[Freeipa-users] ipa-dnskeysyncd ipa : ERROR Login to LDAP server failed: {'desc': 'Invalid credentials'}
Brian J. Murrell
brian at interlinx.bc.ca
Wed Dec 21 18:22:47 UTC 2016
On Wed, 2016-12-21 at 17:50 +0100, Petr Spacek wrote:
> Okay, I believe that this is the problem:
>
> On 21.12.2016 15:53, Brian J. Murrell wrote:
> > [21/Dec/2016:09:39:12.003351818 -0500] conn=77028 fd=107 slot=107
> > connection from local to /var/run/slapd-EXAMPLE.COM.socket
>
> ...
> > [21/Dec/2016:09:39:12.064476101 -0500] conn=77028 op=0 BIND dn=""
> > method=sasl version=3 mech=GSSAPI
> > [21/Dec/2016:09:39:12.067486416 -0500] conn=77028 op=0 RESULT
> > err=49 tag=97 nentries=0 etime=0 - SASL(-1): generic failure:
> > GSSAPI Error: Unspecified GSS failure. Minor code may provide more
> > information (Permission denied)
> > [21/Dec/2016:09:39:12.192506861 -0500] conn=77028 op=1 UNBIND
> > [21/Dec/2016:09:39:12.192549740 -0500] conn=77028 op=1 fd=107
> > closed - U1
>
> I have no idea why it is returning Permission denied.
>
> Is it reproducible when you run this?
> $ kinit -kt /etc/ipa/dnssec/ipa-dnskeysyncd.keytab
> ipa-dnskeysyncd/server.example.com
> $ ldapsearch -Y GSSAPI -H /var/run/slapd-EXAMPLE.COM.socket
> ?
# klist
Ticket cache: KEYRING:persistent:0:0
Default principal: ipa-dnskeysyncd/server.example.com at EXAMPLE.COM
Valid starting Expires Service principal
21/12/16 13:05:16 22/12/16 13:02:12 ldap/server.example.com at EXAMPLE.COM
21/12/16 13:02:12 22/12/16 13:02:12 krbtgt/EXAMPLE.COM at EXAMPLE.COM
# ldapsearch -Y GSSAPI -H ldapi://%2Fvar%2Frun%2Fslapd-EXAMPLE.COM.socket
SASL/GSSAPI authentication started
ldap_sasl_interactive_bind_s: Invalid credentials (49)
>
> We need to find out why it is blowing up on GSSAPI negotiation.
>
> Wild guess is that /etc/dirsrv/ds.keytab could have wrong
> permissions. It
> should have
> -rw-------. 1 dirsrv dirsrv unconfined_u:object_r:dirsrv_config_t:s0
# ls -lZ /etc/dirsrv/ds.keytab
-rw-------. dirsrv dirsrv system_u:object_r:dirsrv_config_t:s0 /etc/dirsrv/ds.keytab
> If you manage to reproduce it, you can attach strace to the running
> dirsrv
By that I assume you mean the ns-slapd.
The strace (minus poll/select/futex noise) is attached.
>
process and see what call is failing (if it is a system call)...
Perhaps this one:
[pid 13449] open("/etc/krb5.keytab", O_RDONLY) = -1 EACCES (Permission denied)
# ls -lZ /etc/krb5.keytab
-rw-------. root root system_u:object_r:krb5_keytab_t:s0 /etc/krb5.keytab
But looking into the backup of this system, even a week and a month
ago, that file had the same permissions/ownership. And changing it to
644 temporarily doesn't fix the "ldap_sasl_interactive_bind_s: Invalid
credentials (49)" from ldapsearch.
Cheers,
b.
