[SSSD-users] Re: System error with free-ipa on login

Thu, 15 Feb 2018 07:41:38 -0800 

The selinux_child failed:
(Thu Feb 15 11:18:05 2018) [[sssd[selinux_child[20961]]]] [seuser_needs_update] 
(0x2000): getseuserbyname: ret: 0 seuser: unconfined_u mls: unknown             
                                                                             
(Thu Feb 15 11:18:05 2018) [[sssd[selinux_child[20961]]]] [libsemanage] 
(0x0020): could not cache policy database                                       
                                                                                
     
(Thu Feb 15 11:18:05 2018) [[sssd[selinux_child[20961]]]] [libsemanage] 
(0x0020): could not cache join database                                         
                                                                                
     
(Thu Feb 15 11:18:05 2018) [[sssd[selinux_child[20961]]]] [libsemanage] 
(0x0020): could not enter read-only section                                     
                                                                                
     
(Thu Feb 15 11:18:05 2018) [[sssd[selinux_child[20961]]]] [libsemanage] 
(0x0020): Error while reading kernel policy from 
/var/lib/selinux/targeted/active/policy.linked.                                 
                                    
(Thu Feb 15 11:18:05 2018) [[sssd[selinux_child[20961]]]] [set_seuser] 
(0x0020): Cannot commit SELinux transaction                                     
                                                                                
      
(Thu Feb 15 11:18:05 2018) [[sssd[selinux_child[20961]]]] [main] (0x0020): 
Cannot set SELinux login context.                                               
                                                                                
  
(Thu Feb 15 11:18:05 2018) [[sssd[selinux_child[20961]]]] [main] (0x0020): 
selinux_child failed! 

What is 'sestatus' telling you? If you don't use the SELInux login mapping, you 
can set selinux_provider=none to work around tihs.

On Thu, Feb 15, 2018 at 09:45:43AM -0000, Iaroslav  wrote:
> it happened again with one of our server after power lost.
> 
> full logs of all sections with debug_level=10
> https://drive.google.com/open?id=1Yq2EQ0W9kSz7NhbrB-sv9EkQ2WD4mdXL
> 
> sssctl user-checks test1
> user: test1
> action: acct
> service: system-auth
> 
> SSSD nss user lookup result:
>  - user name: test1
>  - user id: 1400000070
>  - group id: 1400000070
>  - gecos: test1 test
>  - home directory: /home/test1
>  - shell: /bin/bash
> 
> SSSD InfoPipe user lookup result:
>  - name: test1
>  - uidNumber: 1400000070
>  - gidNumber: 1400000070
>  - gecos: test1 test
>  - homeDirectory: /home/test1
>  - loginShell: /bin/bash
> 
> testing pam_acct_mgmt
> 
> pam_acct_mgmt: Permission denied
> 
> PAM Environment:
>  - no env -
> 
>  
> sssctl user-checks pontostroy
> user: pontostroy
> action: acct
> service: system-auth
> 
> SSSD nss user lookup result:
>  - user name: pontostroy
>  - user id: 1400000014
>  - group id: 1400000014
>  - gecos: Iaroslav Andrusyak
>  - home directory: /home/pontostroy
>  - shell: /bin/bash
> 
> SSSD InfoPipe user lookup result:
>  - name: pontostroy
>  - uidNumber: 1400000014
>  - gidNumber: 1400000014
>  - gecos: Iaroslav Andrusyak
>  - homeDirectory: /home/pontostroy
>  - loginShell: /bin/bash
> 
> testing pam_acct_mgmt
> 
> pam_acct_mgmt: System error
> 
> PAM Environment:
>  - no env -
> _______________________________________________
> sssd-users mailing list -- sssd-users@lists.fedorahosted.org
> To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org
_______________________________________________
sssd-users mailing list -- sssd-users@lists.fedorahosted.org
To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org

Reply via email to