On Tue, May 01, 2018 at 01:53:48PM +0200, cedric hottier wrote:
Dear sssd users,
I observe that at each sssd start, the credentials cache is cleared. Is it
an expected behavior ?
If yes, is there a parameter to make this caching permanent (or at least
not erased at each sssd restart ).
My issue is that If I reboot my laptop without connection to my KDC, I am
not able to log due to [sysdb_cache_auth] cached credentials not available.
here is my config : Debian testing / SSD version : 1.16.1
/etc/sssd/sssd.conf :
[sssd]
services = nss, pam, ifp
domains = ECCM.LAN
[pam]
pam_verbosity = 2
offline_credentials_expiration = 0
/etc/sssd/conf.d/01_ECCM_LAN.conf
[domain/ECCM.LAN]
debug_level = 10
id_provider = files
I'm afraid this is a known bug with id_provider=files. I was looking
into fixing this last week, but I don't have a patch yet.
In the meantime, you can use:
id_provider=proxy
proxy_lib_name=files
I think that should work in the meantime..
auth_provider = krb5
krb5_server = DebianCubox.eccm.lan
krb5_realm = ECCM.LAN
krb5_validate = true
krb5_ccachedir = /var/tmp
krb5_keytab = /etc/krb5.keytab
krb5_store_password_if_offline = true
cache_credentials = true
After a fresh reboot, I am able to log in only if the krb5_server is
available.
As long as I do not restart the sssd daemon, I am able to log in.
The credentials caching seems to work properly as I see
" Authenticated with cache credentials " at each TTY console just before
the usual loggin message.
But If restart the sssd daemon while disconnected from the network, I am
not able to log in anymore. The credentials cache seems to have been
cleared.
Here is the /var/log/sssd/krb5_child.log
(Tue May 1 12:35:44 2018) [[sssd[krb5_child[8942]]]] [main] (0x0400):
krb5_child started.
(Tue May 1 12:35:44 2018) [[sssd[krb5_child[8942]]]] [unpack_buffer]
(0x1000): total buffer size: [128]
(Tue May 1 12:35:44 2018) [[sssd[krb5_child[8942]]]] [unpack_buffer]
(0x0100): cmd [241] uid [1000] gid [1000] validate [true] enterprise
principal [false] offline [true] UPN [cedric(a)ECCM.LAN]
(Tue May 1 12:35:44 2018) [[sssd[krb5_child[8942]]]] [unpack_buffer]
(0x2000): No old ccache
(Tue May 1 12:35:44 2018) [[sssd[krb5_child[8942]]]] [unpack_buffer]
(0x0100): ccname: [FILE:/var/tmp/krb5cc_1000_XXXXXX] old_ccname: [not set]
keytab: [/etc/krb5.keytab]
(Tue May 1 12:35:44 2018) [[sssd[krb5_child[8942]]]] [check_use_fast]
(0x0100): Not using FAST.
(Tue May 1 12:35:44 2018) [[sssd[krb5_child[8942]]]]
[k5c_precreate_ccache] (0x4000): Recreating ccache
(Tue May 1 12:35:44 2018) [[sssd[krb5_child[8942]]]]
[privileged_krb5_setup] (0x0080): Cannot open the PAC responder socket
(Tue May 1 12:35:44 2018) [[sssd[krb5_child[8942]]]] [become_user]
(0x0200): Trying to become user [1000][1000].
(Tue May 1 12:35:44 2018) [[sssd[krb5_child[8942]]]] [main] (0x2000):
Running as [1000][1000].
(Tue May 1 12:35:44 2018) [[sssd[krb5_child[8942]]]] [become_user]
(0x0200): Trying to become user [1000][1000].
(Tue May 1 12:35:44 2018) [[sssd[krb5_child[8942]]]] [become_user]
(0x0200): Already user [1000].
(Tue May 1 12:35:44 2018) [[sssd[krb5_child[8942]]]] [k5c_setup] (0x2000):
Running as [1000][1000].
(Tue May 1 12:35:44 2018) [[sssd[krb5_child[8942]]]]
[set_lifetime_options] (0x0100): No specific renewable lifetime requested.
(Tue May 1 12:35:44 2018) [[sssd[krb5_child[8942]]]]
[set_lifetime_options] (0x0100): No specific lifetime requested.
