[SSSD-users] FreeIPA/SSSD sssd_nss error: The Data Provider returned an error [org.freedesktop.sssd.Error.DataProvider.Fatal]

Anthony Joseph Messina Wed, 31 Jan 2018 10:33:07 -0800

In a Fedora 27 FreeIPA-4.6 domain with the following sssd.conf, I regularly
get the followin error:


sssd_nss[2603]: The Data Provider returned an error 
[org.freedesktop.sssd.Error.DataProvider.Fatal]

Increasing the sssd debug level reveals that the fatal error seems to be raised
by the lookup in the implicit_files domain which doesn't contain this GID.

While this happens on all my FreeIPA clients, this particular host is a 
mailserver
postfix and cyrus-imap with saslsuthd/pam authentication so the number of user
lookups is far higher and the error occurs with considerable frequency.

Do I have a misconfiguration here or is there a problem with implicit_domain
and GID lookups?  It doesn't seem like this should be a fatal error when the
GID exists in the example.com FreeIPA/SSSD domain.

# /etc/nsswitch.conf (snippet)
passwd:     sss files mymachines systemd
shadow:     files sss
group:      sss files mymachines systemd

# /etc/sssd/sssd.conf
[domain/example.com]
cache_credentials = True
krb5_store_password_if_offline = True
ipa_domain = example.com
id_provider = ipa
auth_provider = ipa
access_provider = ipa
ipa_hostname = host.example.com
chpass_provider = ipa
ipa_server = _srv_, ipa-master.ipa.example.com
ldap_tls_cacert = /etc/ipa/ca.crt
[sssd]
services = nss, sudo, pam, ssh, ifp

domains = example.com
[nss]
homedir_substring = /home

[pam]

[sudo]

[autofs]

[ssh]

[pac]

[ifp]
allowed_uids = apache, root

[secrets]