-------------- next part --------------
8967 restart_syscall(<... resuming interrupted call ...> <unfinished ...>
13414 restart_syscall(<... resuming interrupted call ...> <unfinished ...>
13413 restart_syscall(<... resuming interrupted call ...> <unfinished ...>
12933 restart_syscall(<... resuming interrupted call ...>) = 0
12933 getpeername(7, 0x7ffc9bff1450, [112]) = -1 ENOTCONN (Transport endpoint is not connected)
12933 getpeername(7, 0x7ffc9bff1450, [112]) = -1 ENOTCONN (Transport endpoint is not connected)
12933 getpeername(7, 0x7ffc9bff1450, [112]) = -1 ENOTCONN (Transport endpoint is not connected)
12933 getpeername(7, 0x7ffc9bff1450, [112]) = -1 ENOTCONN (Transport endpoint is not connected)
12933 accept(8, {sa_family=AF_LOCAL, NULL}, [2]) = 65
12933 fcntl(65, F_GETFL) = 0x2 (flags O_RDWR)
12933 fcntl(65, F_SETFL, O_RDWR|O_NONBLOCK) = 0
12933 setsockopt(65, SOL_SOCKET, SO_KEEPALIVE, [1], 4) = 0
12933 getpeername(65, {sa_family=AF_LOCAL, NULL}, [2]) = 0
12933 getsockname(65, {sa_family=AF_LOCAL, sun_path="/var/run/slapd-EXAMPLE.COM.socket"}, [40]) = 0
12933 getsockopt(65, SOL_SOCKET, SO_PEERCRED, {pid=16254, uid=0, gid=0}, [12]) = 0
12933 getpeername(7, 0x7ffc9bff1450, [112]) = -1 ENOTCONN (Transport endpoint is not connected)
8967 <... restart_syscall resumed> ) = -1 ETIMEDOUT (Connection timed out)
12933 getpeername(7, 0x7ffc9bff1450, [112]) = -1 ENOTCONN (Transport endpoint is not connected)
13442 recvfrom(65, "0\202\2\316\2\1\1`\202\2\307\2\1\3\4\0\243\202\2\276\4\6GSSAPI\4\202\2\262"..., 512, 0, NULL, NULL) = 512
13442 recvfrom(65, "\237\23\203^\177$\376[\345\20\223t\3052\326\305\352\355i\277\207V\214\n\312M\210h=\2\233="..., 512, 0, NULL, NULL) = 210
13442 write(51, "\0", 1) = 1
13442 sendto(59, "<39>Dec 21 13:16:42 ns-slapd: GS"..., 51, MSG_NOSIGNAL, NULL, 0) = 51
13442 lstat("/etc/gss/mech", 0x7feac37ecd00) = -1 ENOENT (No such file or directory)
13442 openat(AT_FDCWD, "/etc/gss/mech.d", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = 107
13442 getdents(107, /* 3 entries */, 32768) = 88
13442 getdents(107, /* 0 entries */, 32768) = 0
13442 close(107) = 0
13442 lstat("/etc/gss/mech.d/gssproxy.conf", {st_mode=S_IFREG|0644, st_size=189, ...}) = 0
13442 stat("/usr/lib64/gssproxy/proxymech.so", {st_mode=S_IFREG|0755, st_size=110960, ...}) = 0
13442 stat("/etc/krb5.conf", {st_mode=S_IFREG|0644, st_size=780, ...}) = 0
13442 open("/etc/krb5.conf", O_RDONLY) = 107
13442 fcntl(107, F_SETFD, FD_CLOEXEC) = 0
13442 fstat(107, {st_mode=S_IFREG|0644, st_size=780, ...}) = 0
13442 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7feaf3cba000
13442 read(107, "includedir /var/lib/sss/pubconf/"..., 1024) = 780
13442 openat(AT_FDCWD, "/var/lib/sss/pubconf/krb5.include.d/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = 108
13442 getdents(108, /* 5 entries */, 32768) = 176
13442 open("/var/lib/sss/pubconf/krb5.include.d//krb5_libdefaults", O_RDONLY) = 111
13442 fstat(111, {st_mode=S_IFREG|0644, st_size=35, ...}) = 0
13442 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7feaf3cb9000
13442 read(111, "[libdefaults]\n canonicalize = tr"..., 4096) = 35
13442 read(111, "", 4096) = 0
13442 close(111) = 0
13442 munmap(0x7feaf3cb9000, 4096) = 0
13442 open("/var/lib/sss/pubconf/krb5.include.d//localauth_plugin", O_RDONLY) = 111
13442 fstat(111, {st_mode=S_IFREG|0644, st_size=98, ...}) = 0
