> On Thu, Mar 12, 2020 at 03:13:57PM -0000, Hristina Marosevic wrote: > > Hi, > > the file should be in the SSSD log directory, so typically > /var/log/sssd/p11_child.log. > > Since it does not exists, p11_child was not called to validate the > certificates. In this case sssd_ssh.log is the only source of > information. Feel free to send the file or the part of the log file > which covers the time where sss_ssh_authorized_keys was called. > > bye, > Sumit
Hello, command: /usr/bin/sss_ssh_authorizedkeys IIN32000000001 output: (Tue Mar 17 10:39:34 2020) [sssd[ssh]] [get_client_cred] (0x4000): Client creds: euid[0] egid[0] pid[24441]. (Tue Mar 17 10:39:34 2020) [sssd[ssh]] [get_client_cred] (0x0080): The following failure is expected to happen in case SELinux is disabled: SELINUX_getpeercon failed [92][Protocol not available]. Please, consider enabling SELinux in your system. (Tue Mar 17 10:39:34 2020) [sssd[ssh]] [setup_client_idle_timer] (0x4000): Idle timer re-set for client [0x55e6a3217350][18] (Tue Mar 17 10:39:34 2020) [sssd[ssh]] [accept_fd_handler] (0x0400): Client connected! (Tue Mar 17 10:39:34 2020) [sssd[ssh]] [sss_cmd_get_version] (0x0200): Received client version [0]. (Tue Mar 17 10:39:34 2020) [sssd[ssh]] [sss_cmd_get_version] (0x0200): Offered version [0]. (Tue Mar 17 10:39:34 2020) [sssd[ssh]] [ssh_protocol_parse_request] (0x0400): Requested domain [<ALL>] (Tue Mar 17 10:39:34 2020) [sssd[ssh]] [ssh_cmd_get_user_pubkeys] (0x0400): Requesting SSH user public keys for [IIN32000000001] from [<ALL>] (Tue Mar 17 10:39:34 2020) [sssd[ssh]] [cache_req_set_plugin] (0x2000): CR #0: Setting "User by name" plugin (Tue Mar 17 10:39:34 2020) [sssd[ssh]] [cache_req_send] (0x0400): CR #0: New request 'User by name' (Tue Mar 17 10:39:34 2020) [sssd[ssh]] [cache_req_process_input] (0x0400): CR #0: Parsing input name [IIN32000000001] (Tue Mar 17 10:39:34 2020) [sssd[ssh]] [sss_parse_name_for_domains] (0x0200): name 'IIN32000000001' matched without domain, user is IIN32000000001 (Tue Mar 17 10:39:34 2020) [sssd[ssh]] [cache_req_set_name] (0x0400): CR #0: Setting name [IIN32000000001] (Tue Mar 17 10:39:34 2020) [sssd[ssh]] [cache_req_select_domains] (0x0400): CR #0: Performing a multi-domain search (Tue Mar 17 10:39:34 2020) [sssd[ssh]] [cache_req_search_domains] (0x0400): CR #0: Search will check the cache and check the data provider (Tue Mar 17 10:39:34 2020) [sssd[ssh]] [cache_req_validate_domain_type] (0x2000): Request type POSIX-only for domain LDAP type POSIX is valid (Tue Mar 17 10:39:34 2020) [sssd[ssh]] [cache_req_set_domain] (0x0400): CR #0: Using domain [LDAP] (Tue Mar 17 10:39:34 2020) [sssd[ssh]] [cache_req_prepare_domain_data] (0x0400): CR #0: Preparing input data for domain [LDAP] rules (Tue Mar 17 10:39:34 2020) [sssd[ssh]] [cache_req_search_send] (0x0400): CR #0: Looking up IIN32000000001@ldap (Tue Mar 17 10:39:34 2020) [sssd[ssh]] [cache_req_search_ncache] (0x0400): CR #0: Checking negative cache for [IIN32000000001@ldap] (Tue Mar 17 10:39:34 2020) [sssd[ssh]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/LDAP/IIN32000000001@ldap] (Tue Mar 17 10:39:34 2020) [sssd[ssh]] [cache_req_search_ncache] (0x0400): CR #0: [IIN32000000001@ldap] is not present in negative cache (Tue Mar 17 10:39:34 