# Relevant sssd_nss debug logs
Jan 30 18:22:48 sssd_nss[2603]: Input ID: 1111100001
Jan 30 18:22:48 sssd_nss[2603]: CR #134773: New request 'Group by ID'
Jan 30 18:22:48 sssd_nss[2603]: CR #134773: Performing a multi-domain search
Jan 30 18:22:48 sssd_nss[2603]: CR #134773: Search will check the cache and 
check the data provider
Jan 30 18:22:48 sssd_nss[2603]: CR #134773: Using domain [implicit_files]
Jan 30 18:22:48 sssd_nss[2603]: CR #134773: Looking up 
GID:1111100001@implicit_files
Jan 30 18:22:48 sssd_nss[2603]: CR #134773: Checking negative cache for 
[GID:1111100001@implicit_files]
Jan 30 18:22:48 sssd_nss[2603]: CR #134773: [GID:1111100001@implicit_files] is 
not present in negative cache
Jan 30 18:22:48 sssd_nss[2603]: CR #134773: Looking up 
[GID:1111100001@implicit_files] in cache
Jan 30 18:22:48 sssd_nss[2603]: CR #134773: Object 
[GID:1111100001@implicit_files] was not found in cache
Jan 30 18:22:48 sssd_nss[2603]: CR #134773: Looking up 
[GID:1111100001@implicit_files] in data provider
Jan 30 18:22:48 sssd_nss[2603]: Issuing request for 
[0x56200cc04250:2:1111100001@implicit_files]
Jan 30 18:22:48 sssd_nss[2603]: Creating request for 
[implicit_files][0x2][BE_REQ_GROUP][idnumber=1111100001:-]
Jan 30 18:22:48 sssd_nss[2603]: Entering request 
[0x56200cc04250:2:1111100001@implicit_files]
Jan 30 18:22:48 sssd_nss[2603]: Input ID: 1111100001
Jan 30 18:22:48 sssd_nss[2603]: CR #134774: New request 'Group by ID'
Jan 30 18:22:48 sssd_nss[2603]: CR #134774: Performing a multi-domain search
Jan 30 18:22:48 sssd_nss[2603]: CR #134774: Search will check the cache and 
check the data provider
Jan 30 18:22:48 sssd_nss[2603]: CR #134774: Using domain [implicit_files]
Jan 30 18:22:48 sssd_nss[2603]: CR #134774: Looking up 
GID:1111100001@implicit_files
Jan 30 18:22:48 sssd_nss[2603]: CR #134774: Checking negative cache for 
[GID:1111100001@implicit_files]
Jan 30 18:22:48 sssd_nss[2603]: CR #134774: [GID:1111100001@implicit_files] is 
not present in negative cache
Jan 30 18:22:48 sssd_nss[2603]: CR #134774: Looking up 
[GID:1111100001@implicit_files] in cache
Jan 30 18:22:48 sssd_nss[2603]: CR #134774: Object 
[GID:1111100001@implicit_files] was not found in cache
Jan 30 18:22:48 sssd_nss[2603]: CR #134774: Looking up 
[GID:1111100001@implicit_files] in data provider
Jan 30 18:22:48 sssd_nss[2603]: Issuing request for 
[0x56200cc04250:2:1111100001@implicit_files]
Jan 30 18:22:48 sssd_nss[2603]: Identical request in progress: 
[0x56200cc04250:2:1111100001@implicit_files]
Jan 30 18:22:48 sssd_nss[2603]: The Data Provider returned an error 
[org.freedesktop.sssd.Error.DataProvider.Fatal]
Jan 30 18:22:48 sssd_nss[2603]: CR #134773: Data Provider Error: 3, 5, Failed 
to get reply from Data Provider
Jan 30 18:22:48 sssd_nss[2603]: CR #134773: Due to an error we will return 
cached data
Jan 30 18:22:48 sssd_nss[2603]: CR #134773: Looking up 
[GID:1111100001@implicit_files] in cache
Jan 30 18:22:48 sssd_nss[2603]: CR #134773: Object 
[GID:1111100001@implicit_files] was not found in cache
Jan 30 18:22:48 sssd_nss[2603]: CR #134773: Using domain [example.com]
Jan 30 18:22:48 sssd_nss[2603]: CR #134773: Looking up 
GID:1111100...@example.com
Jan 30 18:22:48 sssd_nss[2603]: CR #134773: Checking negative cache for 
[GID:1111100...@example.com]
Jan 30 18:22:48 sssd_nss[2603]: CR #134773: [GID:1111100...@example.com] is not 
present in negative cache
Jan 30 18:22:48 sssd_nss[2603]: CR #134773: Looking up 
[GID:1111100...@example.com] in cache
Jan 30 18:22:48 sssd_nss[2603]: CR #134773: Returning 
[GID:1111100...@example.com] from cache
Jan 30 18:22:48 sssd_nss[2603]: CR #134773: Filtering out results by negative 
cache
Jan 30 18:22:48 sssd_nss[2603]: CR #134774: Data Provider Error: 3, 5, Failed 
to get reply from Data Provider
Jan 30 18:22:48 sssd_nss[2603]: CR #134774: Due to an error we will return 
cached data
Jan 30 18:22:48 sssd_nss[2603]: CR #134774: Looking up 
[GID:1111100001@implicit_files] in cache
Jan 30 18:22:48 sssd_nss[2603]: CR #134774: Object 
[GID:1111100001@implicit_files] was not found in cache
Jan 30 18:22:48 sssd_nss[2603]: CR #134774: Using domain [example.com]
Jan 30 18:22:48 sssd_nss[2603]: CR #134774: Looking up 
GID:1111100...@example.com
Jan 30 18:22:48 sssd_nss[2603]: CR #134774: Checking negative cache for 
[GID:1111100...@example.com]
Jan 30 18:22:48 sssd_nss[2603]: CR #134774: [GID:1111100...@example.com] is not 
present in negative cache
Jan 30 18:22:48 sssd_nss[2603]: CR #134774: Looking up 
[GID:1111100...@example.com] in cache
Jan 30 18:22:48 sssd_nss[2603]: CR #134774: Returning 
[GID:1111100...@example.com] from cache
Jan 30 18:22:48 sssd_nss[2603]: CR #134774: Filtering out results by negative 
cache
Jan 30 18:22:48 sssd_nss[2603]: Deleting request: 
[0x56200cc04250:2:1111100001@implicit_files]
Jan 30 18:22:48 sssd_nss[2603]: CR #134773: Found 1 entries in domain 
example.com
Jan 30 18:22:48 sssd_nss[2603]: CR #134774: Found 1 entries in domain 
example.com
Jan 30 18:22:48 sssd_nss[2603]: CR #134773: Finished: Success
Jan 30 18:22:48 sssd_nss[2603]: Domain example.com is Active
Jan 30 18:22:48 sssd_nss[2603]: Domain implicit_files is Active
Jan 30 18:22:48 sssd_nss[2603]: Domain example.com is Active
Jan 30 18:22:48 sssd_nss[2603]: CR #134774: Finished: Success

-- 
Anthony - https://messinet.com/ - https://messinet.com/~amessina/gallery
F9B6 560E 68EA 037D 8C3D  D1C9 FF31 3BDB D9D8 99B6

signature.asc
Description: This is a digitally signed message part.

_______________________________________________
sssd-users mailing list -- sssd-users@lists.fedorahosted.org
To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org

[SSSD-users] FreeIPA/SSSD sssd_nss error: The Data Provider returned an error [org.freedesktop.sssd.Error.DataProvider.Fatal]

Reply via email to