On 14/11/2013 4:41 AM, [email protected] wrote:
Date: Thu, 14 Nov 2013 10:41:45 +0100 From: Jakub Hrozek <[email protected]> To:
[email protected] Subject: Re: [SSSD] auth.log error message: _sasl_plugin_load
failed on sasl_canonuser_init for plugin: ldapdb Message-ID:
<[email protected]> Content-Type: text/plain; charset=us-ascii On Wed,
Nov 13, 2013 at 04:19:03PM -0500, Qing Chang wrote:
>there was a thread on Aug 8, 2013 that was about this error, my situation is
>a little different. This happens on Ubuntu 12.04 IPA clients, which automounts
>kerberized NFSv4.
>
>I am let to believe that this error may be the cause of a weird problem that
>users are able to login wither per ssh or lightdm.
>
>Open an ssh session, type in username and password, successful authentication
>is logged in auth.log, but the session just hangs at the login prompt.
>=====
>Nov 13 09:52:33 murjo sshd[2746]: pam_unix(sshd:auth):
>authentication failure; logname= uid=0 euid=0 tty=ssh ruser=
>rhost=fish user=qchang
>Nov 13 09:52:34 murjo sshd[2746]: pam_sss(sshd:auth): authentication
>success; logname= uid=0 euid=0 tty=ssh ruser= rhost=fish user=qchang
>Nov 13 09:52:34 murjo sshd[2746]: Accepted password for qchang from port 33621
ssh2
>Nov 13 09:52:34 murjo sshd[2746]: pam_unix(sshd:session): session opened for
user qchang by (uid=0)
>Nov 13 09:53:04 murjo sssd_be: canonuserfunc error -7
>Nov 13 09:53:04 murjo sssd_be: _sasl_plugin_load failed on sasl_canonuser_init
for plugin: ldapdb
>Nov 13 09:57:23 murjo sshd[902]: Received signal 15; terminating.
>Nov 13 09:57:23 murjo sshd[997]: Server listening on 0.0.0.0 port 22.
>Nov 13 09:57:23 murjo sshd[997]: Server listening on :: port 22.
>Nov 13 09:57:34 murjo lightdm: pam_unix(lightdm:session): session opened for
user lightdm by (uid=0)
>Nov 13 09:57:34 murjo lightdm: pam_ck_connector(lightdm:session): nox11 mode,
ignoring PAM_TTY :0
>Nov 13 09:57:35 murjo dbus[910]: [system] Rejected send message, 2
>matched rules; type="method_call", sender=":1.16" (uid=104 pid=1554
>comm="/usr/lib/indicator-datetim
>e/indicator-datetime-ser")
>interface="org.freedesktop.DBus.Properties" member="GetAll" error
>name="(unset)" requested_reply="0" destination=":1.9" (uid=0
>pid=1400 comm
>="/usr/sbin/console-kit-daemon --no-daemon ")
>Nov 13 09:57:43 murjo automount[1725]: canonuserfunc error -7
>Nov 13 09:57:43 murjo automount[1725]: _sasl_plugin_load failed on
>sasl_canonuser_init for plugin: ldapdb
>Nov 13 09:57:44 murjo automount[1725]: DIGEST-MD5 common mech free
>Nov 13 09:57:44 murjo automount[1725]: canonuserfunc error -7
This looks like some kind of cyrus-sasl misconfiguration, not really
anything wrong in the SSSD.
This host is configured as IPA client with kerberized NFSv4, the configuration
process
involves ipa-client-setup and some ker-NFS related changes, but nothing is done
directly regarding cyrus-sasl. How I can find out what has gone wrong?
===== sssd.conf =====
[domain/sri.utoronto.ca]
cache_credentials = True
krb5_store_password_if_offline = True
krb5_renewable_lifetime = 7d
krb5_renew_interval = 3600
ipa_domain = sri.utoronto.ca
id_provider = ipa
auth_provider = ipa
access_provider = ipa
chpass_provider = ipa
ipa_server = _srv_, ipa1.sri.utoronto.ca
ldap_tls_cacert = /etc/ipa/ca.crt
[sssd]
services = nss, pam
config_file_version = 2
domains = sri.utoronto.ca
[nss]
[pam]
[sudo]
[autofs]
[ssh]
=====
Thanks,
Qing
_______________________________________________
sssd-devel mailing list
[email protected]
https://lists.fedorahosted.org/mailman/listinfo/sssd-devel
