[Freeipa-users] SUDO with HostGroup and UserGroup not working
Yogesh Sharma
yks0000 at gmail.com
Mon Mar 23 12:56:21 UTC 2015
Thanks Jakub.
All the issue seems to be resolved now except that getent is not able to
resolve on IPA Server however working fine on other.
Below are the logs where it says it is not able to connect DataProvided.
(Mon Mar 23 18:12:25 2015) [sssd[nss]] [server_setup] (0x0400): CONFDB:
/var/lib/sss/db/config.ldb
(Mon Mar 23 18:12:25 2015) [sssd[nss]] [confdb_get_domain_internal]
(0x0400): No enumeration for [stg.initd.com]!
(Mon Mar 23 18:12:25 2015) [sssd[nss]] [sbus_init_connection] (0x0200):
Adding connection B96E29C0
(Mon Mar 23 18:12:25 2015) [sssd[nss]] [monitor_common_send_id] (0x0100):
Sending ID: (nss,1)
(Mon Mar 23 18:12:25 2015) [sssd[nss]] [sss_names_init] (0x0100): Using re
[(((?P<domain>[^\\]+)\\(?P<name>.+$))|((?P<name>[^@]+)@(?P<domain>.+$))|(^(?P<name>[^@\\]+)$))].
(Mon Mar 23 18:12:25 2015) [sssd[nss]] [sbus_init_connection] (0x0200):
Adding connection B96E3FB8
(Mon Mar 23 18:12:25 2015) [sssd[nss]] [dp_common_send_id] (0x0100):
Sending ID to DP: (1,NSS)
(Mon Mar 23 18:12:25 2015) [sssd[nss]] [sysdb_domain_init_internal]
(0x0200): DB File for stg.initd.com: /var/lib/sss/db/cache_stg.initd.com.ldb
(Mon Mar 23 18:12:25 2015) [sssd[nss]] [ldb] (0x0400): asq: Unable to
register control with rootdse!
(Mon Mar 23 18:12:25 2015) [sssd[nss]] [sss_process_init] (0x0400):
Responder Initialization complete
(Mon Mar 23 18:12:25 2015) [sssd[nss]] [sss_parse_name_for_domains]
(0x0200): name 'root' matched without domain, user is root
(Mon Mar 23 18:12:25 2015) [sssd[nss]] [sss_parse_name_for_domains]
(0x0200): using default domain [(null)]
(Mon Mar 23 18:12:25 2015) [sssd[nss]] [sss_ncache_set_str] (0x0400):
Adding [NCE/USER/stg.initd.com/root] to negative cache permanently
(Mon Mar 23 18:12:25 2015) [sssd[nss]] [sss_parse_name_for_domains]
(0x0200): name 'root' matched without domain, user is root
(Mon Mar 23 18:12:25 2015) [sssd[nss]] [sss_parse_name_for_domains]
(0x0200): using default domain [(null)]
(Mon Mar 23 18:12:25 2015) [sssd[nss]] [sss_ncache_set_str] (0x0400):
Adding [NCE/GROUP/stg.initd.com/root] to negative cache permanently
(Mon Mar 23 18:12:25 2015) [sssd[nss]] [nss_get_etc_shells] (0x0400): Found
shell /bin/sh in /etc/shells
(Mon Mar 23 18:12:25 2015) [sssd[nss]] [nss_get_etc_shells] (0x0400): Found
shell /bin/bash in /etc/shells
(Mon Mar 23 18:12:25 2015) [sssd[nss]] [nss_get_etc_shells] (0x0400): Found
shell /sbin/nologin in /etc/shells
(Mon Mar 23 18:12:25 2015) [sssd[nss]] [responder_set_fd_limit] (0x0100):
Maximum file descriptors set to [8192]
(Mon Mar 23 18:12:25 2015) [sssd[nss]] [nss_process_init] (0x0400): NSS
Initialization complete
(Mon Mar 23 18:12:25 2015) [sssd[nss]] [id_callback] (0x0100): Got id ack
and version (1) from Monitor
(Mon Mar 23 18:12:25 2015) [sssd[nss]] [dp_id_callback] (0x0100): Got id
ack and version (1) from DP
(Mon Mar 23 18:12:32 2015) [sssd[nss]] [accept_fd_handler] (0x0400): Client
connected!
(Mon Mar 23 18:12:32 2015) [sssd[nss]] [sss_cmd_get_version] (0x0200):
Received client version [1].
(Mon Mar 23 18:12:32 2015) [sssd[nss]] [sss_cmd_get_version] (0x0200):
Offered version [1].
