[Freeipa-users] EXTERNAL: Re: Usernames not being seen on IPA Master
Joseph, Matthew (EXP)
matthew.joseph at lmco.com
Thu Apr 16 13:42:52 UTC 2015
Hey Jakub,
Getent passwd returns all of the IPA users when searching either the username or UID.
Yes I know that permissions are defined by UID/GID, used a new UID that has not been previously used for this new account for this test.
Good to know, I disabled the nscd service.
Here is the output of the strace for chown on a directory.
execve("/bin/chown", ["chown", "wpooh", "/home/wpooh"], [/* 32 vars */]) = 0
brk(0) = 0x1095000
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5f4b698000
access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=142486, ...}) = 0
mmap(NULL, 142486, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f5f4b675000
close(3) = 0
open("/lib64/libc.so.6", O_RDONLY) = 3
read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\360\355\341\0044\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=1918016, ...}) = 0
mmap(0x3404e00000, 3741864, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x3404e00000
mprotect(0x3404f89000, 2093056, PROT_NONE) = 0
mmap(0x3405188000, 20480, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x188000) = 0x3405188000
mmap(0x340518d000, 18600, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x340518d000
close(3) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5f4b674000
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5f4b673000
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5f4b672000
arch_prctl(ARCH_SET_FS, 0x7f5f4b673700) = 0
mprotect(0x3405188000, 16384, PROT_READ) = 0
mprotect(0x340481f000, 4096, PROT_READ) = 0
munmap(0x7f5f4b675000, 142486) = 0
brk(0) = 0x1095000
brk(0x10b6000) = 0x10b6000
open("/usr/lib/locale/locale-archive", O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=99158576, ...}) = 0
mmap(NULL, 99158576, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f5f457e1000
close(3) = 0
socket(PF_FILE, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) = 3
connect(3, {sa_family=AF_FILE, path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory)
close(3) = 0
socket(PF_FILE, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) = 3
connect(3, {sa_family=AF_FILE, path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory)
close(3) = 0
open("/etc/nsswitch.conf", O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=1734, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5f4b697000
read(3, "#\n# /etc/nsswitch.conf\n#\n# An ex"..., 4096) = 1734
read(3, "", 4096) = 0
close(3) = 0
munmap(0x7f5f4b697000, 4096) = 0
open("/etc/ld.so.cache", O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=142486, ...}) = 0
mmap(NULL, 142486, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f5f4b675000
close(3) = 0
open("/lib64/libnss_files.so.2", O_RDONLY) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\360!\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=65928, ...}) = 0
mmap(NULL, 2151824, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f5f455d3000
mprotect(0x7f5f455df000, 2097152, PROT_NONE) = 0
mmap(0x7f5f457df000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xc000) = 0x7f5f457df000
close(3) = 0
mprotect(0x7f5f457df000, 4096, PROT_READ) = 0
munmap(0x7f5f4b675000, 142486) = 0
open("/etc/passwd", O_RDONLY|O_CLOEXEC) = 3
fcntl(3, F_GETFD) = 0x1 (flags FD_CLOEXEC)
fstat(3, {st_mode=S_IFREG|0644, st_size=3404, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5f4b697000
read(3, "root:x:0:0:root:/root:/bin/bash\n"..., 4096) = 3404
read(3, "", 4096) = 0
close(3) = 0
munmap(0x7f5f4b697000, 4096) = 0
open("/etc/ld.so.cache", O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=142486, ...}) = 0
mmap(NULL, 142486, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f5f4b675000
close(3) = 0
open("/lib64/libnss_ldap.so.2", O_RDONLY) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0000\25\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=44328, ...}) = 0
mmap(NULL, 2139496, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f5f453c8000
mprotect(0x7f5f453d3000, 2093056, PROT_NONE) = 0
mmap(0x7f5f455d2000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xa000) = 0x7f5f455d2000
close(3) = 0
munmap(0x7f5f4b675000, 142486) = 0
socket(PF_FILE, SOCK_STREAM, 0) = 3
connect(3, {sa_family=AF_FILE, path="/var/run/nslcd/socket"}, 110) = -1 ENOENT (No such file or directory)
close(3) = 0
open("/etc/ld.so.cache", O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=142486, ...}) = 0
mmap(NULL, 142486, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f5f4b675000
close(3) = 0
open("/lib64/libnss_sss.so.2", O_RDONLY) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0 \22\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=23792, ...}) = 0
mmap(NULL, 2119312, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f5f451c2000
mprotect(0x7f5f451c8000, 2093056, PROT_NONE) = 0
mmap(0x7f5f453c7000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x5000) = 0x7f5f453c7000
close(3) = 0
munmap(0x7f5f4b675000, 142486) = 0
getpid() = 20913
fstat(-1, 0x7fff2d84dca0) = -1 EBADF (Bad file descriptor)
socket(PF_FILE, SOCK_STREAM, 0) = 3
fcntl(3, F_GETFL) = 0x2 (flags O_RDWR)
