> > is it expected or a misconfiguration on my test environment?
> I think it's expected, it just looks like some application (you can see
> its details referred to in the nss logs as 'client') is calling both
> getgrgid and getpwnam.
ok, I searched which application is requesting groups with gid
On Thu, May 18, 2017 at 11:40:18AM -0400, Striker Leggette wrote:
> I can understand the first unlock from waking up from sleep. For the
> second, bump your debug_level in sssd.conf up to 7 and then check to see if
> you have any "Got request" lines in /var/log/sssd/sssd_domain.log for the
> secon
I can understand the first unlock from waking up from sleep. For the
second, bump your debug_level in sssd.conf up to 7 and then check to see
if you have any "Got request" lines in /var/log/sssd/sssd_domain.log for
the second login attempt from the lock screen. You should be able to
see if it
Sequence:
login into MATE or Plasma
suspend to ram
wait until krbtgt expires
wakeup computer
unlock screen
klist will show the old expired ticket.
lock/unlock screen again(well after networking is up)
klist still shows the old ticket.
No SSO/NFS possible until manually doing a kinit to get a fre
Turns out, it was one of our own system hardening steps which has caused SSSD
Sudo to break.
Under /etc/pam.d/system-auth, once I commented the lines below, sudo started
working again. These lines were added to enable account lockout from multiple
attempts. Can we still have these along with p
On Mon, May 15, 2017 at 01:15:33PM +0200, Sébastien QUESSON wrote:
> Hi, on sssd 1.13.4-1ubuntu1.5:
> looking at sssd_domain.tls.log with debug level 9, I can see many wrong group
> requests.
>
> After flushing ssd cache and restarting:
> [sdap_get_generic_ext_step] (0x0400): calling ldap_search_
What format are your groups listed in /etc/sudoers? Use this example:
[striker-ad@el7client01 ~]$ id
uid=1672401105(striker-ad) gid=1672400513(domain users)
groups=1672400513(domain users)
context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
[striker-ad@el7client01 ~]$ sudo tail -n
