Dear all,
appologies if that has already been discussed. I am currently on travel overseas and only have a small tablet here, so my options are limited.
Suddenly, our Linux Mint clients refrain from logging in users and throw a system error. I increased the log level and the relevant lines seem to be:
(Sun Sep 10 03:19:09 2017) [sssd[be[pleiades.uni-wuppertal.de]]] [hbac_eval_user_element] (0x0040): Parse error on [ cn=System: Manage Host Principals+nsuniqueid=53120f31-41e811e7-b96dfa31-96759478,cn=permissions,cn=pbac,dc=pleiades,dc=uni-wuppertal,dc=de]: Malformed cache entry (Sun Sep 10 03:19:09 2017) [sssd[be[pleiades.uni-wuppertal.de]]] [hbac_ctx_to_rules] (0x0020): Could not construct e val request (Sun Sep 10 03:19:09 2017) [sssd[be[pleiades.uni-wuppertal.de]]] [ipa_hbac_evaluate_rules] (0x0020): Could not const ruct HBAC rules (Sun Sep 10 03:19:09 2017) [sssd[be[pleiades.uni-wuppertal.de]]] [be_pam_handler_callback] (0x0100): Backend returne d: (3, 4, <NULL>) [Internal Error (System error)]
I tried to delete the local cache, but that had no effect. Restarting the IPA server in question also did not help.
Thanks for any hint.
Best regards
Torsten
Torsten Harenberg via FreeIPA-users freeipa-users@lists.fedorahosted.org writes:
Suddenly, our Linux Mint clients refrain from logging in users and throw a system error. I increased the log level and the relevant lines seem to be:
(Sun Sep 10 03:19:09 2017) [sssd[be[pleiades.uni-wuppertal.de]]] [hbac_eval_user_element] (0x0040): Parse error on [ cn=System: Manage Host Principals+nsuniqueid=53120f31-41e811e7-b96dfa31-96759478,cn=permissions,cn=pbac,dc=pleiades,dc=uni-wuppertal,dc=de]: Malformed cache entry
This looks like an entry created by a replication conflict. Do you use replicas? Then I'd check for replication conflicts: http://directory.fedoraproject.org/docs/389ds/design/managing-repl-conflict-...
Jochen
On 10 Sep 2017, at 06:18, Jochen Hein via FreeIPA-users freeipa-users@lists.fedorahosted.org wrote:
Torsten Harenberg via FreeIPA-users freeipa-users@lists.fedorahosted.org writes:
Suddenly, our Linux Mint clients refrain from logging in users and throw a system error. I increased the log level and the relevant lines seem to be:
(Sun Sep 10 03:19:09 2017) [sssd[be[pleiades.uni-wuppertal.de]]] [hbac_eval_user_element] (0x0040): Parse error on [ cn=System: Manage Host Principals+nsuniqueid=53120f31-41e811e7-b96dfa31-96759478,cn=permissions,cn=pbac,dc=pleiades,dc=uni-wuppertal,dc=de]: Malformed cache entry
This looks like an entry created by a replication conflict. Do you use replicas? Then I'd check for replication conflicts: http://directory.fedoraproject.org/docs/389ds/design/managing-repl-conflict-...
Correct.
This should also not happen with a recent sssd version (where the replication conflicts would be just skipped, at worst you’d be denied access..)
Jochen
-- This space is intentionally left blank. _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org
freeipa-users@lists.fedorahosted.org
-
Jakub Hrozek -
Jochen Hein -
Torsten Harenberg