On Thu, Mar 17, 2016 at 02:29:33PM -0400, Cyril Scetbon wrote:
Hey Jakub,
So I think I've provided you all the log files I could. The last version (first a connection with the reachable ldap, and then without) can be found at : http://pastebin.com/B3JnMr65
The other logs are empty :
Because you didn't enable debugging in those respective sections, only in [domain]. We don't log anything except fatal failures by default..
# ls -lrt /var/log/sssd/ total 304 -rw------- 1 root root 0 Mar 17 19:16 sssd_pam.log -rw------- 1 root root 0 Mar 17 19:16 sssd_nss.log -rw------- 1 root root 0 Mar 17 19:16 sssd_autofs.log -rw------- 1 root root 0 Mar 17 19:16 sssd.log -rw------- 1 root root 0 Mar 17 19:16 ldap_child.log -rw------- 1 root root 306912 Mar 17 19:17 sssd_default.log
However I found other logs :
Mar 17 19:22:26 cscetbon-vdi mysqld: pam_sss(serverdb:auth): authentication success; logname= uid=64259 euid=64259 tty= ruser= rhost= user=myuser <==== ldap accessible
Mar 17 19:22:49 cscetbon-vdi mysqld: pam_sss(serverdb:auth): authentication success; logname= uid=64259 euid=64259 tty= ruser= rhost= user= myuser <== no ldap Mar 17 19:22:54 cscetbon-vdi mysqld: nss_ldap: could not search LDAP server - Server is unavailable Mar 17 19:22:55 cscetbon-vdi unix_chkpwd: nss_ldap: could not connect to any LDAP server as uid=pamldap,ou=Auth,dc=fti,dc=net - Can't contact LDAP server Mar 17 19:22:55 cscetbon-vdi unix_chkpwd: nss_ldap: failed to bind to LDAP server ldaps://ldap.multis/: Can't contact LDAP server Mar 17 19:22:55 cscetbon-vdi unix_chkpwd: nss_ldap: could not search LDAP server - Server is unavailable Mar 17 19:22:55 cscetbon-vdi unix_chkpwd[3173]: could not obtain user info (myuser) Mar 17 19:25:01 cscetbon-vdi CRON[3652]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 17 19:25:01 cscetbon-vdi CRON[3652]: pam_unix(cron:session): session closed for user root
I'm wondering if another pam file is not included even if I thought it's not because of this unix_chkpwd issue
Yes, I would have also expected pam_sss to show up here because the domain log files you showed earlier included a PAM_* action, which must have been triggered by something..