13442 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7feaf3cb9000
13442 read(111, "[plugins]\n localauth = {\n modul"..., 4096) = 98
13442 read(111, "", 4096) = 0
13442 close(111) = 0
13442 munmap(0x7feaf3cb9000, 4096) = 0
13442 open("/var/lib/sss/pubconf/krb5.include.d//domain_realm_example_com", O_RDONLY) = 111
13442 fstat(111, {st_mode=S_IFREG|0644, st_size=15, ...}) = 0
13442 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7feaf3cb9000
13442 read(111, "[domain_realm]\n", 4096) = 15
13442 read(111, "", 4096) = 0
13442 close(111) = 0
13442 munmap(0x7feaf3cb9000, 4096) = 0
13442 getdents(108, /* 0 entries */, 32768) = 0
13442 close(108) = 0
13442 read(107, "", 1024) = 0
13442 close(107) = 0
13442 munmap(0x7feaf3cba000, 4096) = 0
13442 open("/dev/urandom", O_RDONLY) = 107
13442 fcntl(107, F_SETFD, FD_CLOEXEC) = 0
13442 fstat(107, {st_mode=S_IFCHR|0666, st_rdev=makedev(1, 9), ...}) = 0
13442 read(107, "t\232a\376\355j\6:\264\20\322\252#\307\252\3\37\310x\3168!Vc\371\262M\3161\203\rK"..., 64) = 64
13442 close(107) = 0
13442 open("/etc/hosts", O_RDONLY|O_CLOEXEC) = 107
13442 fstat(107, {st_mode=S_IFREG|0644, st_size=616, ...}) = 0
13442 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7feaf3cba000
13442 read(107, "127.0.0.1 localhost localhost."..., 1024) = 616
13442 read(107, "", 1024) = 0
13442 close(107) = 0
13442 munmap(0x7feaf3cba000, 4096) = 0
13442 socket(PF_NETLINK, SOCK_RAW, 0) = 107
13442 bind(107, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 0
13442 getsockname(107, {sa_family=AF_NETLINK, pid=12933, groups=00000000}, [12]) = 0
13442 sendto(107, "\24\0\0\0\26\0\1\3\n\307ZX\0\0\0\0\0\0\0\0", 20, 0, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 20
13442 recvmsg(107, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"L\0\0\0\24\0\2\0\n\307ZX\2052\0\0\2\10\200\376\1\0\0\0\10\0\1\0\177\0\0\1"..., 4096}], msg_controllen=0, msg_flags=0}, 0) = 404
13442 recvmsg(107, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"H\0\0\0\24\0\2\0\n\307ZX\2052\0\0\n\200\200\376\1\0\0\0\24\0\1\0\0\0\0\0"..., 4096}], msg_controllen=0, msg_flags=0}, 0) = 504
13442 recvmsg(107, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"\24\0\0\0\3\0\2\0\n\307ZX\2052\0\0\0\0\0\0", 4096}], msg_controllen=0, msg_flags=0}, 0) = 20
13442 close(107) = 0
13442 socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP) = 107
13442 connect(107, {sa_family=AF_INET6, sin6_port=htons(0), inet_pton(AF_INET6, "fd31:aeb1:48df:0:214:d1ff:fe13:45ac", &sin6_addr), sin6_flowinfo=0, sin6_scope_id=0}, 28) = 0
13442 getsockname(107, {sa_family=AF_INET6, sin6_port=htons(60060), inet_pton(AF_INET6, "fd31:aeb1:48df:0:214:d1ff:fe13:45ac", &sin6_addr), sin6_flowinfo=0, sin6_scope_id=0}, [28]) = 0
13442 connect(107, {sa_family=AF_UNSPEC, sa_data="\0\0\0\0\0\0\0\0\0\0\0\0\0\0"}, 16) = 0
13442 connect(107, {sa_family=AF_INET6, sin6_port=htons(0), inet_pton(AF_INET6, "[ipv6_prefix1]:214:d1ff:fe13:45ac", &sin6_addr), sin6_flowinfo=0, sin6_scope_id=0}, 28) = 0
13442 getsockname(107, {sa_family=AF_INET6, sin6_port=htons(39732), inet_pton(AF_INET6, "[ipv6_prefix1]:214:d1ff:fe13:45ac", &sin6_addr), sin6_flowinfo=0, sin6_scope_id=0}, [28]) = 0
13442 connect(107, {sa_family=AF_UNSPEC, sa_data="\0\0\0\0\0\0\0\0\0\0\0\0\0\0"}, 16) = 0
13442 connect(107, {sa_family=AF_INET6, sin6_port=htons(0), inet_pton(AF_INET6, "[ipv6_prefix2]:0:214:d1ff:fe13:45ac", &sin6_addr), sin6_flowinfo=0, sin6_scope_id=0}, 28) = 0