(Tue May 1 12:35:44 2018) [[sssd[krb5_child[8942]]]] [main] (0x0400): Will
perform offline auth
(Tue May 1 12:35:44 2018) [[sssd[krb5_child[8942]]]] [create_empty_ccache]
(0x1000): Creating empty ccache
(Tue May 1 12:35:44 2018) [[sssd[krb5_child[8942]]]] [create_empty_cred]
(0x2000): Created empty krb5_creds.
(Tue May 1 12:35:44 2018) [[sssd[krb5_child[8942]]]] [create_ccache]
(0x4000): Initializing ccache of type [FILE]
(Tue May 1 12:35:44 2018) [[sssd[krb5_child[8942]]]] [create_ccache]
(0x4000): returning: 0
(Tue May 1 12:35:44 2018) [[sssd[krb5_child[8942]]]] [k5c_send_data]
(0x0200): Received error code 0
(Tue May 1 12:35:44 2018) [[sssd[krb5_child[8942]]]]
[pack_response_packet] (0x2000): response packet size: [56]
(Tue May 1 12:35:44 2018) [[sssd[krb5_child[8942]]]] [k5c_send_data]
(0x4000): Response sent.
(Tue May 1 12:35:44 2018) [[sssd[krb5_child[8942]]]] [main] (0x0400):
krb5_child completed successfully
On /var/log/sssd/sssd_ECCM_LAN.log :
(Tue May 1 12:35:44 2018) [sssd[be[ECCM.LAN]]] [sbus_dispatch] (0x4000):
dbus conn: 0x560ea04b4be0
(Tue May 1 12:35:44 2018) [sssd[be[ECCM.LAN]]] [sbus_dispatch] (0x4000):
Dispatching.
(Tue May 1 12:35:44 2018) [sssd[be[ECCM.LAN]]] [sbus_message_handler]
(0x2000): Received SBUS method
org.freedesktop.sssd.dataprovider.getAccountInfo on path
/org/freedesktop/sssd/dataprovider
(Tue May 1 12:35:44 2018) [sssd[be[ECCM.LAN]]] [sbus_get_sender_id_send]
(0x2000): Not a sysbus message, quit
(Tue May 1 12:35:44 2018) [sssd[be[ECCM.LAN]]]
[dp_get_account_info_handler] (0x0200): Got request for
[0x3][BE_REQ_INITGROUPS][name=files_initgr_request]
(Tue May 1 12:35:44 2018) [sssd[be[ECCM.LAN]]] [sss_domain_get_state]
(0x1000): Domain ECCM.LAN is Active
...
(Tue May 1 12:35:44 2018) [sssd[be[ECCM.LAN]]] [dp_attach_req] (0x0400):
DP Request [Initgroups #2]: New request. Flags [0x0001].
(Tue May 1 12:35:44 2018) [sssd[be[ECCM.LAN]]] [dp_attach_req] (0x0400):
Number of active DP request: 1
(Tue May 1 12:35:44 2018) [sssd[be[ECCM.LAN]]] [sss_domain_get_state]
(0x1000): Domain ECCM.LAN is Active
(Tue May 1 12:35:44 2018) [sssd[be[ECCM.LAN]]]
[files_account_info_handler_send] (0x1000): The files domain no longer
needs an update
(Tue May 1 12:35:44 2018) [sssd[be[ECCM.LAN]]] [dp_req_done] (0x0400): DP
Request [Initgroups #2]: Request handler finished [0]: Succès
(Tue May 1 12:35:44 2018) [sssd[be[ECCM.LAN]]] [_dp_req_recv] (0x0400): DP
Request [Initgroups #2]: Receiving request data.
(Tue May 1 12:35:44 2018) [sssd[be[ECCM.LAN]]] [dp_req_reply_list_success]
(0x0400): DP Request [Initgroups #2]: Finished. Success.
(Tue May 1 12:35:44 2018) [sssd[be[ECCM.LAN]]] [dp_req_reply_std]
(0x1000): DP Request [Initgroups #2]: Returning [Success]: 0,0,Success
(Tue May 1 12:35:44 2018) [sssd[be[ECCM.LAN]]] [dp_table_value_destructor]
(0x0400): Removing [0:1:0x0001:3::ECCM.LAN:name=files_initgr_request] from
reply table
(Tue May 1 12:35:44 2018) [sssd[be[ECCM.LAN]]] [dp_req_destructor]
(0x0400): DP Request [Initgroups #2]: Request removed.
