We are using Ubuntu 18.04 with sssd 1.16.1-1ubuntu1.8.
sssd is being used to allow users to sign in with SSH keys matched against keys stored in OpenLDAP. This has been used for several years but, just recently, a couple of users were reporting that they could not SSH to the server. Further investigation showed that running "sss_ssh_authorizedkeys" for these specific users returned "Error looking up public keys". The tool continues to work correctly for other users.
I cannot find any information that might suggest why the tool is not managing to get the keys for these users.
I have tried building the code from the GitHub source but it errors out with this:
In file included from ./src/util/sss_pam_data.h:33:0, from src/util/sss_pam_data.c:27: ./src/util/debug.h:92:44: error: unknown type name ‘uid_t’; did you mean ‘__id_t’? int chown_debug_file(const char *filename, uid_t uid, gid_t gid); ^~~~~ __id_t ./src/util/debug.h:92:55: error: unknown type name ‘gid_t’; did you mean ‘__id_t’? int chown_debug_file(const char *filename, uid_t uid, gid_t gid); ^~~~~ __id_t Makefile:22359: recipe for target 'src/util/libsss_util_la-sss_pam_data.lo' failed
Can anyone suggest how I can troubleshoot this tool in order to fix the error or how I can get it to build on Ubuntu?
Thanks.
Philip
I've since discovered that it isn't the "sss_ssh_authorizedkeys" tool itself. It looks like sssd is offline and so can only return cached values.
I'll start a new thread about that so as to make it clearer what I'm trying to get help with.
Phillip,
By no means do I pretend to be an expert on building sssd. I fully realize how there's dozens, probably a hundred of prereq pkgs that have to be installed. In order to have the proper build env for sssd. Even more if you wish to package up into RPMs.
I particularly don't pretend to be an expert in building on Ubuntu.
But I did run across this page. https://sssd.io/contrib/building-sssd.html, Go mid-way down and it has a 'Ubuntu' tab. See if that helps.
Spike
On Thu, Oct 7, 2021 at 2:47 AM Philip Colmer philip.colmer@linaro.org wrote:
We are using Ubuntu 18.04 with sssd 1.16.1-1ubuntu1.8.
sssd is being used to allow users to sign in with SSH keys matched against keys stored in OpenLDAP. This has been used for several years but, just recently, a couple of users were reporting that they could not SSH to the server. Further investigation showed that running "sss_ssh_authorizedkeys" for these specific users returned "Error looking up public keys". The tool continues to work correctly for other users.
I cannot find any information that might suggest why the tool is not managing to get the keys for these users.
I have tried building the code from the GitHub source but it errors out with this:
In file included from ./src/util/sss_pam_data.h:33:0, from src/util/sss_pam_data.c:27: ./src/util/debug.h:92:44: error: unknown type name ‘uid_t’; did you mean ‘__id_t’? int chown_debug_file(const char *filename, uid_t uid, gid_t gid); ^~~~~ __id_t ./src/util/debug.h:92:55: error: unknown type name ‘gid_t’; did you mean ‘__id_t’? int chown_debug_file(const char *filename, uid_t uid, gid_t gid); ^~~~~ __id_t Makefile:22359: recipe for target 'src/util/libsss_util_la-sss_pam_data.lo' failed
Can anyone suggest how I can troubleshoot this tool in order to fix the error or how I can get it to build on Ubuntu?
Thanks.
Philip _______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.o... Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
sssd-users@lists.fedorahosted.org