13442 getsockname(107, {sa_family=AF_INET6, sin6_port=htons(45163), inet_pton(AF_INET6, "[ipv6_prefix3]:214:d1ff:fe13:45ac", &sin6_addr), sin6_flowinfo=0, sin6_scope_id=0}, [28]) = 0
13442 connect(107, {sa_family=AF_UNSPEC, sa_data="\0\0\0\0\0\0\0\0\0\0\0\0\0\0"}, 16) = 0
13442 connect(107, {sa_family=AF_INET6, sin6_port=htons(0), inet_pton(AF_INET6, "[ipv6_prefix3]:214:d1ff:fe13:45ac", &sin6_addr), sin6_flowinfo=0, sin6_scope_id=0}, 28) = 0
13442 getsockname(107, {sa_family=AF_INET6, sin6_port=htons(50089), inet_pton(AF_INET6, "[ipv6_prefix3]:214:d1ff:fe13:45ac", &sin6_addr), sin6_flowinfo=0, sin6_scope_id=0}, [28]) = 0
13442 connect(107, {sa_family=AF_UNSPEC, sa_data="\0\0\0\0\0\0\0\0\0\0\0\0\0\0"}, 16) = 0
13442 connect(107, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("10.75.22.247")}, 16) = 0
13442 getsockname(107, {sa_family=AF_INET6, sin6_port=htons(57720), inet_pton(AF_INET6, "::ffff:10.75.22.247", &sin6_addr), sin6_flowinfo=0, sin6_scope_id=0}, [28]) = 0
13442 close(107) = 0
13442 stat("/etc/krb5.conf", {st_mode=S_IFREG|0644, st_size=780, ...}) = 0
13442 open("/etc/krb5.conf", O_RDONLY) = 107
13442 fcntl(107, F_SETFD, FD_CLOEXEC) = 0
13442 fstat(107, {st_mode=S_IFREG|0644, st_size=780, ...}) = 0
13442 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7feaf3cba000
13442 read(107, "includedir /var/lib/sss/pubconf/"..., 1024) = 780
13442 openat(AT_FDCWD, "/var/lib/sss/pubconf/krb5.include.d/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = 108
13442 getdents(108, /* 5 entries */, 32768) = 176
13442 open("/var/lib/sss/pubconf/krb5.include.d//krb5_libdefaults", O_RDONLY) = 111
13442 fstat(111, {st_mode=S_IFREG|0644, st_size=35, ...}) = 0
13442 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7feaf3cb9000
13442 read(111, "[libdefaults]\n canonicalize = tr"..., 4096) = 35
13442 read(111, "", 4096) = 0
13442 close(111) = 0
13442 munmap(0x7feaf3cb9000, 4096) = 0
13442 open("/var/lib/sss/pubconf/krb5.include.d//localauth_plugin", O_RDONLY) = 111
13442 fstat(111, {st_mode=S_IFREG|0644, st_size=98, ...}) = 0
13442 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7feaf3cb9000
13442 read(111, "[plugins]\n localauth = {\n modul"..., 4096) = 98
13442 read(111, "", 4096) = 0
13442 close(111) = 0
13442 munmap(0x7feaf3cb9000, 4096) = 0
13442 open("/var/lib/sss/pubconf/krb5.include.d//domain_realm_example_com", O_RDONLY) = 111
13442 fstat(111, {st_mode=S_IFREG|0644, st_size=15, ...}) = 0
13442 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7feaf3cb9000
13442 read(111, "[domain_realm]\n", 4096) = 15
13442 read(111, "", 4096) = 0
13442 close(111) = 0
13442 munmap(0x7feaf3cb9000, 4096) = 0
13442 getdents(108, /* 0 entries */, 32768) = 0
13442 close(108) = 0
13442 read(107, "", 1024) = 0
13442 close(107) = 0
13442 munmap(0x7feaf3cba000, 4096) = 0
13442 open("/dev/urandom", O_RDONLY) = 107
13442 fcntl(107, F_SETFD, FD_CLOEXEC) = 0
13442 fstat(107, {st_mode=S_IFCHR|0666, st_rdev=makedev(1, 9), ...}) = 0
13442 read(107, "\1\313~\27y\301\273\231\350+\364\t\305\312\261MY$\246\253x|S9u\255\364\244\265\343\23 "..., 64) = 64
13442 close(107) = 0
13442 open("/etc/krb5.keytab", O_RDONLY) = -1 EACCES (Permission denied)
13442 stat("/etc/krb5.conf", {st_mode=S_IFREG|0644, st_size=780, ...}) = 0
13442 open("/etc/krb5.conf", O_RDONLY) = 107