(Tue May 1 12:35:44 2018) [sssd[be[ECCM.LAN]]] [dp_req_destructor]
(0x0400): Number of active DP request: 0
(Tue May 1 12:35:44 2018) [sssd[be[ECCM.LAN]]] [sbus_dispatch] (0x4000):
dbus conn: 0x560ea04b4be0
(Tue May 1 12:35:44 2018) [sssd[be[ECCM.LAN]]] [sbus_dispatch] (0x4000):
Dispatching.
(Tue May 1 12:35:44 2018) [sssd[be[ECCM.LAN]]] [sbus_message_handler]
(0x2000): Received SBUS method org.freedesktop.sssd.dataprovider.pamHandler
on path /org/freedesktop/sssd/dataprovider
(Tue May 1 12:35:44 2018) [sssd[be[ECCM.LAN]]] [sbus_get_sender_id_send]
(0x2000): Not a sysbus message, quit
(Tue May 1 12:35:44 2018) [sssd[be[ECCM.LAN]]] [dp_pam_handler] (0x0100):
Got request with the following data
(Tue May 1 12:35:44 2018) [sssd[be[ECCM.LAN]]] [pam_print_data] (0x0100):
command: SSS_PAM_AUTHENTICATE
(Tue May 1 12:35:44 2018) [sssd[be[ECCM.LAN]]] [pam_print_data] (0x0100):
domain: ECCM.LAN
(Tue May 1 12:35:44 2018) [sssd[be[ECCM.LAN]]] [pam_print_data] (0x0100):
user: cedric(a)eccm.lan
(Tue May 1 12:35:44 2018) [sssd[be[ECCM.LAN]]] [pam_print_data] (0x0100):
service: login
(Tue May 1 12:35:44 2018) [sssd[be[ECCM.LAN]]] [pam_print_data] (0x0100):
tty: /dev/tty2
(Tue May 1 12:35:44 2018) [sssd[be[ECCM.LAN]]] [pam_print_data] (0x0100):
ruser:
(Tue May 1 12:35:44 2018) [sssd[be[ECCM.LAN]]] [pam_print_data] (0x0100):
rhost:
(Tue May 1 12:35:44 2018) [sssd[be[ECCM.LAN]]] [pam_print_data] (0x0100):
authtok type: 1
(Tue May 1 12:35:44 2018) [sssd[be[ECCM.LAN]]] [pam_print_data] (0x0100):
newauthtok type: 0
(Tue May 1 12:35:44 2018) [sssd[be[ECCM.LAN]]] [pam_print_data] (0x0100):
priv: 1
(Tue May 1 12:35:44 2018) [sssd[be[ECCM.LAN]]] [pam_print_data] (0x0100):
cli_pid: 8940
(Tue May 1 12:35:44 2018) [sssd[be[ECCM.LAN]]] [pam_print_data] (0x0100):
logon name: not set
(Tue May 1 12:35:44 2018) [sssd[be[ECCM.LAN]]] [dp_attach_req] (0x0400):
DP Request [PAM Authenticate #3]: New request. Flags [0000].
(Tue May 1 12:35:44 2018) [sssd[be[ECCM.LAN]]] [dp_attach_req] (0x0400):
Number of active DP request: 1
(Tue May 1 12:35:44 2018) [sssd[be[ECCM.LAN]]] [sss_domain_get_state]
(0x1000): Domain ECCM.LAN is Active
(Tue May 1 12:35:44 2018) [sssd[be[ECCM.LAN]]] [krb5_auth_queue_send]
(0x1000): Wait queue of user [cedric(a)eccm.lan] is empty, running request
[0x560ea0455cc0] immediately.
(Tue May 1 12:35:44 2018) [sssd[be[ECCM.LAN]]] [krb5_setup] (0x4000): No
mapping for: cedric(a)eccm.lan
...
(Tue May 1 12:35:44 2018) [sssd[be[ECCM.LAN]]] [krb5_get_simple_upn]
(0x4000): Using simple UPN [cedric(a)ECCM.LAN].
(Tue May 1 12:35:44 2018) [sssd[be[ECCM.LAN]]] [check_ccache_re] (0x1000):
Ccache directory name [/var/tmp] does not contain illegal patterns.
