On Thu, Feb 20, 2020 at 08:59:01AM -0000, Sunil via FreeIPA-users
wrote:
Hi,
please check
https://docs.pagure.org/SSSD.sssd/users/troubleshooting.html to see how
to enable debugging in SSSD. There are also common issues described.
Since there is a 'permission denied' error, I wonder if you already had
some HBAC rules enabled and disabled the 'allow_all' rule?
bye,
Sumit
Thx Sumit for views
HBAC rules enabled : allow_all
This is the sssd logs I get :
(Fri Feb 21 07:28:25 2020) [sssd[be[sunil.lan]]] [dp_pam_handler] (0x0100): Got request
with the following data
(Fri Feb 21 07:28:25 2020) [sssd[be[sunil.lan]]] [pam_print_data] (0x0100): command:
SSS_PAM_CHAUTHTOK
(Fri Feb 21 07:28:25 2020) [sssd[be[sunil.lan]]] [pam_print_data] (0x0100): domain:
sunil.lan
(Fri Feb 21 07:28:25 2020) [sssd[be[sunil.lan]]] [pam_print_data] (0x0100): user:
skumar(a)sunil.lan
(Fri Feb 21 07:28:25 2020) [sssd[be[sunil.lan]]] [pam_print_data] (0x0100): service: sshd
(Fri Feb 21 07:28:25 2020) [sssd[be[sunil.lan]]] [pam_print_data] (0x0100): tty: ssh
(Fri Feb 21 07:28:25 2020) [sssd[be[sunil.lan]]] [pam_print_data] (0x0100): ruser:
(Fri Feb 21 07:28:25 2020) [sssd[be[sunil.lan]]] [pam_print_data] (0x0100): rhost:
127.0.0.1
(Fri Feb 21 07:28:25 2020) [sssd[be[sunil.lan]]] [pam_print_data] (0x0100): authtok type:
1
(Fri Feb 21 07:28:25 2020) [sssd[be[sunil.lan]]] [pam_print_data] (0x0100): newauthtok
type: 1
(Fri Feb 21 07:28:25 2020) [sssd[be[sunil.lan]]] [pam_print_data] (0x0100): priv: 1
(Fri Feb 21 07:28:25 2020) [sssd[be[sunil.lan]]] [pam_print_data] (0x0100): cli_pid:
21631
(Fri Feb 21 07:28:25 2020) [sssd[be[sunil.lan]]] [pam_print_data] (0x0100): logon name:
not set
(Fri Feb 21 07:28:25 2020) [sssd[be[sunil.lan]]] [fo_resolve_service_send] (0x0100):
Trying to resolve service 'IPA'
(Fri Feb 21 07:28:25 2020) [sssd[be[sunil.lan]]] [be_resolve_server_process] (0x0200):
Found address for server ipa.sunil.lan: [10.0.9.229] TTL 7200
(Fri Feb 21 07:28:25 2020) [sssd[be[sunil.lan]]] [fo_set_port_status] (0x0100): Marking
port 0 of server 'ipa.sunil.lan' as 'not working'
(Fri Feb 21 07:28:25 2020) [sssd[be[sunil.lan]]] [fo_resolve_service_send] (0x0100):
Trying to resolve service 'IPA'
(Fri Feb 21 07:28:25 2020) [sssd[be[sunil.lan]]] [get_port_status] (0x0080): SSSD is
unable to complete the full connection request, this internal status does not necessarily
indicate network port issues.
(Fri Feb 21 07:28:25 2020) [sssd[be[sunil.lan]]] [get_port_status] (0x0080): SSSD is
unable to complete the full connection request, this internal status does not necessarily
indicate network port issues.
(Fri Feb 21 07:28:25 2020) [sssd[be[sunil.lan]]] [get_port_status] (0x0100): Resetting the
status of port 0 for server '(no name)'
(Fri Feb 21 07:28:25 2020) [sssd[be[sunil.lan]]] [resolve_srv_send] (0x0200): The status
of SRV lookup is neutral
(Fri Feb 21 07:28:25 2020) [sssd[be[sunil.lan]]] [resolv_getsrv_send] (0x0100): Trying to
resolve SRV record of '_ldap._tcp.sunil.lan'
(Fri Feb 21 07:28:25 2020) [sssd[be[sunil.lan]]] [child_sig_handler] (0x0100): child
[21639] finished successfully.
(Fri Feb 21 07:28:25 2020) [sssd[be[sunil.lan]]] [resolv_discover_srv_done] (0x0040): SRV
query failed [4]: Domain name not found
(Fri Feb 21 07:28:25 2020) [sssd[be[sunil.lan]]] [fo_set_port_status] (0x0100): Marking
port 0 of server '(no name)' as 'not working'
(Fri Feb 21 07:28:25 2020) [sssd[be[sunil.lan]]] [resolve_srv_done] (0x0040): Unable to
resolve SRV [1432158236]: SRV record not found
(Fri Feb 21 07:28:25 2020) [sssd[be[sunil.lan]]] [set_srv_data_status] (0x0100): Marking
SRV lookup of service 'IPA' as 'not resolved'
(Fri Feb 21 07:28:25 2020) [sssd[be[sunil.lan]]] [be_resolve_server_process] (0x0080):
Couldn't resolve server (SRV lookup meta-server), resolver returned [1432158236]: SRV
record not found
(Fri Feb 21 07:28:25 2020) [sssd[be[sunil.lan]]] [fo_resolve_service_send] (0x0100):
Trying to resolve service 'IPA'
(Fri Feb 21 07:28:25 2020) [sssd[be[sunil.lan]]] [get_port_status] (0x0080): SSSD is
unable to complete the full connection request, this internal status does not necessarily
indicate network port issues.
(Fri Feb 21 07:28:25 2020) [sssd[be[sunil.lan]]] [get_port_status] (0x0080): SSSD is
unable to complete the full connection request, this internal status does not necessarily
indicate network port issues.
(Fri Feb 21 07:28:25 2020) [sssd[be[sunil.lan]]] [fo_resolve_service_send] (0x0020): No
available servers for service 'IPA'
(Fri Feb 21 07:28:25 2020) [sssd[be[sunil.lan]]] [be_run_offline_cb] (0x0080): Going
offline. Running callbacks.