13442 fcntl(107, F_SETFD, FD_CLOEXEC) = 0
13442 fstat(107, {st_mode=S_IFREG|0644, st_size=780, ...}) = 0
13442 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7feaf3cba000
13442 read(107, "includedir /var/lib/sss/pubconf/"..., 1024) = 780
13442 openat(AT_FDCWD, "/var/lib/sss/pubconf/krb5.include.d/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = 108
13442 getdents(108, /* 5 entries */, 32768) = 176
13442 open("/var/lib/sss/pubconf/krb5.include.d//krb5_libdefaults", O_RDONLY) = 111
13442 fstat(111, {st_mode=S_IFREG|0644, st_size=35, ...}) = 0
13442 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7feaf3cb9000
13442 read(111, "[libdefaults]\n canonicalize = tr"..., 4096) = 35
13442 read(111, "", 4096) = 0
13442 close(111) = 0
13442 munmap(0x7feaf3cb9000, 4096) = 0
13442 open("/var/lib/sss/pubconf/krb5.include.d//localauth_plugin", O_RDONLY) = 111
13442 fstat(111, {st_mode=S_IFREG|0644, st_size=98, ...}) = 0
13442 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7feaf3cb9000
13442 read(111, "[plugins]\n localauth = {\n modul"..., 4096) = 98
13442 read(111, "", 4096) = 0
13442 close(111) = 0
13442 munmap(0x7feaf3cb9000, 4096) = 0
13442 open("/var/lib/sss/pubconf/krb5.include.d//domain_realm_example_com", O_RDONLY) = 111
13442 fstat(111, {st_mode=S_IFREG|0644, st_size=15, ...}) = 0
13442 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7feaf3cb9000
13442 read(111, "[domain_realm]\n", 4096) = 15
13442 read(111, "", 4096) = 0
13442 close(111) = 0
13442 munmap(0x7feaf3cb9000, 4096) = 0
13442 getdents(108, /* 0 entries */, 32768) = 0
13442 close(108) = 0
13442 read(107, "", 1024) = 0
13442 close(107) = 0
13442 munmap(0x7feaf3cba000, 4096) = 0
13442 open("/dev/urandom", O_RDONLY) = 107
13442 fcntl(107, F_SETFD, FD_CLOEXEC) = 0
13442 fstat(107, {st_mode=S_IFCHR|0666, st_rdev=makedev(1, 9), ...}) = 0
13442 read(107, "y\331\247\350\335\273\366\257\245=\361\233\276#\304\357\6\2251\276\7\344\372\301\335\221\262\305\26f\301f"..., 64) = 64
13442 close(107) = 0
13442 stat("/usr/lib64/gssproxy/proxymech.so", {st_mode=S_IFREG|0755, st_size=110960, ...}) = 0
13442 stat("/etc/krb5.conf", {st_mode=S_IFREG|0644, st_size=780, ...}) = 0
13442 open("/etc/krb5.conf", O_RDONLY) = 107
13442 fcntl(107, F_SETFD, FD_CLOEXEC) = 0
13442 fstat(107, {st_mode=S_IFREG|0644, st_size=780, ...}) = 0
13442 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7feaf3cba000
13442 read(107, "includedir /var/lib/sss/pubconf/"..., 1024) = 780
13442 openat(AT_FDCWD, "/var/lib/sss/pubconf/krb5.include.d/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = 108
13442 getdents(108, /* 5 entries */, 32768) = 176
13442 open("/var/lib/sss/pubconf/krb5.include.d//krb5_libdefaults", O_RDONLY) = 111
13442 fstat(111, {st_mode=S_IFREG|0644, st_size=35, ...}) = 0
13442 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7feaf3cb9000
13442 read(111, "[libdefaults]\n canonicalize = tr"..., 4096) = 35
13442 read(111, "", 4096) = 0
13442 close(111) = 0
13442 munmap(0x7feaf3cb9000, 4096) = 0
13442 open("/var/lib/sss/pubconf/krb5.include.d//localauth_plugin", O_RDONLY) = 111
13442 fstat(111, {st_mode=S_IFREG|0644, st_size=98, ...}) = 0
13442 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7feaf3cb9000
13442 read(111, "[plugins]\n localauth = {\n modul"..., 4096) = 98
13442 read(111, "", 4096) = 0
13442 close(111) = 0
