On Fri, Feb 21, 2020 at 12:32:54PM -0000, Sunil Phogat via FreeIPA-users wrote:
> On Thu, Feb 20, 2020 at 08:59:01AM -0000, Sunil via
FreeIPA-users wrote:
>
> Hi,
>
> please check
>
https://docs.pagure.org/SSSD.sssd/users/troubleshooting.html to see how
> to enable debugging in SSSD. There are also common issues described.
>
> Since there is a 'permission denied' error, I wonder if you already had
> some HBAC rules enabled and disabled the 'allow_all' rule?
>
> bye,
> Sumit
Thx Sumit for views
HBAC rules enabled : allow_all
This is the sssd logs I get :
(Fri Feb 21 07:28:25 2020) [sssd[be[sunil.lan]]] [dp_pam_handler] (0x0100): Got request
with the following data
(Fri Feb 21 07:28:25 2020) [sssd[be[sunil.lan]]] [pam_print_data] (0x0100): command:
SSS_PAM_CHAUTHTOK
Hi,
this is a request trying to change the password, this is typically not
related to authentication.
(Fri Feb 21 07:28:25 2020) [sssd[be[sunil.lan]]] [pam_print_data]
(0x0100): domain: sunil.lan
(Fri Feb 21 07:28:25 2020) [sssd[be[sunil.lan]]] [pam_print_data] (0x0100): user:
skumar(a)sunil.lan
(Fri Feb 21 07:28:25 2020) [sssd[be[sunil.lan]]] [pam_print_data] (0x0100): service:
sshd
(Fri Feb 21 07:28:25 2020) [sssd[be[sunil.lan]]] [pam_print_data] (0x0100): tty: ssh
(Fri Feb 21 07:28:25 2020) [sssd[be[sunil.lan]]] [pam_print_data] (0x0100): ruser:
(Fri Feb 21 07:28:25 2020) [sssd[be[sunil.lan]]] [pam_print_data] (0x0100): rhost:
127.0.0.1
(Fri Feb 21 07:28:25 2020) [sssd[be[sunil.lan]]] [pam_print_data] (0x0100): authtok type:
1
(Fri Feb 21 07:28:25 2020) [sssd[be[sunil.lan]]] [pam_print_data] (0x0100): newauthtok
type: 1
(Fri Feb 21 07:28:25 2020) [sssd[be[sunil.lan]]] [pam_print_data] (0x0100): priv: 1
(Fri Feb 21 07:28:25 2020) [sssd[be[sunil.lan]]] [pam_print_data] (0x0100): cli_pid:
21631
(Fri Feb 21 07:28:25 2020) [sssd[be[sunil.lan]]] [pam_print_data] (0x0100): logon name:
not set
(Fri Feb 21 07:28:25 2020) [sssd[be[sunil.lan]]] [fo_resolve_service_send] (0x0100):
Trying to resolve service 'IPA'
(Fri Feb 21 07:28:25 2020) [sssd[be[sunil.lan]]] [be_resolve_server_process] (0x0200):
Found address for server ipa.sunil.lan: [10.0.9.229] TTL 7200
(Fri Feb 21 07:28:25 2020) [sssd[be[sunil.lan]]] [fo_set_port_status] (0x0100): Marking
port 0 of server 'ipa.sunil.lan' as 'not working'
(Fri Feb 21 07:28:25 2020) [sssd[be[sunil.lan]]] [fo_resolve_service_send] (0x0100):
Trying to resolve service 'IPA'
(Fri Feb 21 07:28:25 2020) [sssd[be[sunil.lan]]] [get_port_status] (0x0080): SSSD is
unable to complete the full connection request, this internal status does not necessarily
indicate network port issues.
(Fri Feb 21 07:28:25 2020) [sssd[be[sunil.lan]]] [get_port_status] (0x0080): SSSD is
unable to complete the full connection request, this internal status does not necessarily
indicate network port issues.
(Fri Feb 21 07:28:25 2020) [sssd[be[sunil.lan]]] [get_port_status] (0x0100): Resetting
the status of port 0 for server '(no name)'
(Fri Feb 21 07:28:25 2020) [sssd[be[sunil.lan]]] [resolve_srv_send] (0x0200): The status
of SRV lookup is neutral
(Fri Feb 21 07:28:25 2020) [sssd[be[sunil.lan]]] [resolv_getsrv_send] (0x0100): Trying to
resolve SRV record of '_ldap._tcp.sunil.lan'
Looks like DNS is not configured properly, are you using the DNS server
integrated in FreeIPA or an external one?
bye,
Sumit
(Fri Feb 21 07:28:25 2020) [sssd[be[sunil.lan]]] [child_sig_handler]
(0x0100): child [21639] finished successfully.
(Fri Feb 21 07:28:25 2020) [sssd[be[sunil.lan]]] [resolv_discover_srv_done] (0x0040): SRV
query failed [4]: Domain name not found
(Fri Feb 21 07:28:25 2020) [sssd[be[sunil.lan]]] [fo_set_port_status] (0x0100): Marking
port 0 of server '(no name)' as 'not working'
(Fri Feb 21 07:28:25 2020) [sssd[be[sunil.lan]]] [resolve_srv_done] (0x0040): Unable to
resolve SRV [1432158236]: SRV record not found
(Fri Feb 21 07:28:25 2020) [sssd[be[sunil.lan]]] [set_srv_data_status] (0x0100): Marking
SRV lookup of service 'IPA' as 'not resolved'
(Fri Feb 21 07:28:25 2020) [sssd[be[sunil.lan]]] [be_resolve_server_process] (0x0080):
Couldn't resolve server (SRV lookup meta-server), resolver returned [1432158236]: SRV
record not found
(Fri Feb 21 07:28:25 2020) [sssd[be[sunil.lan]]] [fo_resolve_service_send] (0x0100):
Trying to resolve service 'IPA'
(Fri Feb 21 07:28:25 2020) [sssd[be[sunil.lan]]] [get_port_status] (0x0080): SSSD is
unable to complete the full connection request, this internal status does not necessarily
indicate network port issues.
(Fri Feb 21 07:28:25 2020) [sssd[be[sunil.lan]]] [get_port_status] (0x0080): SSSD is
unable to complete the full connection request, this internal status does not necessarily
indicate network port issues.
(Fri Feb 21 07:28:25 2020) [sssd[be[sunil.lan]]] [fo_resolve_service_send] (0x0020): No
available servers for service 'IPA'
(Fri Feb 21 07:28:25 2020) [sssd[be[sunil.lan]]] [be_run_offline_cb] (0x0080): Going
offline. Running callbacks.
_______________________________________________
FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho...