On Fri, Feb 21, 2020 at 12:32:54PM -0000, Sunil Phogat via FreeIPA-users wrote: > > On Thu, Feb 20, 2020 at 08:59:01AM -0000, Sunil via FreeIPA-users wrote: > > > > Hi, > > > > please check > > https://docs.pagure.org/SSSD.sssd/users/troubleshooting.html to see how > > to enable debugging in SSSD. There are also common issues described. > > > > Since there is a 'permission denied' error, I wonder if you already had > > some HBAC rules enabled and disabled the 'allow_all' rule? > > > > bye, > > Sumit > > Thx Sumit for views > > HBAC rules enabled : allow_all > > This is the sssd logs I get : > > (Fri Feb 21 07:28:25 2020) [sssd[be[sunil.lan]]] [dp_pam_handler] (0x0100): > Got request with the following data > (Fri Feb 21 07:28:25 2020) [sssd[be[sunil.lan]]] [pam_print_data] (0x0100): > command: SSS_PAM_CHAUTHTOK
Hi, this is a request trying to change the password, this is typically not related to authentication. > (Fri Feb 21 07:28:25 2020) [sssd[be[sunil.lan]]] [pam_print_data] (0x0100): > domain: sunil.lan > (Fri Feb 21 07:28:25 2020) [sssd[be[sunil.lan]]] [pam_print_data] (0x0100): > user: sku...@sunil.lan > (Fri Feb 21 07:28:25 2020) [sssd[be[sunil.lan]]] [pam_print_data] (0x0100): > service: sshd > (Fri Feb 21 07:28:25 2020) [sssd[be[sunil.lan]]] [pam_print_data] (0x0100): > tty: ssh > (Fri Feb 21 07:28:25 2020) [sssd[be[sunil.lan]]] [pam_print_data] (0x0100): > ruser: > (Fri Feb 21 07:28:25 2020) [sssd[be[sunil.lan]]] [pam_print_data] (0x0100): > rhost: 127.0.0.1 > (Fri Feb 21 07:28:25 2020) [sssd[be[sunil.lan]]] [pam_print_data] (0x0100): > authtok type: 1 > (Fri Feb 21 07:28:25 2020) [sssd[be[sunil.lan]]] [pam_print_data] (0x0100): > newauthtok type: 1 > (Fri Feb 21 07:28:25 2020) [sssd[be[sunil.lan]]] [pam_print_data] (0x0100): > priv: 1 > (Fri Feb 21 07:28:25 2020) [sssd[be[sunil.lan]]] [pam_print_data] (0x0100): > cli_pid: 21631 > (Fri Feb 21 07:28:25 2020) [sssd[be[sunil.lan]]] [pam_print_data] (0x0100): > logon name: not set > (Fri Feb 21 07:28:25 2020) [sssd[be[sunil.lan]]] [fo_resolve_service_send] > (0x0100): Trying to resolve service 'IPA' > (Fri Feb 21 07:28:25 2020) [sssd[be[sunil.lan]]] [be_resolve_server_process] > (0x0200): Found address for server ipa.sunil.lan: [10.0.9.229] TTL 7200 > (Fri Feb 21 07:28:25 2020) [sssd[be[sunil.lan]]] [fo_set_port_status] > (0x0100): Marking port 0 of server 'ipa.sunil.lan' as 'not working' > (Fri Feb 21 07:28:25 2020) [sssd[be[sunil.lan]]] [fo_resolve_service_send] > (0x0100): Trying to resolve service 'IPA' > (Fri Feb 21 07:28:25 2020) [sssd[be[sunil.lan]]] [get_port_status] (0x0080): > SSSD is unable to complete the full connection request, this internal status > does not necessarily indicate network port issues. > (Fri Feb 21 07:28:25 2020) [sssd[be[sunil.lan]]] [get_port_status] (0x0080): > SSSD is unable to complete the full connection request, this internal status > does not necessarily indicate network port issues. > (Fri Feb 21 07:28:25 2020) [sssd[be[sunil.lan]]] [get_port_status] (0x0100): > Resetting the status of port 0 for server '(no name)' > (Fri Feb 21 07:28:25 2020) [sssd[be[sunil.lan]]] [resolve_srv_send] (0x0200): > The status of SRV lookup is neutral > (Fri Feb 21 07:28:25 2020) [sssd[be[sunil.lan]]] [resolv_getsrv_send] > (0x0100): Trying to resolve SRV record of '_ldap._tcp.sunil.lan' Looks like DNS is not configured properly, are you using the DNS server integrated in FreeIPA or an external one? bye, Sumit > (Fri Feb 21 07:28:25 2020) [sssd[be[sunil.lan]]] [child_sig_handler] > (0x0100): child [21639] finished successfully. > (Fri Feb 21 07:28:25 2020) [sssd[be[sunil.lan]]] [resolv_discover_srv_done] > (0x0040): SRV query failed [4]: Domain name not found > (Fri Feb 21 07:28:25 2020) [sssd[be[sunil.lan]]] [fo_set_port_status] > (0x0100): Marking port 0 of server '(no name)' as 'not working' > (Fri Feb 21 07:28:25 2020) [sssd[be[sunil.lan]]] [resolve_srv_done] (0x0040): > Unable to resolve SRV [1432158236]: SRV record not found > (Fri Feb 21 07:28:25 2020) [sssd[be[sunil.lan]]] [set_srv_data_status] > (0x0100): Marking SRV lookup of service 'IPA' as 'not resolved' > (Fri Feb 21 07:28:25 2020) [sssd[be[sunil.lan]]] [be_resolve_server_process] > (0x0080): Couldn't resolve server (SRV lookup meta-server), resolver returned > [1432158236]: SRV record not found > (Fri Feb 21 07:28:25 2020) [sssd[be[sunil.lan]]] [fo_resolve_service_send] > (0x0100): Trying to resolve service 'IPA' > (Fri Feb 21 07:28:25 2020) [sssd[be[sunil.lan]]] [get_port_status] (0x0080): > SSSD is unable to complete the full connection request, this internal status > does not necessarily indicate network port issues. > (Fri Feb 21 07:28:25 2020) [sssd[be[sunil.lan]]] [get_port_status] (0x0080): > SSSD is unable to complete the full connection request, this internal status > does not necessarily indicate network port issues. > (Fri Feb 21 07:28:25 2020) [sssd[be[sunil.lan]]] [fo_resolve_service_send] > (0x0020): No available servers for service 'IPA' > (Fri Feb 21 07:28:25 2020) [sssd[be[sunil.lan]]] [be_run_offline_cb] > (0x0080): Going offline. Running callbacks. > _______________________________________________ > FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org > To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