13442 munmap(0x7feaf3cb9000, 4096) = 0
13442 open("/var/lib/sss/pubconf/krb5.include.d//domain_realm_example_com", O_RDONLY) = 111
13442 fstat(111, {st_mode=S_IFREG|0644, st_size=15, ...}) = 0
13442 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7feaf3cb9000
13442 read(111, "[domain_realm]\n", 4096) = 15
13442 read(111, "", 4096) = 0
13442 close(111) = 0
13442 munmap(0x7feaf3cb9000, 4096) = 0
13442 getdents(108, /* 0 entries */, 32768) = 0
13442 close(108) = 0
13442 read(107, "", 1024) = 0
13442 close(107) = 0
13442 munmap(0x7feaf3cba000, 4096) = 0
13442 open("/dev/urandom", O_RDONLY) = 107
13442 fcntl(107, F_SETFD, FD_CLOEXEC) = 0
13442 fstat(107, {st_mode=S_IFCHR|0666, st_rdev=makedev(1, 9), ...}) = 0
13442 read(107, "\333\310\fT\300-RA\243\305\30\332V<:\230\5\27\274\215>\262YV\345\324b\314#,\263F"..., 64) = 64
13442 close(107) = 0
13442 open("/etc/hosts", O_RDONLY|O_CLOEXEC) = 107
13442 fstat(107, {st_mode=S_IFREG|0644, st_size=616, ...}) = 0
13442 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7feaf3cba000
13442 read(107, "127.0.0.1 localhost localhost."..., 1024) = 616
13442 read(107, "", 1024) = 0
13442 close(107) = 0
13442 munmap(0x7feaf3cba000, 4096) = 0
13442 socket(PF_NETLINK, SOCK_RAW, 0) = 107
13442 bind(107, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 0
13442 getsockname(107, {sa_family=AF_NETLINK, pid=12933, groups=00000000}, [12]) = 0
13442 sendto(107, "\24\0\0\0\26\0\1\3\n\307ZX\0\0\0\0\0\0\0\0", 20, 0, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 20
13442 recvmsg(107, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"L\0\0\0\24\0\2\0\n\307ZX\2052\0\0\2\10\200\376\1\0\0\0\10\0\1\0\177\0\0\1"..., 4096}], msg_controllen=0, msg_flags=0}, 0) = 404
13442 recvmsg(107, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"H\0\0\0\24\0\2\0\n\307ZX\2052\0\0\n\200\200\376\1\0\0\0\24\0\1\0\0\0\0\0"..., 4096}], msg_controllen=0, msg_flags=0}, 0) = 504
13442 recvmsg(107, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"\24\0\0\0\3\0\2\0\n\307ZX\2052\0\0\0\0\0\0", 4096}], msg_controllen=0, msg_flags=0}, 0) = 20
13442 close(107) = 0
13442 socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP) = 107
13442 connect(107, {sa_family=AF_INET6, sin6_port=htons(0), inet_pton(AF_INET6, "fd31:aeb1:48df:0:214:d1ff:fe13:45ac", &sin6_addr), sin6_flowinfo=0, sin6_scope_id=0}, 28) = 0
13442 getsockname(107, {sa_family=AF_INET6, sin6_port=htons(44027), inet_pton(AF_INET6, "fd31:aeb1:48df:0:214:d1ff:fe13:45ac", &sin6_addr), sin6_flowinfo=0, sin6_scope_id=0}, [28]) = 0
13442 connect(107, {sa_family=AF_UNSPEC, sa_data="\0\0\0\0\0\0\0\0\0\0\0\0\0\0"}, 16) = 0
13442 connect(107, {sa_family=AF_INET6, sin6_port=htons(0), inet_pton(AF_INET6, "[ipv6_prefix1]:214:d1ff:fe13:45ac", &sin6_addr), sin6_flowinfo=0, sin6_scope_id=0}, 28) = 0
13442 getsockname(107, {sa_family=AF_INET6, sin6_port=htons(39984), inet_pton(AF_INET6, "[ipv6_prefix1]:214:d1ff:fe13:45ac", &sin6_addr), sin6_flowinfo=0, sin6_scope_id=0}, [28]) = 0
13442 connect(107, {sa_family=AF_UNSPEC, sa_data="\0\0\0\0\0\0\0\0\0\0\0\0\0\0"}, 16) = 0
13442 connect(107, {sa_family=AF_INET6, sin6_port=htons(0), inet_pton(AF_INET6, "[ipv6_prefix2]:0:214:d1ff:fe13:45ac", &sin6_addr), sin6_flowinfo=0, sin6_scope_id=0}, 28) = 0
13442 getsockname(107, {sa_family=AF_INET6, sin6_port=htons(37062), inet_pton(AF_INET6, "[ipv6_prefix3]:214:d1ff:fe13:45ac", &sin6_addr), sin6_flowinfo=0, sin6_scope_id=0}, [28]) = 0