(Tue May 1 12:35:44 2018) [sssd[be[ECCM.LAN]]] [check_ccache_re] (0x1000):
Ccache directory name [FILE:/var/tmp/krb5cc_1000_XXXXXX] does not contain
illegal patterns.
(Tue May 1 12:35:44 2018) [sssd[be[ECCM.LAN]]]
[krb5_auth_prepare_ccache_name] (0x1000): No ccache file for user
[cedric(a)eccm.lan] found.
(Tue May 1 12:35:44 2018) [sssd[be[ECCM.LAN]]] [fo_resolve_service_send]
(0x0100): Trying to resolve service 'KERBEROS'
(Tue May 1 12:35:44 2018) [sssd[be[ECCM.LAN]]] [get_server_status]
(0x1000): Status of server 'DebianCubox.eccm.lan' is 'name not resolved'
(Tue May 1 12:35:44 2018) [sssd[be[ECCM.LAN]]] [get_port_status] (0x1000):
Port status of port 0 for server 'DebianCubox.eccm.lan' is 'neutral'
(Tue May 1 12:35:44 2018) [sssd[be[ECCM.LAN]]]
[fo_resolve_service_activate_timeout] (0x2000): Resolve timeout set to 6
seconds
(Tue May 1 12:35:44 2018) [sssd[be[ECCM.LAN]]] [get_server_status]
(0x1000): Status of server 'DebianCubox.eccm.lan' is 'name not resolved'
(Tue May 1 12:35:44 2018) [sssd[be[ECCM.LAN]]] [resolv_is_address]
(0x4000): [DebianCubox.eccm.lan] does not look like an IP address
(Tue May 1 12:35:44 2018) [sssd[be[ECCM.LAN]]] [resolv_gethostbyname_step]
(0x2000): Querying files
(Tue May 1 12:35:44 2018) [sssd[be[ECCM.LAN]]]
[resolv_gethostbyname_files_send] (0x0100): Trying to resolve A record of
'DebianCubox.eccm.lan' in files
(Tue May 1 12:35:44 2018) [sssd[be[ECCM.LAN]]] [set_server_common_status]
(0x0100): Marking server 'DebianCubox.eccm.lan' as 'resolving name'
(Tue May 1 12:35:44 2018) [sssd[be[ECCM.LAN]]] [resolv_gethostbyname_step]
(0x2000): Querying files
(Tue May 1 12:35:44 2018) [sssd[be[ECCM.LAN]]]
[resolv_gethostbyname_files_send] (0x0100): Trying to resolve AAAA record
of 'DebianCubox.eccm.lan' in files
(Tue May 1 12:35:44 2018) [sssd[be[ECCM.LAN]]] [resolv_gethostbyname_next]
(0x0200): No more address families to retry
(Tue May 1 12:35:44 2018) [sssd[be[ECCM.LAN]]] [resolv_gethostbyname_step]
(0x2000): Querying DNS
(Tue May 1 12:35:44 2018) [sssd[be[ECCM.LAN]]]
[resolv_gethostbyname_dns_query] (0x0100): Trying to resolve A record of
'DebianCubox.eccm.lan' in DNS
(Tue May 1 12:35:44 2018) [sssd[be[ECCM.LAN]]] [schedule_request_timeout]
(0x2000): Scheduling a timeout of 6 seconds
(Tue May 1 12:35:44 2018) [sssd[be[ECCM.LAN]]] [schedule_timeout_watcher]
(0x2000): Scheduling DNS timeout watcher
(Tue May 1 12:35:44 2018) [sssd[be[ECCM.LAN]]]
[unschedule_timeout_watcher] (0x4000): Unscheduling DNS timeout watcher
(Tue May 1 12:35:44 2018) [sssd[be[ECCM.LAN]]] [request_watch_destructor]
(0x0400): Deleting request watch
(Tue May 1 12:35:44 2018) [sssd[be[ECCM.LAN]]] [resolv_gethostbyname_done]
(0x0040): querying hosts database failed [5]: Erreur d'entrée/sortie
(Tue May 1 12:35:44 2018) [sssd[be[ECCM.LAN]]] [fo_resolve_service_done]
(0x0020): Failed to resolve server 'DebianCubox.eccm.lan': Could not
contact DNS servers
(Tue May 1 12:35:44 2018) [sssd[be[ECCM.LAN]]] [set_server_common_status]
(0x0100): Marking server 'DebianCubox.eccm.lan' as 'not working'
(Tue May 1 12:35:44 2018) [sssd[be[ECCM.LAN]]] [be_resolve_server_process]
(0x0080): Couldn't resolve server (DebianCubox.eccm.lan), resolver returned
[5]: Erreur d'entrée/sortie
(Tue May 1 12:35:44 2018) [sssd[be[ECCM.LAN]]] [be_resolve_server_process]
(0x1000): Trying with the next one!
