On Thu, Jun 15, 2017 at 04:28:13AM -0000, john.bowman--- via FreeIPA-users wrote: > After upping the log levels on sssd on one of the failing servers I saw this > in one of the sssd log files: > > from sssd_pamd.log: > > (Wed Jun 14 23:16:05 2017) [sssd[pam]] [sss_ncache_check_str] (0x2000): > Checking negative cache for [NCE/USER/domain.tld/jbowman] > (Wed Jun 14 23:16:05 2017) [sssd[pam]] [sss_dp_issue_request] (0x0400): > Issuing request for [0x41b5c0:3:jbow...@domain.tld] > (Wed Jun 14 23:16:05 2017) [sssd[pam]] [sss_dp_get_account_msg] (0x0400): > Creating request for [domain.tld][3][1][name=jbowman] > (Wed Jun 14 23:16:05 2017) [sssd[pam]] [sbus_add_timeout] (0x2000): 0x20ef8a0 > (Wed Jun 14 23:16:05 2017) [sssd[pam]] [sss_dp_internal_get_send] (0x0400): > Entering request [0x41b5c0:3:jbow...@domain.tld] > (Wed Jun 14 23:16:05 2017) [sssd[pam]] [sbus_remove_timeout] (0x2000): > 0x20ef8a0 > (Wed Jun 14 23:16:05 2017) [sssd[pam]] [sss_dp_get_reply] (0x1000): Got reply > from Data Provider - DP error code: 3 errno: 22 error message: Init Groups > Failed > (Wed Jun 14 23:16:05 2017) [sssd[pam]] [pam_check_user_dp_callback] (0x0040): > Unable to get information from Data Provider > Error: 3, 22, Init Groups Failed > > > from sssd_domain.tld.log > (Wed Jun 14 22:55:37 2017) [sssd[be[domain.tld]]] [hbac_eval_user_element] > (0x0080): Parse error on [cn=system: manage service > principals+nsuniqueid=e8d2f834-512111e7-9205b5bf-43202000,cn=permissions,cn=pbac,dc=domain,dc=tld]
Yes, only recent vresions of sssd can skip over the replication conflicts. I would recommend to clear the conflicts manually. > (Wed Jun 14 22:55:37 2017) [sssd[be[domain.tld]]] [hbac_ctx_to_rules] > (0x0020): Could not construct eval request > (Wed Jun 14 22:55:37 2017) [sssd[be[domain.tld]]] [ipa_hbac_evaluate_rules] > (0x0020): Could not construct HBAC rules > (Wed Jun 14 22:55:37 2017) [sssd[be[domain.tld]]] [sdap_id_op_destroy] > (0x4000): releasing operation connection > (Wed Jun 14 22:55:37 2017) [sssd[be[domain.tld]]] [be_pam_handler_callback] > (0x0100): Backend returned: (3, 4, <NULL>) [Internal Error (System error)] > (Wed Jun 14 22:55:37 2017) [sssd[be[domain.tld]]] [be_pam_handler_callback] > (0x0100): Sending result [4][domain.tld] > (Wed Jun 14 22:55:37 2017) [sssd[be[domainn.tld]]] [be_pam_handler_callback] > (0x0100): Sent result [4][domain.tld] > (Wed Jun 14 22:55:37 2017) [sssd[be[domain.tld]]] [sdap_process_result] > (0x2000): Trace: sh[0x7ea6b0], connected[1], ops[(nil)], ldap[0x844de0] > (Wed Jun 14 22:55:37 2017) [sssd[be[domain.tld]]] [sdap_process_result] > (0x2000): Trace: ldap_result found nothing! > (Wed Jun 14 22:55:38 2017) [sssd[be[domain.tld]]] [sbus_dispatch] (0x4000): > dbus conn: 7B2A00 > (Wed Jun 14 22:55:38 2017) [sssd[be[domain.tld]]] [sbus_dispatch] (0x4000): > Dispatching. > (Wed Jun 14 22:55:38 2017) [sssd[be[domain.tld]]] [sbus_message_handler] > (0x4000): Received SBUS method [ping] > > I saw a similar issue in a previous posting to the list: > https://www.redhat.com/archives/freeipa-users/2017-January/msg00286.html > > I was wondering if these errors might be related to the issues I'm seeing > currently since they seem very similar so far... > _______________________________________________ > FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org > To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
