On 3 April 2018 at 20:15, Jakub Hrozek jhrozek@redhat.com wrote:
On 3 Apr 2018, at 02:24, Lachlan Musicman datakid@gmail.com wrote:
On 3 April 2018 at 08:23, Lachlan Musicman datakid@gmail.com wrote: On 29 March 2018 at 20:23, Valentin Fischer valentin@servergeek.at
wrote:
Permission issue.
Reinstall sssd-common https://lists.fedorahosted.org/archives/list/sssd-users@list
s.fedorahosted.org/message/IMP4NFXOW6RPKB2GIU4WXKLY54CTJG6A/
fails with the same errors as reported initially. So running manually in
interactive mode works, but starting via systemctl doesn’t
One difference I can think of between running the deamon on the foreground versus running as a service is SELinux context. Did you check if maybe there are some AVC denials if you run sssd as a service?
I'll check the denials - I'm not fully up to speed on AVC denials and selinux, but some googling suggested this command
# ausearch -m avc -c sssd <no matches>
Here's the sssd config
[domain/unixdev.mycompany.com] cache_credentials = True krb5_store_password_if_offline = True ipa_domain = unixdev.mycompany.com id_provider = ipa auth_provider = ipa access_provider = ipa ipa_hostname = vmts-linuxclient1.unixdev.mycompany.com chpass_provider = ipa ipa_server = _srv_, vmdv-linuxidm1.unixdev.mycompany.com ldap_tls_cacert = /etc/ipa/ca.crt selinux_provider = none krb5_auth_timeout = 15 debug_level = 7
[domain/unixdev.mycompany.com/mycompany.com] use_fully_qualified_names = False
[sssd] config_file_version = 2 services = nss, sudo, pam, ssh domains = unixdev.mycompany.com debug_level = 7 domain_resolution_order = unix.mycompany.com,mycompany.com full_name_format = %1$s
[nss] homedir_substring = /home memcache_timeout = 800 debug_level = 7 enum_cache_timeout = 240 entry_cache_nowait_percentage = 75
[pam] pam_id_timeout = 15 debug_level = 7
[ssh] debug_level = 7