(Tue May 1 12:35:44 2018) [sssd[be[ECCM.LAN]]] [fo_resolve_service_send]
(0x0100): Trying to resolve service 'KERBEROS'
(Tue May 1 12:35:44 2018) [sssd[be[ECCM.LAN]]] [get_server_status]
(0x1000): Status of server 'DebianCubox.eccm.lan' is 'not working'
(Tue May 1 12:35:44 2018) [sssd[be[ECCM.LAN]]] [get_server_status]
(0x1000): Status of server 'DebianCubox.eccm.lan' is 'not working'
(Tue May 1 12:35:44 2018) [sssd[be[ECCM.LAN]]] [fo_resolve_service_send]
(0x0020): No available servers for service 'KERBEROS'
(Tue May 1 12:35:44 2018) [sssd[be[ECCM.LAN]]] [be_resolve_server_done]
(0x1000): Server resolution failed: [5]: Erreur d'entrée/sortie
(Tue May 1 12:35:44 2018) [sssd[be[ECCM.LAN]]] [be_mark_dom_offline]
(0x1000): Marking back end offline
(Tue May 1 12:35:44 2018) [sssd[be[ECCM.LAN]]] [be_mark_offline] (0x2000):
Going offline!
(Tue May 1 12:35:44 2018) [sssd[be[ECCM.LAN]]] [be_mark_offline] (0x2000):
Initialize check_if_online_ptask.
(Tue May 1 12:35:44 2018) [sssd[be[ECCM.LAN]]] [ldb] (0x4000): Added timed
event "ltdb_callback": 0x560ea048ceb0
...
(Tue May 1 12:35:44 2018) [sssd[be[ECCM.LAN]]] [be_ptask_create] (0x0400):
Periodic task [Check if online (periodic)] was created
(Tue May 1 12:35:44 2018) [sssd[be[ECCM.LAN]]] [be_ptask_schedule]
(0x0400): Task [Check if online (periodic)]: scheduling task 73 seconds
from now [1525171017]
(Tue May 1 12:35:44 2018) [sssd[be[ECCM.LAN]]] [be_run_offline_cb]
(0x0080): Going offline. Running callbacks.
(Tue May 1 12:35:44 2018) [sssd[be[ECCM.LAN]]] [child_handler_setup]
(0x2000): Setting up signal handler up for pid [8942]
(Tue May 1 12:35:44 2018) [sssd[be[ECCM.LAN]]] [child_handler_setup]
(0x2000): Signal handler set up for pid [8942]
(Tue May 1 12:35:44 2018) [sssd[be[ECCM.LAN]]] [write_pipe_handler]
(0x0400): All data has been sent!
(Tue May 1 12:35:44 2018) [sssd[be[ECCM.LAN]]] [child_sig_handler]
(0x1000): Waiting for child [8942].
(Tue May 1 12:35:44 2018) [sssd[be[ECCM.LAN]]] [child_sig_handler]
(0x0100): child [8942] finished successfully.
(Tue May 1 12:35:44 2018) [sssd[be[ECCM.LAN]]] [read_pipe_handler]
(0x0400): EOF received, client finished
(Tue May 1 12:35:44 2018) [sssd[be[ECCM.LAN]]] [parse_krb5_child_response]
(0x1000): child response [0][3][44].
(Tue May 1 12:35:44 2018) [sssd[be[ECCM.LAN]]] [krb5_mod_ccname] (0x4000):
Save ccname [FILE:/var/tmp/krb5cc_1000_IBmIM5] for user [cedric(a)eccm.lan].
....
