[Freeipa-users] be_pam_handler_callback Backend returned: (3, 4, <NULL>) [Internal Error (System error)]
Sumit Bose
sbose at redhat.com
Tue Jan 17 10:38:12 UTC 2017
On Tue, Jan 17, 2017 at 10:44:14AM +0100, Harald Dunkel wrote:
> It seems something got corrupted in my ipa setup. I found this in the
> sssd log file on Wheezy:
>
> (Tue Jan 17 10:19:02 2017) [hbac_shost_attrs_to_rule] (0x0400): Processing source hosts for rule [allow_all]
> (Tue Jan 17 10:19:02 2017) [hbac_eval_user_element] (0x0080): Parse error on [cn=System: Manage Host Principals+nsuniqueid=109be36e-ccd911e6-a5b3d0c8-d8da17db,cn=permissions,cn=pbac,dc=example,dc=de]
Looks like there was a replication conflict, please see
https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/10/html/Administration_Guide/Managing_Replication-Solving_Common_Replication_Conflicts.html
how to resolve it.
We already have a ticket for SSSD to ignore those object, but
unfortunately there is currently no patch available for SSSD so you have
to resolve the replication conflict to get it working again.
HTH
bye,
Sumit
> (Tue Jan 17 10:19:02 2017) [hbac_ctx_to_rules] (0x0020): Could not construct eval request
> (Tue Jan 17 10:19:02 2017) [ipa_hbac_evaluate_rules] (0x0020): Could not construct HBAC rules
> (Tue Jan 17 10:19:02 2017) [be_pam_handler_callback] (0x0100): Backend returned: (3, 4, <NULL>) [Internal Error (System error)]
> (Tue Jan 17 10:19:02 2017) [be_pam_handler_callback] (0x0100): Sending result [4][example.de]
> (Tue Jan 17 10:19:02 2017) [be_pam_handler_callback] (0x0100): Sent result [4][example.de]
>
> This happens on a login via ssh, or if I run "su - username" as
> root. The su session gives just a warning, but for sshd I have to
> disable pam to allow remote logins.
>
> Complete log is attached, of course.
>
>
> Every helpful comment is highly appreciated.
> Harri
More information about the Freeipa-users
mailing list