13442 connect(107, {sa_family=AF_UNSPEC, sa_data="\0\0\0\0\0\0\0\0\0\0\0\0\0\0"}, 16) = 0
13442 connect(107, {sa_family=AF_INET6, sin6_port=htons(0), inet_pton(AF_INET6, "[ipv6_prefix3]:214:d1ff:fe13:45ac", &sin6_addr), sin6_flowinfo=0, sin6_scope_id=0}, 28) = 0
13442 getsockname(107, {sa_family=AF_INET6, sin6_port=htons(37446), inet_pton(AF_INET6, "[ipv6_prefix3]:214:d1ff:fe13:45ac", &sin6_addr), sin6_flowinfo=0, sin6_scope_id=0}, [28]) = 0
13442 connect(107, {sa_family=AF_UNSPEC, sa_data="\0\0\0\0\0\0\0\0\0\0\0\0\0\0"}, 16) = 0
13442 connect(107, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("10.75.22.247")}, 16) = 0
13442 getsockname(107, {sa_family=AF_INET6, sin6_port=htons(48649), inet_pton(AF_INET6, "::ffff:10.75.22.247", &sin6_addr), sin6_flowinfo=0, sin6_scope_id=0}, [28]) = 0
13442 close(107) = 0
13442 stat("/etc/krb5.conf", {st_mode=S_IFREG|0644, st_size=780, ...}) = 0
13442 open("/etc/krb5.conf", O_RDONLY) = 107
13442 fcntl(107, F_SETFD, FD_CLOEXEC) = 0
13442 fstat(107, {st_mode=S_IFREG|0644, st_size=780, ...}) = 0
13442 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7feaf3cba000
13442 read(107, "includedir /var/lib/sss/pubconf/"..., 1024) = 780
13442 openat(AT_FDCWD, "/var/lib/sss/pubconf/krb5.include.d/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = 108
13442 getdents(108, /* 5 entries */, 32768) = 176
13442 open("/var/lib/sss/pubconf/krb5.include.d//krb5_libdefaults", O_RDONLY) = 111
13442 fstat(111, {st_mode=S_IFREG|0644, st_size=35, ...}) = 0
13442 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7feaf3cb9000
13442 read(111, "[libdefaults]\n canonicalize = tr"..., 4096) = 35
13442 read(111, "", 4096) = 0
13442 close(111) = 0
13442 munmap(0x7feaf3cb9000, 4096) = 0
13442 open("/var/lib/sss/pubconf/krb5.include.d//localauth_plugin", O_RDONLY) = 111
13442 fstat(111, {st_mode=S_IFREG|0644, st_size=98, ...}) = 0
13442 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7feaf3cb9000
13442 read(111, "[plugins]\n localauth = {\n modul"..., 4096) = 98
13442 read(111, "", 4096) = 0
13442 close(111) = 0
13442 munmap(0x7feaf3cb9000, 4096) = 0
13442 open("/var/lib/sss/pubconf/krb5.include.d//domain_realm_example_com", O_RDONLY) = 111
13442 fstat(111, {st_mode=S_IFREG|0644, st_size=15, ...}) = 0
13442 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7feaf3cb9000
13442 read(111, "[domain_realm]\n", 4096) = 15
13442 read(111, "", 4096) = 0
13442 close(111) = 0
13442 munmap(0x7feaf3cb9000, 4096) = 0
13442 getdents(108, /* 0 entries */, 32768) = 0
13442 close(108) = 0
13442 read(107, "", 1024) = 0
13442 close(107) = 0
13442 munmap(0x7feaf3cba000, 4096) = 0
13442 open("/dev/urandom", O_RDONLY) = 107
13442 fcntl(107, F_SETFD, FD_CLOEXEC) = 0
13442 fstat(107, {st_mode=S_IFCHR|0666, st_rdev=makedev(1, 9), ...}) = 0
13442 read(107, "\334\337\2\5^\334\343{\306\235\30\2551\240\320\337\10\264\361S\3740\257\370;\330\17`\332\10C("..., 64) = 64
13442 close(107) = 0
13442 open("/etc/krb5.keytab", O_RDONLY) = -1 EACCES (Permission denied)
13442 stat("/etc/krb5.conf", {st_mode=S_IFREG|0644, st_size=780, ...}) = 0
13442 open("/etc/krb5.conf", O_RDONLY) = 107
13442 fcntl(107, F_SETFD, FD_CLOEXEC) = 0
13442 fstat(107, {st_mode=S_IFREG|0644, st_size=780, ...}) = 0
13442 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7feaf3cba000
