I am running CentOS 6.4 and I have sssd-1.9.2-82 installed. I would like to log into my machine by querying an OpenLDAP server running else where. The big difference that I have from the normal sssd setup, is I only want to use the local Unix accounts (/etc/passwd and /etc/shadow) if my LDAP server is offline.
So how do I do this? Should I be able to do all of this through pam? Either way, the issue I am seeing with sssd is the return value of pam when sssd can't connect to my ldap server. It always returns 'user_unknown' instead of 'authinfo_unavail' as I would expect. Am I configuring something incorrectly?
(Tue Mar 18 19:09:52 2014) [sssd[be[default]]] [sbus_message_handler] (0x4000): Received SBUS method [getAccountInfo]
(Tue Mar 18 19:09:52 2014) [sssd[be[default]]] [be_get_account_info] (0x0100): Got request for [3][1][name=user]
(Tue Mar 18 19:09:52 2014) [sssd[be[default]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x196b8f0
(Tue Mar 18 19:09:52 2014) [sssd[be[default]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x196c2b0
(Tue Mar 18 19:09:52 2014) [sssd[be[default]]] [ldb] (0x4000): Destroying timer event 0x196c2b0 "ltdb_timeout"
(Tue Mar 18 19:09:52 2014) [sssd[be[default]]] [ldb] (0x4000): Ending timer event 0x196b8f0 "ltdb_callback"
(Tue Mar 18 19:09:52 2014) [sssd[be[default]]] [acctinfo_callback] (0x0100): Request processed. Returned 1,11,Offline
(Tue Mar 18 19:09:52 2014) [sssd[be[default]]] [sbus_dispatch] (0x4000): dbus conn: 1964B00
(Tue Mar 18 19:09:52 2014) [sssd[be[default]]] [sbus_dispatch] (0x4000): Dispatching.
(Tue Mar 18 19:09:52 2014) [sssd[pam]] [accept_fd_handler] (0x0400): Client connected to privileged pipe!
(Tue Mar 18 19:09:52 2014) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6cc030][19]
(Tue Mar 18 19:09:52 2014) [sssd[pam]] [sss_cmd_get_version] (0x0200): Received client version [3].
(Tue Mar 18 19:09:52 2014) [sssd[pam]] [sss_cmd_get_version] (0x0200): Offered version [3].
(Tue Mar 18 19:09:52 2014) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6cc030][19]
(Tue Mar 18 19:09:52 2014) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6cc030][19]
(Tue Mar 18 19:09:52 2014) [sssd[pam]] [pam_cmd_authenticate] (0x0100): entering pam_cmd_authenticate
(Tue Mar 18 19:09:52 2014) [sssd[pam]] [sss_parse_name_for_domains] (0x0200): name 'user' matched without domain, user is user
(Tue Mar 18 19:09:52 2014) [sssd[pam]] [sss_parse_name_for_domains] (0x0200): using default domain [(null)]
(Tue Mar 18 19:09:52 2014) [sssd[pam]] [pam_print_data] (0x0100): command: PAM_AUTHENTICATE
(Tue Mar 18 19:09:52 2014) [sssd[pam]] [pam_print_data] (0x0100): domain: not set
(Tue Mar 18 19:09:52 2014) [sssd[pam]] [pam_print_data] (0x0100): user: user
(Tue Mar 18 19:09:52 2014) [sssd[pam]] [pam_print_data] (0x0100): service: sshd
(Tue Mar 18 19:09:52 2014) [sssd[pam]] [pam_print_data] (0x0100): tty: ssh
(Tue Mar 18 19:09:52 2014) [sssd[pam]] [pam_print_data] (0x0100): ruser: not set