(Tue May 1 12:35:44 2018) [sssd[be[ECCM.LAN]]]
[check_failed_login_attempts] (0x4000): Failed login attempts [0], allowed
failed login attempts [0], failed login delay [5].
(Tue May 1 12:35:44 2018) [sssd[be[ECCM.LAN]]] [sysdb_cache_auth]
(0x0100): Cached credentials not available.
(Tue May 1 12:35:44 2018) [sssd[be[ECCM.LAN]]] [ldb] (0x4000): cancel ldb
transaction (nesting: 0)
(Tue May 1 12:35:44 2018) [sssd[be[ECCM.LAN]]] [krb5_auth_cache_creds]
(0x0020): Offline authentication failed
(Tue May 1 12:35:44 2018) [sssd[be[ECCM.LAN]]] [check_wait_queue]
(0x1000): Wait queue for user [cedric(a)eccm.lan] is empty.
(Tue May 1 12:35:44 2018) [sssd[be[ECCM.LAN]]] [krb5_auth_queue_done]
(0x1000): krb5_auth_queue request [0x560ea0455cc0] done.
(Tue May 1 12:35:44 2018) [sssd[be[ECCM.LAN]]] [dp_req_done] (0x0400): DP
Request [PAM Authenticate #3]: Request handler finished [0]: Succès
(Tue May 1 12:35:44 2018) [sssd[be[ECCM.LAN]]] [_dp_req_recv] (0x0400): DP
Request [PAM Authenticate #3]: Receiving request data.
(Tue May 1 12:35:44 2018) [sssd[be[ECCM.LAN]]] [dp_req_destructor]
(0x0400): DP Request [PAM Authenticate #3]: Request removed.
(Tue May 1 12:35:44 2018) [sssd[be[ECCM.LAN]]] [dp_req_destructor]
(0x0400): Number of active DP request: 0
(Tue May 1 12:35:44 2018) [sssd[be[ECCM.LAN]]] [dp_method_enabled]
(0x0400): Target selinux is not configured
(Tue May 1 12:35:44 2018) [sssd[be[ECCM.LAN]]] [dp_pam_reply] (0x1000): DP
Request [PAM Authenticate #3]: Sending result [6][ECCM.LAN]
(Tue May 1 12:35:44 2018) [sssd[be[ECCM.LAN]]] [remove_krb5_info_files]
(0x0200): Could not remove [/var/lib/sss/pubconf/kdcinfo.ECCM.LAN],
[2][Aucun fichier ou dossier de ce type]
(Tue May 1 12:35:44 2018) [sssd[be[ECCM.LAN]]] [remove_krb5_info_files]
(0x0200): Could not remove [/var/lib/sss/pubconf/kpasswdinfo.ECCM.LAN],
[2][Aucun fichier ou dossier de ce type]
I am a bit confused with credentials cache which as far as I understood are
stored in /var/lib/sss/db/ but looking at the logfile, it seems that the
target of offline authentification is to find the kerberos ticket into
/var/tmp ( by the way those tickets are still present after reboot). If as
I understood the passwd is cached as a Hash key in the sss/db files, we
should be able to be authenticated even if we do not have the kerberos
ticket anymore isn't it ?
Actually, it seems that credentials cache cleaning erases the old_ccname if
I look at the following log line :
(Tue May 1 12:35:44 2018) [[sssd[krb5_child[8942]]]] [unpack_buffer]
(0x2000): No old ccache
(Tue May 1 12:35:44 2018) [[sssd[krb5_child[8942]]]] [unpack_buffer]
(0x0100): ccname: [FILE:/var/tmp/krb5cc_1000_XXXXXX] old_ccname: [not set]
keytab: [/etc/krb5.keytab]
When the Offline authentication succeed, I observe the following
krb5_child.log :
(Tue May 1 13:17:16 2018) [[sssd[krb5_child[10318]]]] [main] (0x0400):
krb5_child started.
(Tue May 1 13:17:16 2018) [[sssd[krb5_child[10318]]]] [unpack_buffer]
(0x1000): total buffer size: [160]
(Tue May 1 13:17:16 2018) [[sssd[krb5_child[10318]]]] [unpack_buffer]
(0x0100): cmd [241] uid [1000] gid [1000] validate [true] enterprise
principal [false] offline [true] UPN [cedric(a)ECCM.LAN]
(Tue May 1 13:17:16 2018) [[sssd[krb5_child[10318]]]] [unpack_buffer]
(0x0100): ccname: [FILE:/var/tmp/krb5cc_1000_XXXXXX] old_ccname:
[FILE:/var/tmp/krb5cc_1000_vbmc1v] keytab: [/etc/krb5.keytab]
(Tue May 1 13:17:16 2018) [[sssd[krb5_child[10318]]]] [check_use_fast]
(0x0100): Not using FAST.