13442 read(107, "includedir /var/lib/sss/pubconf/"..., 1024) = 780
13442 openat(AT_FDCWD, "/var/lib/sss/pubconf/krb5.include.d/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = 108
13442 getdents(108, /* 5 entries */, 32768) = 176
13442 open("/var/lib/sss/pubconf/krb5.include.d//krb5_libdefaults", O_RDONLY) = 111
13442 fstat(111, {st_mode=S_IFREG|0644, st_size=35, ...}) = 0
13442 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7feaf3cb9000
13442 read(111, "[libdefaults]\n canonicalize = tr"..., 4096) = 35
13442 read(111, "", 4096) = 0
13442 close(111) = 0
13442 munmap(0x7feaf3cb9000, 4096) = 0
13442 open("/var/lib/sss/pubconf/krb5.include.d//localauth_plugin", O_RDONLY) = 111
13442 fstat(111, {st_mode=S_IFREG|0644, st_size=98, ...}) = 0
13442 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7feaf3cb9000
13442 read(111, "[plugins]\n localauth = {\n modul"..., 4096) = 98
13442 read(111, "", 4096) = 0
13442 close(111) = 0
13442 munmap(0x7feaf3cb9000, 4096) = 0
13442 open("/var/lib/sss/pubconf/krb5.include.d//domain_realm_example_com", O_RDONLY) = 111
13442 fstat(111, {st_mode=S_IFREG|0644, st_size=15, ...}) = 0
13442 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7feaf3cb9000
13442 read(111, "[domain_realm]\n", 4096) = 15
13442 read(111, "", 4096) = 0
13442 close(111) = 0
13442 munmap(0x7feaf3cb9000, 4096) = 0
13442 getdents(108, /* 0 entries */, 32768) = 0
13442 close(108) = 0
13442 read(107, "", 1024) = 0
13442 close(107) = 0
13442 munmap(0x7feaf3cba000, 4096) = 0
13442 open("/dev/urandom", O_RDONLY) = 107
13442 fcntl(107, F_SETFD, FD_CLOEXEC) = 0
13442 fstat(107, {st_mode=S_IFCHR|0666, st_rdev=makedev(1, 9), ...}) = 0
13442 read(107, "\244\243\211(\301\227\26x\262X\26<\2\201b\377p33\232q\302\351$\301\347\213\247n\17w\177"..., 64) = 64
13442 close(107) = 0
13442 sendto(65, "0\f\2\1\1a\7\n\0011\4\0\4\0", 14, 0, NULL, 0 <unfinished ...>
12933 read(50, <unfinished ...>
13442 <... sendto resumed> ) = 14
12933 <... read resumed> "\0", 200) = 1
13442 write(51, "\0", 1 <unfinished ...>
12933 getpeername(7, <unfinished ...>
13442 <... write resumed> ) = 1
12933 <... getpeername resumed> 0x7ffc9bff1450, [112]) = -1 ENOTCONN (Transport endpoint is not connected)
12933 read(50, "\0", 200) = 1
12933 getpeername(7, 0x7ffc9bff1450, [112]) = -1 ENOTCONN (Transport endpoint is not connected)
12933 getpeername(7, 0x7ffc9bff1450, [112]) = -1 ENOTCONN (Transport endpoint is not connected)
13450 recvfrom(65, "0\5\2\1\2B\0", 512, 0, NULL, NULL) = 7
13450 write(51, "\0", 1) = 1
12933 read(50, "\0", 200) = 1
12933 close(65) = 0
12933 getpeername(7, 0x7ffc9bff1450, [112]) = -1 ENOTCONN (Transport endpoint is not connected)
12933 getpeername(7, 0x7ffc9bff1450, [112]) = -1 ENOTCONN (Transport endpoint is not connected)
12933 getpeername(7, 0x7ffc9bff1450, [112]) = -1 ENOTCONN (Transport endpoint is not connected)
12933 getpeername(7, 0x7ffc9bff1450, [112]) = -1 ENOTCONN (Transport endpoint is not connected)
13414 <... restart_syscall resumed> ) = -1 ETIMEDOUT (Connection timed out)
12933 getpeername(7, 0x7ffc9bff1450, [112]) = -1 ENOTCONN (Transport endpoint is not connected)
12933 getpeername(7, 0x7ffc9bff1450, [112]) = -1 ENOTCONN (Transport endpoint is not connected)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20161221/f70fe593/attachment.sig>
More information about the Freeipa-users
mailing list