(Tue Mar 18 19:09:52 2014) [sssd[pam]] [pam_print_data] (0x0100): rhost: test-server
(Tue Mar 18 19:09:52 2014) [sssd[pam]] [pam_print_data] (0x0100): authtok type: 1
(Tue Mar 18 19:09:52 2014) [sssd[pam]] [pam_print_data] (0x0100): authtok size: 8
(Tue Mar 18 19:09:52 2014) [sssd[pam]] [pam_print_data] (0x0100): newauthtok type: 0
(Tue Mar 18 19:09:52 2014) [sssd[pam]] [pam_print_data] (0x0100): newauthtok size: 0
(Tue Mar 18 19:09:52 2014) [sssd[pam]] [pam_print_data] (0x0100): priv: 1
(Tue Mar 18 19:09:52 2014) [sssd[pam]] [pam_print_data] (0x0100): cli_pid: 10665
(Tue Mar 18 19:09:52 2014) [sssd[pam]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/default/user]
(Tue Mar 18 19:09:52 2014) [sssd[pam]] [sss_dp_issue_request] (0x0400): Issuing request for [0x41b300:3:user@default]
(Tue Mar 18 19:09:52 2014) [sssd[pam]] [sss_dp_get_account_msg] (0x0400): Creating request for [default][3][1][name=user]
(Tue Mar 18 19:09:52 2014) [sssd[pam]] [sbus_add_timeout] (0x2000): 0x6cdf20
(Tue Mar 18 19:09:52 2014) [sssd[pam]] [sss_dp_internal_get_send] (0x0400): Entering request [0x41b300:3:user@default]
(Tue Mar 18 19:09:52 2014) [sssd[pam]] [sbus_remove_timeout] (0x2000): 0x6cdf20
(Tue Mar 18 19:09:52 2014) [sssd[pam]] [sbus_dispatch] (0x4000): dbus conn: 6C8DE0
(Tue Mar 18 19:09:52 2014) [sssd[pam]] [sbus_dispatch] (0x4000): Dispatching.
(Tue Mar 18 19:09:52 2014) [sssd[pam]] [sss_dp_get_reply] (0x1000): Got reply from Data Provider - DP error code: 1 errno: 11 error message: Offline
(Tue Mar 18 19:09:52 2014) [sssd[pam]] [pam_check_user_dp_callback] (0x0040): Unable to get information from Data Provider
Error: 1, 11, Offline
(Tue Mar 18 19:09:52 2014) [sssd[pam]] [pam_check_user_search] (0x0100): Requesting info for [user@default]
(Tue Mar 18 19:09:52 2014) [sssd[pam]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x6d7360
(Tue Mar 18 19:09:52 2014) [sssd[pam]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x6d7480
(Tue Mar 18 19:09:52 2014) [sssd[pam]] [ldb] (0x4000): Destroying timer event 0x6d7480 "ltdb_timeout"
(Tue Mar 18 19:09:52 2014) [sssd[pam]] [ldb] (0x4000): Ending timer event 0x6d7360 "ltdb_callback"
(Tue Mar 18 19:09:52 2014) [sssd[pam]] [pam_check_user_search] (0x0080): No matching domain found for [user], fail!
(Tue Mar 18 19:09:52 2014) [sssd[pam]] [pam_reply] (0x0200): pam_reply called with result [10].
(Tue Mar 18 19:09:52 2014) [sssd[pam]] [pam_reply] (0x0100): blen: 8
(Tue Mar 18 19:09:52 2014) [sssd[pam]] [sss_dp_req_destructor] (0x0400): Deleting request: [0x41b300:3:user@default]
(Tue Mar 18 19:09:52 2014) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6cc030][19]
(Tue Mar 18 19:09:52 2014) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x6cc030][19]
(Tue Mar 18 19:09:52 2014) [sssd[pam]] [client_recv] (0x0200): Client disconnected!
(Tue Mar 18 19:09:52 2014) [sssd[pam]] [client_destructor] (0x2000): Terminated client [0x6cc030][19]
I tried to provide only the portions of files that I found relevant. I can provide more upon request.