2020) [sssd[ssh]] [cache_req_search_cache] (0x0400): CR #0: Looking up [IIN32000000001@ldap] in cache (Tue Mar 17 10:39:34 2020) [sssd[ssh]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x55e6a321fcd0 (Tue Mar 17 10:39:34 2020) [sssd[ssh]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x55e6a321fda0 (Tue Mar 17 10:39:34 2020) [sssd[ssh]] [ldb] (0x4000): Running timer event 0x55e6a321fcd0 "ltdb_callback" (Tue Mar 17 10:39:34 2020) [sssd[ssh]] [ldb] (0x4000): Destroying timer event 0x55e6a321fda0 "ltdb_timeout" (Tue Mar 17 10:39:34 2020) [sssd[ssh]] [ldb] (0x4000): Destroying timer event 0x55e6a321fcd0 "ltdb_callback" (Tue Mar 17 10:39:34 2020) [sssd[ssh]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x55e6a321fc00 (Tue Mar 17 10:39:34 2020) [sssd[ssh]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x55e6a321fcd0 (Tue Mar 17 10:39:34 2020) [sssd[ssh]] [ldb] (0x4000): Running timer event 0x55e6a321fc00 "ltdb_callback" (Tue Mar 17 10:39:34 2020) [sssd[ssh]] [ldb] (0x4000): Destroying timer event 0x55e6a321fcd0 "ltdb_timeout" (Tue Mar 17 10:39:34 2020) [sssd[ssh]] [ldb] (0x4000): Destroying timer event 0x55e6a321fc00 "ltdb_callback" (Tue Mar 17 10:39:34 2020) [sssd[ssh]] [cache_req_search_send] (0x0400): CR #0: Returning [IIN32000000001@ldap] from cache (Tue Mar 17 10:39:34 2020) [sssd[ssh]] [cache_req_search_ncache_filter] (0x0400): CR #0: This request type does not support filtering result by negative cache (Tue Mar 17 10:39:34 2020) [sssd[ssh]] [cache_req_create_and_add_result] (0x0400): CR #0: Found 1 entries in domain LDAP (Tue Mar 17 10:39:34 2020) [sssd[ssh]] [cache_req_done] (0x0400): CR #0: Finished: Success (Tue Mar 17 10:39:34 2020) [sssd[ssh]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x55e6a3223080 (Tue Mar 17 10:39:34 2020) [sssd[ssh]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x55e6a3223150 (Tue Mar 17 10:39:34 2020) [sssd[ssh]] [ldb] (0x4000): Running timer event 0x55e6a3223080 "ltdb_callback" (Tue Mar 17 10:39:34 2020) [sssd[ssh]] [ldb] (0x4000): Destroying timer event 0x55e6a3223150 "ltdb_timeout" (Tue Mar 17 10:39:34 2020) [sssd[ssh]] [ldb] (0x4000): Destroying timer event 0x55e6a3223080 "ltdb_callback" (Tue Mar 17 10:39:34 2020) [sssd[ssh]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x55e6a3223080 (Tue Mar 17 10:39:34 2020) [sssd[ssh]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x55e6a3223150 (Tue Mar 17 10:39:34 2020) [sssd[ssh]] [ldb] (0x4000): Running timer event 0x55e6a3223080 "ltdb_callback" (Tue Mar 17 10:39:34 2020) [sssd[ssh]] [ldb] (0x4000): Destroying timer event 0x55e6a3223150 "ltdb_timeout" (Tue Mar 17 10:39:34 2020) [sssd[ssh]] [ldb] (0x4000): Destroying timer event 0x55e6a3223080 "ltdb_callback" (Tue Mar 17 10:39:34 2020) [sssd[ssh]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x55e6a3223080 (Tue Mar 17 10:39:34 2020) [sssd[ssh]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x55e6a3223150 (Tue Mar 17 10:39:34 2020) [sssd[ssh]] [ldb] (0x4000): Running timer event 0x55e6a3223080 "ltdb_callback" (Tue Mar 17 10:39:34 2020) [sssd[ssh]] [ldb] (0x4000): Destroying timer event 0x55e6a3223150 "ltdb_timeout" (Tue Mar 17 10:39:34 2020) [sssd[ssh]] [ldb] (0x4000): Destroying timer event 0x55e6a3223080 "ltdb_callback" (Tue Mar 17 10:39:34 