On Sat, Aug 19, 2017 at 5:01 AM, Lukas Slebodnik <lsleb...@redhat.com> wrote:
> On (19/08/17 10:57), Lukas Slebodnik wrote: > >I think it would be better to start from scratch: > You did tell me that I was not hitting that RH bug. Sorry. > > > >Please answer to following question: > >Is your local password the same as kerberos password? > Yes > > >And much simpler would be to test without gdm. > I switched tty, instead of logging on through gdm I logged on at the console with same result. > > > >Please open one console as *root* and run following command > > sh# journalctl -f > my_journal_output.log > > > >Open another console as *ordinary user* and run following commands just > with you user: > > > > sh$ date > > Sat Aug 19 10:41:36 CEST 2017 > > > > sh$ kdestroy -A > > > > # use kerberos password for test_user > > sh$ su - test_user > > Password: > > > > sh$ klist > > Ticket cache: FILE:/tmp/ccache_gjwisq > > Default principal: test_u...@example.com > > > > Valid starting Expires Service principal > > 08/19/2017 10:42:17 08/19/2017 20:42:17 krbtgt/ > example....@example.com > > > > sh$ date > > Sat Aug 19 10:42:21 CEST 2017 > > > > > > > >Then jump to the 1st terminal and stop command (ctrl-c). > >+ run following command > > sh# ps aux | grep ss[s] > > root 29712 0.0 0.0 277304 9672 ? Ss Aug18 0:00 > /usr/sbin/sssd -i -f > > root 29715 0.0 0.0 296268 13240 ? S Aug18 0:00 > /usr/libexec/sssd/sssd_be --domain files.example --uid 0 --gid 0 > --debug-to-files > > root 29717 0.0 0.2 282388 33156 ? S Aug18 0:00 > /usr/libexec/sssd/sssd_nss --uid 0 --gid 0 --debug-to-files > > root 29718 0.0 0.0 262040 8624 ? S Aug18 0:00 > /usr/libexec/sssd/sssd_pam --uid 0 --gid 0 --debug-to-files > > > > > >And then attach sssd.conf, my_journal_output.log and sssd log files. > > > > BTW here is the most important part of my_journal_output.log > on my system. > > Aug 19 10:59:19 host.example.com su[32502]: pam_unix(su-l:auth): > authentication failure; logname=test_user uid=1000 euid=0 tty=pts/18 > ruser=test_user rhost= user=test_user > Aug 19 10:59:20 host.example.com su[32502]: pam_sss(su-l:auth): > authentication success; logname=test_user uid=1000 euid=0 tty=pts/18 > ruser=test_user rhost= user=test_user > > I do not see this in my log. I still believe sssd is not getting my login info. it's going straight to pam and local user. Jakub made it look oh so easy. https://www.youtube.com/watch?v=qEsBVckPpk4 Thank you for helping me these weeks. This should not be that hard. LS > _______________________________________________ > sssd-users mailing list -- sssd-users@lists.fedorahosted.org > To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org > #cat /etc/sssd/sssd.conf [sssd] domains = files services = nss, pam [pam] debug_level = 9 [domain/files] id_provider = files auth_provider = krb5 debug_level = 9 krb5_server = panther.montclaire.local krb5_realm = MONTCLAIRE.LOCAL krb5_store_password_if_offline = True cache_credentials = True
-- Logs begin at Wed 2017-08-16 16:08:51 EDT. -- Aug 19 14:18:29 kitten.montclaire.local systemd[1]: Starting Hostname Service... Aug 19 14:18:29 kitten.montclaire.local dbus-daemon[682]: [system] Successfully activated service 'org.freedesktop.hostname1' Aug 19 14:18:29 kitten.montclaire.local systemd[1]: Started Hostname Service. Aug 19 14:18:29 kitten.montclaire.local audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-hostnamed comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' Aug 19 14:18:59 kitten.montclaire.local audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-hostnamed comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' Aug 19 14:19:29 kitten.montclaire.local su[4298]: pam_unix(su:session): session closed for user louisgtwo Aug 19 14:19:29 kitten.montclaire.local audit[4298]: USER_END pid=4298 uid=1000 auid=1000 ses=7 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_sss acct="louisgtwo" exe="/usr/bin/su" hostname=kitten.montclaire.local addr=? terminal=pts/1 res=success' Aug 19 14:19:29 kitten.montclaire.local audit[4298]: CRED_DISP pid=4298 uid=1000 auid=1000 ses=7 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_localuser,pam_unix acct="louisgtwo" exe="/usr/bin/su" hostname=kitten.montclaire.local addr=? terminal=pts/1 res=success' Aug 19 14:19:37 kitten.montclaire.local audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=lvm2-lvmetad comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' Aug 19 14:19:58 kitten.montclaire.local NetworkManager[759]: <info> [1503166798.4364] device (wlp2s0): supplicant interface state: inactive -> scanning Aug 19 14:20:10 kitten.montclaire.local chronyd[723]: Source 2607:fa18::2406 replaced with 2604:4500:0:2ec:7555:eb61:4c4d:3276 Aug 19 14:20:28 kitten.montclaire.local dbus-daemon[682]: [system] Activating via systemd: service name='net.reactivated.Fprint' unit='fprintd.service' requested by ':1.188' (uid=0 pid=4659 comm="su louisgtwo " label="unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023") Aug 19 14:20:28 kitten.montclaire.local systemd[1]: Starting Fingerprint Authentication Daemon... Aug 19 14:20:28 kitten.montclaire.local dbus-daemon[682]: [system] Successfully activated service 'net.reactivated.Fprint' Aug 19 14:20:28 kitten.montclaire.local audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=fprintd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' Aug 19 14:20:28 kitten.montclaire.local systemd[1]: Started Fingerprint Authentication Daemon. Aug 19 14:20:36 kitten.montclaire.local audit[4659]: USER_AUTH pid=4659 uid=1000 auid=1000 ses=7 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:authentication grantors=pam_succeed_if,pam_localuser,pam_unix acct="louisgtwo" exe="/usr/bin/su" hostname=kitten.montclaire.local addr=? terminal=pts/1 res=success' Aug 19 14:20:36 kitten.montclaire.local audit[4659]: USER_ACCT pid=4659 uid=1000 auid=1000 ses=7 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="louisgtwo" exe="/usr/bin/su" hostname=kitten.montclaire.local addr=? terminal=pts/1 res=success' Aug 19 14:20:36 kitten.montclaire.local su[4659]: (to louisgtwo) louisgtwo on pts/1 Aug 19 14:20:36 kitten.montclaire.local audit[4659]: CRED_ACQ pid=4659 uid=1000 auid=1000 ses=7 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_localuser,pam_unix acct="louisgtwo" exe="/usr/bin/su" hostname=kitten.montclaire.local addr=? terminal=pts/1 res=success' Aug 19 14:20:36 kitten.montclaire.local su[4659]: pam_systemd(su:session): Cannot create session: Already occupied by a session Aug 19 14:20:36 kitten.montclaire.local su[4659]: pam_unix(su:session): session opened for user louisgtwo by (uid=1000) Aug 19 14:20:36 kitten.montclaire.local audit[4659]: USER_START pid=4659 uid=1000 auid=1000 ses=7 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_sss acct="louisgtwo" exe="/usr/bin/su" hostname=kitten.montclaire.local addr=? terminal=pts/1 res=success' Aug 19 14:20:58 kitten.montclaire.local audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=fprintd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
sssd_files.log.gz
Description: GNU Zip compressed data
sssd_pam.log.gz
Description: GNU Zip compressed data
_______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org