(Tue May 1 13:17:16 2018) [[sssd[krb5_child[10318]]]] [switch_creds]
(0x0200): Switch user to [1000][1000].
(Tue May 1 13:17:16 2018) [[sssd[krb5_child[10318]]]] [switch_creds]
(0x0200): Switch user to [0][0].
(Tue May 1 13:17:16 2018) [[sssd[krb5_child[10318]]]]
[k5c_check_old_ccache] (0x4000): Ccache_file is
[FILE:/var/tmp/krb5cc_1000_vbmc1v] and is active and TGT is valid.
(Tue May 1 13:17:16 2018) [[sssd[krb5_child[10318]]]]
[privileged_krb5_setup] (0x0080): Cannot open the PAC responder socket
(Tue May 1 13:17:16 2018) [[sssd[krb5_child[10318]]]] [become_user]
(0x0200): Trying to become user [1000][1000].
(Tue May 1 13:17:16 2018) [[sssd[krb5_child[10318]]]] [main] (0x2000):
Running as [1000][1000].
(Tue May 1 13:17:16 2018) [[sssd[krb5_child[10318]]]] [become_user]
(0x0200): Trying to become user [1000][1000].
(Tue May 1 13:17:16 2018) [[sssd[krb5_child[10318]]]] [become_user]
(0x0200): Already user [1000].
(Tue May 1 13:17:16 2018) [[sssd[krb5_child[10318]]]] [k5c_setup]
(0x2000): Running as [1000][1000].
(Tue May 1 13:17:16 2018) [[sssd[krb5_child[10318]]]]
[set_lifetime_options] (0x0100): No specific renewable lifetime requested.
(Tue May 1 13:17:16 2018) [[sssd[krb5_child[10318]]]]
[set_lifetime_options] (0x0100): No specific lifetime requested.
(Tue May 1 13:17:16 2018) [[sssd[krb5_child[10318]]]] [main] (0x0400):
Will perform offline auth
(Tue May 1 13:17:16 2018) [[sssd[krb5_child[10318]]]]
[create_empty_ccache] (0x1000): Existing ccache still valid, reusing
(Tue May 1 13:17:16 2018) [[sssd[krb5_child[10318]]]] [k5c_send_data]
(0x0200): Received error code 0
(Tue May 1 13:17:16 2018) [[sssd[krb5_child[10318]]]]
[pack_response_packet] (0x2000): response packet size: [56]
(Tue May 1 13:17:16 2018) [[sssd[krb5_child[10318]]]] [k5c_send_data]
(0x4000): Response sent.
(Tue May 1 13:17:16 2018) [[sssd[krb5_child[10318]]]] [main] (0x0400):
krb5_child completed successfully
(Tue May 1 13:25:43 2018) [sssd[be[ECCM.LAN]]] [fo_resolve_service_send]
(0x0020): No available servers for service 'KERBEROS'
(Tue May 1 13:25:43 2018) [sssd[be[ECCM.LAN]]] [be_resolve_server_done]
(0x1000): Server resolution failed: [5]: Erreur d'entrée/sortie
(Tue May 1 13:25:43 2018) [sssd[be[ECCM.LAN]]] [be_mark_dom_offline]
(0x1000): Marking back end offline
(Tue May 1 13:25:43 2018) [sssd[be[ECCM.LAN]]] [be_mark_offline] (0x2000):
Going offline!
(Tue May 1 13:25:43 2018) [sssd[be[ECCM.LAN]]] [be_mark_offline] (0x2000):
Enable check_if_online_ptask.
(Tue May 1 13:25:43 2018) [sssd[be[ECCM.LAN]]] [be_ptask_enable] (0x0400):
Task [Check if online (periodic)]: enabling task
(Tue May 1 13:25:43 2018) [sssd[be[ECCM.LAN]]] [be_ptask_schedule]
(0x0400): Task [Check if online (periodic)]: scheduling task 80 seconds
from now [1525174023]
(Tue May 1 13:25:43 2018) [sssd[be[ECCM.LAN]]] [be_run_offline_cb]
(0x0080): Going offline. Running callbacks.