2020) [sssd[ssh]] [child_handler_setup] (0x2000): Setting up signal handler up for pid [24442] (Tue Mar 17 10:39:34 2020) [sssd[ssh]] [child_handler_setup] (0x2000): Signal handler set up for pid [24442] (Tue Mar 17 10:39:34 2020) [sssd[ssh]] [child_sig_handler] (0x1000): Waiting for child [24442]. (Tue Mar 17 10:39:34 2020) [sssd[ssh]] [child_sig_handler] (0x0020): child [24442] failed with status [1]. (Tue Mar 17 10:39:34 2020) [sssd[ssh]] [cert_to_ssh_key_done] (0x0040): /usr/libexec/sssd/p11_child failed with status [256] (Tue Mar 17 10:39:34 2020) [sssd[ssh]] [cert_to_ssh_key_done] (0x0080): Certificate [MIIGMTCCBBmgAwIBAgIUfYWZ212wMteK0jjnnXd6dqlqkIkwDQYJKoZIhvcNAQELBQAwLTELMAkGA1UEBhMCS1oxHjAcBgNVBAMMFdKw0JrQniAzLjAgKFJTQSBURVNUKTAeFw0xOTA0MDQwODU0NTRaFw0yMTA0MDMwODU0NTRaMIGvMSIwIAYDVQQDDBnQotCV0KHQotCi0J7QkiDQotCV0KHQotCiMRcwFQYDVQQEDA7QotCV0KHQotCi0J7QkjEYMBYGA1UEBRMPSUlOMTIzNDU2Nzg5MDEyMQswCQYDVQQGEwJLWjEVMBMGA1UEBwwM0JDQodCi0JDQndCQMRUwEwYDVQQIDAzQkNCh0KLQkNCd0JAxGzAZBgNVBCoMEtCi0JXQodCi0KLQntCS0JjQpzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAI9kXtq5MjdOP+6uelfthsbeOFCrjPQdypbwkDgIoas054FJvKHgfX9apVHvbMrNK7/atFMbfrv1gxbLqFkHPs5/u2dDo4GWZmYDHIWSRRTVlVEoVHJVYHOZPxio6N611pgSvh/1yM5XbYRK08kKF5mbLIxEw62VMDfZ1DutYEtyOmQsVBmEiducfklQQS6JVMpdnnENHOksJU3H9UXIvEeA+N+/SZY4ane1UIFFieZb/zak5y9gZC1Iluwv0vIiy4lZU3MlZBra/iCs1/c4K5Y7rAiI9olydg229G00cK17E+JwnuJoKaCPGBaxQoLJpUgU2f5JOBHzXOXn2WuZ8MMCAwEAAaOCAcQwggHAMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKoMOAwMEAQEwHwYDVR0jBBgwFoAUpowWM3y46DVnBj5eQVdVo q80UGgwHQYDVR0OBBYEFLoJ735qnU1Q4y8AEtPdJI2lqQVfMF4GA1UdIARXMFUwUwYHKoMOAwMCBDBIMCEGCCsGAQUFBwIBFhVodHRwOi8vcGtpLmdvdi5rei9jcHMwIwYIKwYBBQUHAgIwFwwVaHR0cDovL3BraS5nb3Yua3ovY3BzMDwGA1UdHwQ1MDMwMaAvoC2GK2h0dHA6Ly90ZXN0LnBraS5nb3Yua3ovY3JsL25jYV9yc2FfdGVzdC5jcmwwPgYDVR0uBDcwNTAzoDGgL4YtaHR0cDovL3Rlc3QucGtpLmdvdi5rei9jcmwvbmNhX2RfcnNhX3Rlc3QuY3JsMHEGCCsGAQUFBwEBBGUwYzA4BggrBgEFBQcwAoYsaHR0cDovL3Rlc3QucGtpLmdvdi5rei9jZXJ0L25jYV9yc2FfdGVzdC5jZXIwJwYIKwYBBQUHMAGGG2h0dHA6Ly90ZXN0LnBraS5nb3Yua3ovb2NzcDANBgkqhkiG9w0BAQsFAAOCAgEACnYpytjbyuV3sRojnlyxEC7HG7BgcDDy6rS/kfOtK6X5+MGCT/zvwksZOumN5Jg5TPdJuKt3ebKJGIBVr474mHFk7Nq0F8WxuAWNffjoL0Lvcuon4Zwq/W8h4t6PYutD4NEauIPEa8X8BGPgMn+YqOc3sfEruXh8rmcSJ/zuT7uw1wD6ZQlNsniioengKIgapDVDHuzoV/r//rEANwIpntAyjXFh+fjx+CDCx2sLxYjlVgyxNzT53mD6ZqsMlg6NrajJe/GvS0A38jKNyxW/DPX06NToWP/hu7M4P2/WiskjKVgOxqQcc4yzTfKV41DmEmGGC7sT1r3YeZ4dH/KQRpjowBOSKmUZq4/XR0yXXhpTDtiiRwXkQgM1p4SKE19bBqGuc76lDgmffPPPj4B+3HZqaprIIDG3YA3/W4rwUoWBQPGGCXpOBvGEQptEHItx4YiEZTQuvdCtlW585kUyol39sK v2uIo/FgycBd8NufOInGCLUgpZec4zVLZN9Shj+M20BMUh+SiGoL/kJAi2XdM922U3po9a2FbULvJfOlsFY2Z6n+TUZZVXBCUIEE6Ek4tTIGjHWj7uQVGLjw0PcHf11CtrMZO7Y+OTBb/Y0oyUY9JOyzSqhj4rt4nNkzR1vMGVYMNISoXbDgYBaAKuv2oSpG6yQdlufS8M/YWxAWw=] is not valid. (Tue Mar 17 10:39:34 2020) [sssd[ssh]] [ssh_protocol_done] (0x4000): Sending reply: success (Tue Mar 17 10:39:34 2020) [sssd[ssh]] [client_recv] (0x0200): Client disconnected! (Tue Mar 17 10:39:34 2020) [sssd[ssh]] [client_close_fn] (0x2000): Terminated client [0x55e6a3217350][18] In /etc/sssd/sssd.conf certificate verification and ocsp are disabled: "certificate_verification = no_ocsp, no_verification" is added in [sssd] section of sssd configuration file BR, Hristina _______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org
