[Freeipa-users] freeipa 4.4.0 and Ubuntu 14.04
Andy Brittingham
abrittingham at monetra.com
Fri Jan 6 16:48:07 UTC 2017
Sorry for the delay, was doing some troubleshooting.
Here is what I know now:
The problem is on Ubuntu hosts using older sssd versions 1.11.8 (Ubuntu
14.04).
SSSD versions 1.13.4 (Ubuntu 16.04) and 1.13.3 (CentOS 6.8) both work.
Users in the admin group can't log into these hosts.
I created a newadmins group and assigned a new user to it. When I add
the "User Administrator" role the new user can't log into the hosts with
older sssd.
As soon as I delete the "User Administrator" role, new user has access
again.
I've pasted the last bit of logs from a sssd_domain log below. I'd be
happy to forward the entire log, or additional logs if they will be helpful.
Andy
(Fri Jan 6 10:00:15 2017) [sssd[be[monetra.com]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs:
[loginExpirationTime]
(Fri Jan 6 10:00:15 2017) [sssd[be[monetra.com]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs:
[loginAllowedTimeMap]
(Fri Jan 6 10:00:15 2017) [sssd[be[monetra.com]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaSshPubKey]
(Fri Jan 6 10:00:15 2017) [sssd[be[monetra.com]]]
[sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 29
(Fri Jan 6 10:00:15 2017) [sssd[be[monetra.com]]] [sdap_process_result]
(0x2000): Trace: sh[0x1b47990], connected[1], ops[0x1b59ab0],
ldap[0x1b2b030]
(Fri Jan 6 10:00:15 2017) [sssd[be[monetra.com]]]
[sdap_get_generic_ext_done] (0x0400): Search result: Success(0), no
errmsg set
(Fri Jan 6 10:00:15 2017) [sssd[be[monetra.com]]] [groups_by_user_done]
(0x0040): Failed to canonicalize name, using [rob].
(Fri Jan 6 10:00:15 2017) [sssd[be[monetra.com]]]
[sysdb_search_user_by_name] (0x0400): No such entry
(Fri Jan 6 10:00:15 2017) [sssd[be[monetra.com]]] [sysdb_search_groups]
(0x2000): Search groups with filter: (&(objectclass=group)(ghost=rob))
(Fri Jan 6 10:00:15 2017) [sssd[be[monetra.com]]] [sysdb_search_groups]
(0x2000): No such entry
(Fri Jan 6 10:00:15 2017) [sssd[be[monetra.com]]] [sysdb_delete_user]
(0x0400): Error: 2 (No such file or directory)
(Fri Jan 6 10:00:15 2017) [sssd[be[monetra.com]]] [acctinfo_callback]
(0x0100): Request processed. Returned 0,0,Success
(Fri Jan 6 10:00:15 2017) [sssd[be[monetra.com]]] [sdap_process_result]
(0x2000): Trace: sh[0x1b47990], connected[1], ops[(nil)], ldap[0x1b2b030]
(Fri Jan 6 10:00:15 2017) [sssd[be[monetra.com]]] [sdap_process_result]
(0x2000): Trace: ldap_result found nothing!
(Fri Jan 6 10:00:15 2017) [sssd[be[monetra.com]]]
[sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit
(Fri Jan 6 10:00:15 2017) [sssd[be[monetra.com]]] [be_get_account_info]
(0x0100): Got request for [4099][1][name=monetra]
(Fri Jan 6 10:00:15 2017) [sssd[be[monetra.com]]] [be_req_set_domain]
(0x0400): Changing request domain from [monetra.com] to [monetra.com]
(Fri Jan 6 10:00:15 2017) [sssd[be[monetra.com]]]
[sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not parse
domain SID from [(null)]
(Fri Jan 6 10:00:15 2017) [sssd[be[monetra.com]]]
[sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not parse
domain SID from [(null)]
(Fri Jan 6 10:00:15 2017) [sssd[be[monetra.com]]]
[sdap_get_initgr_next_base] (0x0400): Searching for users with base
[cn=accounts,dc=monetra,dc=com]
(Fri Jan 6 10:00:15 2017) [sssd[be[monetra.com]]]
[sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with
[(&(uid=monetra)(objectclass=posixAccount)(&(uidNumber=*)(!(uidNumber=0))))][cn=accounts,dc=monetra,dc=com].
