[Freeipa-users] Issue IPA: AD Users and IPA Users when using SSS/LDAP with SUDO
Sumit Bose
sbose at redhat.com
Thu Apr 25 11:36:17 UTC 2013
On Thu, Apr 25, 2013 at 12:38:18PM +0200, Pavel Březina wrote:
> On 04/24/2013 07:20 PM, Aly Khimji wrote:
> >(Wed Apr 24 13:07:35 2013) [sssd[be[nix.corpnonprd.xxxx.com]]] [be_pam_handler_callback] (0x0100): Backend returned: (0, 0, <NULL>) [Success]
> >(Wed Apr 24 13:07:35 2013) [sssd[be[nix.corpnonprd.xxxx.com]]] [sss_selinux_extract_user] (0x0040): sysdb_search_user_by_name failed.
> >(Wed Apr 24 13:07:35 2013) [sssd[be[nix.corpnonprd.xxxx.com]]] [ipa_selinux_handler] (0x0040): Cannot create op context
This issue is already know,
https://bugzilla.redhat.com/show_bug.cgi?id=954342 and
https://fedorahosted.org/sssd/ticket/1892 .
I will send a fix for this to sssd-devel soon.
bye,
Sumit
> >(Wed Apr 24 13:07:35 2013) [sssd[be[nix.corpnonprd.xxxx.com]]] [be_pam_handler_callback] (0x0100): Backend returned: (3, 4, <NULL>) [Internal Error (System error)]
>
> Hi,
> this looks like a selinux problem to me. What happens when you set
> selinux to permissive?
>
> Also does this problem occur only with sudo, or other services are
> affected too (id, authentication, ssh)?
>
> Can you please perform following commands? It will remove cache and
> logs so do it in a safe non-production environment.
>
> As root:
> # service stop sssd
> # rm -f /var/lib/sss/db/* /var/lib/sss/mc/* /var/log/sssd/*
> # service sssd start
>
> As normal user:
> $ su ad-user at trusted-domain
> $ sudo -l
> $ exit
>
> And send us the sanitized logs (all of them).
>
> Thank you.
>
>
>
>
>
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
More information about the Freeipa-users
mailing list