fcntl(3, F_SETFL, O_RDWR|O_NONBLOCK) = 0
fcntl(3, F_GETFD) = 0
fcntl(3, F_SETFD, FD_CLOEXEC) = 0
connect(3, {sa_family=AF_FILE, path="/var/lib/sss/pipes/nss"}, 110) = 0
fstat(3, {st_mode=S_IFSOCK|0777, st_size=0, ...}) = 0
poll([{fd=3, events=POLLOUT}], 1, 300000) = 1 ([{fd=3, revents=POLLOUT}])
write(3, "\24\0\0\0\1\0\0\0\0\0\0\0\0\0\0\0", 16) = 16
poll([{fd=3, events=POLLOUT}], 1, 300000) = 1 ([{fd=3, revents=POLLOUT}])
write(3, "\1\0\0\0", 4) = 4
poll([{fd=3, events=POLLIN}], 1, 300000) = 1 ([{fd=3, revents=POLLIN}])
read(3, "\24\0\0\0\1\0\0\0\0\0\0\0\0\0\0\0", 16) = 16
poll([{fd=3, events=POLLIN}], 1, 300000) = 1 ([{fd=3, revents=POLLIN}])
read(3, "\1\0\0\0", 4) = 4
poll([{fd=3, events=POLLOUT}], 1, 300000) = 1 ([{fd=3, revents=POLLOUT}])
write(3, "\26\0\0\0\21\0\0\0\0\0\0\0\0\0\0\0", 16) = 16
poll([{fd=3, events=POLLOUT}], 1, 300000) = 1 ([{fd=3, revents=POLLOUT}])
write(3, "wpooh\0", 6) = 6
poll([{fd=3, events=POLLIN}], 1, 300000) = 1 ([{fd=3, revents=POLLIN}])
read(3, "J\0\0\0\21\0\0\0\0\0\0\0\0\0\0\0", 16) = 16
poll([{fd=3, events=POLLIN}], 1, 300000) = 1 ([{fd=3, revents=POLLIN}])
read(3, "\1\0\0\0\0\0\0\0(\n\0\0\320\7\0\0wpooh\0*\0Winnie P"..., 58) = 58
newfstatat(AT_FDCWD, "/home/wpooh", {st_mode=S_IFDIR|S_ISUID|S_ISGID|0700, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
fchownat(AT_FDCWD, "/home/wpooh", 2600, 4294967295, 0) = -1 EINVAL (Invalid argument)
open("/usr/share/locale/locale.alias", O_RDONLY) = 4
fstat(4, {st_mode=S_IFREG|0644, st_size=2512, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5f4b697000
read(4, "# Locale name alias data base.\n#"..., 4096) = 2512
read(4, "", 4096) = 0
close(4) = 0
munmap(0x7f5f4b697000, 4096) = 0
open("/usr/share/locale/en_US.UTF-8/LC_MESSAGES/coreutils.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en_US.utf8/LC_MESSAGES/coreutils.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en_US/LC_MESSAGES/coreutils.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en.UTF-8/LC_MESSAGES/coreutils.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en.utf8/LC_MESSAGES/coreutils.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en/LC_MESSAGES/coreutils.mo", O_RDONLY) = 4
fstat(4, {st_mode=S_IFREG|0644, st_size=435, ...}) = 0
mmap(NULL, 435, PROT_READ, MAP_PRIVATE, 4, 0) = 0x7f5f4b697000
close(4) = 0
write(2, "chown: ", 7) = 7
write(2, "changing ownership of `/home/wpo"..., 35) = 35
open("/usr/share/locale/en_US.UTF-8/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en_US.utf8/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en_US/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en.UTF-8/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en.utf8/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
write(2, ": Invalid argument", 18) = 18
write(2, "\n", 1) = 1
close(1) = 0
close(2) = 0
close(3) = 0
exit_group(1) = ?
Thanks,
Matt
-----Original Message-----
From: freeipa-users-bounces at redhat.com [mailto:freeipa-users-bounces at redhat.com] On Behalf Of Jakub Hrozek
Sent: Thursday, April 16, 2015 10:25 AM
To: freeipa-users at redhat.com
Subject: EXTERNAL: Re: [Freeipa-users] Usernames not being seen on IPA Master
On Thu, Apr 16, 2015 at 01:13:56PM +0000, Joseph, Matthew (EXP) wrote:
> Hello,
>
> I'm running into an issue where a new user account created on the master server is not being seen for changing file permissions and such.
Is the new user visible on the master itself via the standard system
interfaces (getent passwd $newuser, id $user) ?
> I can login using the newly created user account but when I try to change permissions on a file/directory it comes up with the following error;
> Chown: changing ownership of 'username' : Invalid argument
Can you strace the chown invocation so that we're sure what part really
fails?
>
> Now if I go to my replica IPA server it works fine.
>
> I deleted the user and created it again with the same username, gave the account a different UID and when I tried to permission the directory again it states the same error as above.
Please note that file ownership is defined by IDs, not usernames, so if
you recreate a user with different ID, you need to chown all his
previously used files.
> I changed the permissions on the replica server and went back to the master and looked at the permissions of the directory and it's showing the old UID. I can login as the new user and the permissions are fine, the user can create and modify files in that directory.
>
> When I run ipa user-find -all -raw username it brings up all of the correct information that I entered for the account.
> I searched for the old UID that was used with this account before but it doesn't seem to exist in IPA.
>
> I've tried restarting the IPA service and remounting the directory that contains the required folders but with no luck.
> I cleared the SSSD and the NSCD cache.
Using nscd along with SSSD is discouraged. We recommend to disable nscd,
at last for the maps that SSSD caches.
SSSD provides its own fast in-memory cache, so you won't lose
performance.
>
> Does IPA have another cache that needs to be cleared or anything like that?
>
>
> Thanks,
>
> Matt
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
More information about the Freeipa-users
mailing list