(Fri Jan 6 10:00:15 2017) [sssd[be[monetra.com]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [objectClass]
(Fri Jan 6 10:00:15 2017) [sssd[be[monetra.com]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [uid]
(Fri Jan 6 10:00:15 2017) [sssd[be[monetra.com]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [userPassword]
(Fri Jan 6 10:00:15 2017) [sssd[be[monetra.com]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [uidNumber]
(Fri Jan 6 10:00:15 2017) [sssd[be[monetra.com]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [gidNumber]
(Fri Jan 6 10:00:15 2017) [sssd[be[monetra.com]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [gecos]
(Fri Jan 6 10:00:15 2017) [sssd[be[monetra.com]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [homeDirectory]
(Fri Jan 6 10:00:15 2017) [sssd[be[monetra.com]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [loginShell]
(Fri Jan 6 10:00:15 2017) [sssd[be[monetra.com]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [krbPrincipalName]
(Fri Jan 6 10:00:15 2017) [sssd[be[monetra.com]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [cn]
(Fri Jan 6 10:00:15 2017) [sssd[be[monetra.com]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [memberOf]
(Fri Jan 6 10:00:15 2017) [sssd[be[monetra.com]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs:
[ipaNTSecurityIdentifier]
(Fri Jan 6 10:00:15 2017) [sssd[be[monetra.com]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [modifyTimestamp]
(Fri Jan 6 10:00:15 2017) [sssd[be[monetra.com]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [entryUSN]
(Fri Jan 6 10:00:15 2017) [sssd[be[monetra.com]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowLastChange]
(Fri Jan 6 10:00:15 2017) [sssd[be[monetra.com]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowMin]
(Fri Jan 6 10:00:15 2017) [sssd[be[monetra.com]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowMax]
(Fri Jan 6 10:00:15 2017) [sssd[be[monetra.com]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowWarning]
(Fri Jan 6 10:00:15 2017) [sssd[be[monetra.com]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowInactive]
(Fri Jan 6 10:00:15 2017) [sssd[be[monetra.com]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowExpire]
(Fri Jan 6 10:00:15 2017) [sssd[be[monetra.com]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowFlag]
(Fri Jan 6 10:00:15 2017) [sssd[be[monetra.com]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [krbLastPwdChange]
(Fri Jan 6 10:00:15 2017) [sssd[be[monetra.com]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs:
[krbPasswordExpiration]
(Fri Jan 6 10:00:15 2017) [sssd[be[monetra.com]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [pwdAttribute]
(Fri Jan 6 10:00:15 2017) [sssd[be[monetra.com]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [authorizedService]
(Fri Jan 6 10:00:15 2017) [sssd[be[monetra.com]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [accountExpires]
(Fri Jan 6 10:00:15 2017) [sssd[be[monetra.com]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [userAccountControl]
(Fri Jan 6 10:00:15 2017) [sssd[be[monetra.com]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [nsAccountLock]
(Fri Jan 6 10:00:15 2017) [sssd[be[monetra.com]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [host]
(Fri Jan 6 10:00:15 2017) [sssd[be[monetra.com]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [loginDisabled]
(Fri Jan 6 10:00:15 2017) [sssd[be[monetra.com]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs:
[loginExpirationTime]
(Fri Jan 6 10:00:15 2017) [sssd[be[monetra.com]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs:
[loginAllowedTimeMap]
(Fri Jan 6 10:00:15 2017) [sssd[be[monetra.com]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaSshPubKey]
(Fri Jan 6 10:00:15 2017) [sssd[be[monetra.com]]]
[sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 30
(Fri Jan 6 10:00:15 2017) [sssd[be[monetra.com]]] [sdap_process_result]
(0x2000): Trace: sh[0x1b47990], connected[1], ops[0x1b5a870],
ldap[0x1b2b030]
(Fri Jan 6 10:00:15 2017) [sssd[be[monetra.com]]]
[sdap_get_generic_ext_done] (0x0400): Search result: Success(0), no
errmsg set
(Fri Jan 6 10:00:15 2017) [sssd[be[monetra.com]]] [groups_by_user_done]
(0x0040): Failed to canonicalize name, using [monetra].
(Fri Jan 6 10:00:15 2017) [sssd[be[monetra.com]]]
[sysdb_search_user_by_name] (0x0400): No such entry
(Fri Jan 6 10:00:15 2017) [sssd[be[monetra.com]]] [sysdb_search_groups]
(0x2000): Search groups with filter: (&(objectclass=group)(ghost=monetra))
(Fri Jan 6 10:00:15 2017) [sssd[be[monetra.com]]] [sysdb_search_groups]
(0x2000): No such entry
(Fri Jan 6 10:00:15 2017) [sssd[be[monetra.com]]] [sysdb_delete_user]
(0x0400): Error: 2 (No such file or directory)
(Fri Jan 6 10:00:15 2017) [sssd[be[monetra.com]]] [acctinfo_callback]
(0x0100): Request processed. Returned 0,0,Success
(Fri Jan 6 10:00:15 2017) [sssd[be[monetra.com]]] [sdap_process_result]
(0x2000): Trace: sh[0x1b47990], connected[1], ops[(nil)], ldap[0x1b2b030]
(Fri Jan 6 10:00:15 2017) [sssd[be[monetra.com]]] [sdap_process_result]
(0x2000): Trace: ldap_result found nothing!
(Fri Jan 6 10:00:20 2017) [sssd[be[monetra.com]]]
[sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit
(Fri Jan 6 10:00:30 2017) [sssd[be[monetra.com]]]
[sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit
(Fri Jan 6 10:00:40 2017) [sssd[be[monetra.com]]]
[sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit
^ these last lines continue until (Fri Jan 6 10:04:40 2017).
On 01/06/2017 09:33 AM, Jakub Hrozek wrote:
> On Fri, Jan 06, 2017 at 09:01:12AM -0500, Andy Brittingham wrote:
>> Hi,
>>
>> I upgraded my Freeipa servers to 4.4.0-14 on CentOS 7 yesterday. None of my
>> Ubuntu clients with versions < 16.04 (sssd version 1.13.4) can authenticate
>> against the upgraded servers. It appears the problem is the version of sssd
>> that is installed in the earlier Ubuntu versions. Is this a know issue and
>> does anyone know of a work around for this? The sssd package in the PPA repo
>> for 14.04 ( 1.12.5-1~trusty) didn't fix the issue.
> What do the sssd logs say?
>
--
Andy Brittingham
Main Street Softworks
(800)650-9787
More information about the Freeipa-users
mailing list