(Tue May 1 13:25:43 2018) [sssd[be[ECCM.LAN]]] [child_handler_setup]
(0x2000): Setting up signal handler up for pid [10471]
(Tue May 1 13:25:43 2018) [sssd[be[ECCM.LAN]]] [child_handler_setup]
(0x2000): Signal handler set up for pid [10471]
(Tue May 1 13:25:43 2018) [sssd[be[ECCM.LAN]]] [write_pipe_handler]
(0x0400): All data has been sent!
(Tue May 1 13:25:43 2018) [sssd[be[ECCM.LAN]]] [read_pipe_handler]
(0x0400): EOF received, client finished
(Tue May 1 13:25:43 2018) [sssd[be[ECCM.LAN]]] [parse_krb5_child_response]
(0x1000): child response [0][3][44].
(Tue May 1 13:25:43 2018) [sssd[be[ECCM.LAN]]] [krb5_mod_ccname] (0x4000):
Save ccname [FILE:/var/tmp/krb5cc_1000_vbmc1v] for user [cedric(a)eccm.lan].
....
(Tue May 1 13:25:43 2018) [sssd[be[ECCM.LAN]]] [sysdb_set_entry_attr]
(0x0200): Entry [name=cedric(a)eccm.lan,cn=users,cn=ECCM.LAN,cn=sysdb] has
set [ts_cache] attrs.
(Tue May 1 13:25:43 2018) [sssd[be[ECCM.LAN]]]
[check_failed_login_attempts] (0x4000): Failed login attempts [0], allowed
failed login attempts [0], failed login delay [5].
(Tue May 1 13:25:43 2018) [sssd[be[ECCM.LAN]]] [sysdb_cache_auth]
(0x0100): Hashes do match!
(Tue May 1 13:25:43 2018) [sssd[be[ECCM.LAN]]] [ldb] (0x4000): commit ldb
transaction (nesting: 0)
(Tue May 1 13:25:43 2018) [sssd[be[ECCM.LAN]]]
[add_user_to_delayed_online_authentication] (0x4000): Saved authtok of user
[cedric(a)eccm.lan] with serial [184462369].
(Tue May 1 13:25:43 2018) [sssd[be[ECCM.LAN]]]
[add_user_to_delayed_online_authentication] (0x4000): Added user
[cedric(a)eccm.lan] successfully to delayed online authentication.
(Tue May 1 13:25:43 2018) [sssd[be[ECCM.LAN]]] [check_wait_queue]
(0x1000): Wait queue for user [cedric(a)eccm.lan] is empty.
(Tue May 1 13:25:43 2018) [sssd[be[ECCM.LAN]]] [krb5_auth_queue_done]
(0x1000): krb5_auth_queue request [0x55ffb8dee140] done.
(Tue May 1 13:25:43 2018) [sssd[be[ECCM.LAN]]] [authenticate_user_done]
(0x0020): Failed to authenticate user [cedric(a)eccm.lan].
(Tue May 1 13:25:43 2018) [sssd[be[ECCM.LAN]]] [child_sig_handler]
(0x1000): Waiting for child [10471].
(Tue May 1 13:25:43 2018) [sssd[be[ECCM.LAN]]] [child_sig_handler]
(0x0100): child [10471] finished successfully.
(Tue May 1 13:25:43 2018) [sssd[be[ECCM.LAN]]] [remove_krb5_info_files]
(0x0200): Could not remove [/var/lib/sss/pubconf/kdcinfo.ECCM.LAN],
[2][Aucun fichier ou dossier de ce type]
(Tue May 1 13:25:43 2018) [sssd[be[ECCM.LAN]]] [remove_krb5_info_files]
(0x0200): Could not remove [/var/lib/sss/pubconf/kpasswdinfo.ECCM.LAN],
[2][Aucun fichier ou dossier de ce type]
Thanks a lot for your help.
Regards
Cedric
_______________________________________________
sssd-users mailing list -- sssd-users(a)lists.fedorahosted.org
To unsubscribe send an email to sssd-users-leave(a)lists.fedorahosted.org