(Mon Mar 23 18:12:32 2015) [sssd[nss]] [sss_parse_name_for_domains]
(0x0200): name 'stg.initd.com' matched without domain, user is stg.initd.com
(Mon Mar 23 18:12:32 2015) [sssd[nss]] [sss_parse_name_for_domains]
(0x0200): using default domain [(null)]
(Mon Mar 23 18:12:32 2015) [sssd[nss]] [setnetgrent_send] (0x0100):
Requesting info for netgroup [stg.initd.com] from [<ALL>]
(Mon Mar 23 18:12:32 2015) [sssd[nss]] [lookup_netgr_step] (0x0100):
Requesting info for [stg.initd.com at stg.initd.com]
(Mon Mar 23 18:12:32 2015) [sssd[nss]] [lookup_netgr_step] (0x0040): No
results for netgroup stg.initd.com (domain stg.initd.com)
(Mon Mar 23 18:12:32 2015) [sssd[nss]] [sss_dp_issue_request] (0x0400):
Issuing request for [0xb77624d0:4:stg.initd.com at stg.initd.com]
(Mon Mar 23 18:12:32 2015) [sssd[nss]] [sss_dp_get_account_msg] (0x0400):
Creating request for [stg.initd.com][4100][1][name=stg.initd.com]
(Mon Mar 23 18:12:32 2015) [sssd[nss]] [sss_dp_internal_get_send] (0x0400):
Entering request [0xb77624d0:4:stg.initd.com at stg.initd.com]
*(Mon Mar 23 18:12:33 2015) [sssd[nss]] [lookup_netgr_dp_callback]
(0x0040): Unable to get information from Data Provider*
*Error: 3, 17, Netgroup lookup failed*
*Will try to return what we have in cache*
(Mon Mar 23 18:12:33 2015) [sssd[nss]] [lookup_netgr_step] (0x0100):
Requesting info for [stg.initd.com at stg.initd.com]
(Mon Mar 23 18:12:33 2015) [sssd[nss]] [lookup_netgr_step] (0x0040): No
results for netgroup stg.initd.com (domain stg.initd.com)
(Mon Mar 23 18:12:33 2015) [sssd[nss]] [lookup_netgr_step] (0x0080): No
matching domain found for [stg.initd.com], fail!
(Mon Mar 23 18:12:33 2015) [sssd[nss]] [sss_dp_req_destructor] (0x0400):
Deleting request: [0xb77624d0:4:stg.initd.com at stg.initd.com]
(Mon Mar 23 18:12:33 2015) [sssd[nss]] [client_recv] (0x0200): Client
disconnected!
Below is SSSD.conf: (Text in Bold resovled the cache issue, I have kept low
for testing purpose :) )
[domain/stg.initd.com]
*enumerate = False*
*cache_credentials = True*
*entry_cache_timeout = 120*
*entry_cache_netgroup_timeout = 60*
krb5_store_password_if_offline = True
ipa_domain = stg.initd.com
id_provider = ipa
auth_provider = ipa
access_provider = ipa
ipa_hostname = mipa.stg.initd.com
chpass_provider = ipa
ipa_server = mipa.stg.initd.com
ldap_tls_cacert = /etc/ipa/ca.crt
[sssd]
services = nss, pam, ssh
config_file_version = 2
domains = stg.initd.com
[nss]
debug_level = 6
[pam]
[sudo]
[autofs]
[ssh]
[pac]
*Best Regards,__________________________________________*
*Yogesh Sharma*
*Email: yks0000 at gmail.com <yks0000 at gmail.com> | Web: www.initd.in
<http://www.initd.in>*
RHCE, VCE-CIA, RackSpace Cloud U
[image: My LinkedIn Profile] <http://in.linkedin.com/in/yks0000>
On Mon, Mar 23, 2015 at 4:30 PM, Jakub Hrozek <jhrozek at redhat.com> wrote:
> On Mon, Mar 23, 2015 at 04:27:14PM +0530, Yogesh Sharma wrote:
> > I just deleted the netgroup, even though getent is resolving.
> >
> > [root at mipa ~]# getent netgroup stg.initd.com
> > stg.initd.com (cipa.stg.initd.com,-,stg.initd.com)
> > [root at mipa ~]# ipa netgroup-show stg.initd.com
> > ipa: ERROR: stg.initd.com: netgroup not found
> >
> > Sent IPA Server Logs to you individually.
>
> You only sent the sssd section, that's not useful. Please read:
> https://fedorahosted.org/sssd/wiki/Troubleshooting
>
> There is a section about generating SSSD logs. Also anything that
> applies to resolving users applies to resolving netgroups as well.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150323/87bee1dd/attachment.htm>
More information about the Freeipa-users
mailing list