On Fri, 2017-05-19 at 14:14 +0200, Lukas Slebodnik wrote:
On (19/05/17 12:07), Joakim Tjernlund wrote:
> On Fri, 2017-05-19 at 13:43 +0200, Lukas Slebodnik wrote:
> > On (19/05/17 11:31), Joakim Tjernlund wrote:
> > > On Fri, 2017-05-19 at 13:22 +0200, Lukas Slebodnik wrote:
> > > > On (19/05/17 10:37), Joakim Tjernlund wrote:
> > > > > On Thu, 2017-05-18 at 11:40 -0400, Striker Leggette wrote:
> > > > > > I can understand the first unlock from waking up from
sleep. For the second, bump your debug_level in sssd.conf up to 7 and then check to see
if you have any "Got request" lines in /var/log/sssd/sssd_domain.log for the
second login attempt from the lock screen. You should be able to see if it is using
cached creds or actively trying to parse the domain server.
> > > > > > Can you paste your sssd.conf also?
> > > > >
> >
> > But renew failed and sssd went offline.
> >
> > Could you truncate sssd log file (truncate -s 0 /var/log/sssd/*)
> > Then try to reproduce one more time and provide not only domain log file but
> > also *child log files.
>
> Did that but I did not get a child log file at all.
>
If you can see debug messages from following functions
write_pipe_handler
read_pipe_handler
parse_krb5_child_response
Then krb5_child was executed. And there will be non-empty file
/var/log/sssd/krb5_child.log.
I can see:
se-jocke-lx sssds # grep write_pipe_handler *
sssd_infinera.com.log:(Fri May 19 13:45:06 2017) [sssd[be[infinera.com]]]
[write_pipe_handler] (0x0400): All
data has been sent!
se-jocke-lx sssds # grep read_pipe_handler *
sssd_infinera.com.log:(Fri May 19 13:45:06 2017) [sssd[be[infinera.com]]]
[read_pipe_handler] (0x0400): EOF
received, client finished
se-jocke-lx sssds # grep parse_krb5_child_response *
sssd_infinera.com.log:(Fri May 19 13:45:06 2017) [sssd[be[infinera.com]]]
[parse_krb5_child_response]
(0x1000): child response [0][3][33].
but only these files:
ls
./ ../ sssd_infinera.com.log sssd.log sssd_nss.log sssd_pam.log
to start debug logging I did a:
# > sss_debuglevel 7
should I do something more?
> > Attachments or pastebin are usually better
> > then direct inclusion of log into mail.
>
> Sure, will attach next time
Looking forward to new log files :-)
Yes, but ATM I don't have anything new to add :(