]] [sysbus_init] (0x0040): DBus error message: Connection ":1.33273" is not allowed to own the service "org.freedesktop.sssd.infopipe" due to security policies in the configuration file (Mon Oct 8 14:18:08 2018) [sssd[ifp]] [ifp_process_init] (0x0020): Failed to connect to the system message bus
This is Centos-7, all updates applied, i.e. dbus-1.10.24, sssd-1.16.0-19.el7
Thanks, Ondrej
The information contained in this e-mail and in any attachments is confidential and is designated solely for the attention of the intended recipient(s). If you are not an intended recipient, you must not use, disclose, copy, distribute or retain this e-mail or any part thereof. If you have received this e-mail in error, please notify the sender by return e-mail and delete all copies of this e-mail from your computer system(s). Please direct any additional queries to: communications@s3group.com. Thank You. Silicon and Software Systems Limited (S3 Group). Registered in Ireland no. 378073. Registered Office: South County Business Park, Leopardstown, Dublin 18. _______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorah o sted.org
sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedoraho sted.org
The information contained in this e-mail and in any attachments is confidential and is designated solely for the attention of the intended recipient(s). If you are not an intended recipient, you must not use, disclose, copy, distribute or retain this e-mail or any part thereof. If you have received this e-mail in error, please notify the sender by return e-mail and delete all copies of this e-mail from your computer system(s). Please direct any additional queries to: communications@s3group.com. Thank You. Silicon and Software Systems Limited (S3 Group). Registered in Ireland no. 378073. Registered Office: South County Business Park, Leopardstown, Dublin 18. _______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedoraho sted.org
The information contained in this e-mail and in any attachments is confidential and is designated solely for the attention of the intended recipient(s). If you are not an intended recipient, you must not use, disclose, copy, distribute or retain this e-mail or any part thereof. If you have received this e-mail in error, please notify the sender by return e-mail and delete all copies of this e-mail from your computer system(s). Please direct any additional queries to: communications@s3group.com. Thank You. Silicon and Software Systems Limited (S3 Group). Registered in Ireland no. 378073. Registered Office: South County Business Park, Leopardstown, Dublin 18. _______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedoraho sted.org
sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.o...
The information contained in this e-mail and in any attachments is confidential and is designated solely for the attention of the intended recipient(s). If you are not an intended recipient, you must not use, disclose, copy, distribute or retain this e-mail or any part thereof. If you have received this e-mail in error, please notify the sender by return e-mail and delete all copies of this e-mail from your computer system(s). Please direct any additional queries to: communications@s3group.com. Thank You. Silicon and Software Systems Limited (S3 Group). Registered in Ireland no. 378073. Registered Office: South County Business Park, Leopardstown, Dublin 18. _______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.o...
The information contained in this e-mail and in any attachments is confidential and is designated solely for the attention of the intended recipient(s). If you are not an intended recipient, you must not use, disclose, copy, distribute or retain this e-mail or any part thereof. If you have received this e-mail in error, please notify the sender by return e-mail and delete all copies of this e-mail from your computer system(s). Please direct any additional queries to: communications@s3group.com. Thank You. Silicon and Software Systems Limited (S3 Group). Registered in Ireland no. 378073. Registered Office: South County Business Park, Leopardstown, Dublin 18. _______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.o...
sssd-users@lists.fedorahosted.org
-
Jakub Hrozek -
Ondrej Valousek -
Pavel Březina