On Sat, Aug 19, 2017 at 5:01 AM, Lukas Slebodnik lslebodn@redhat.com wrote:
On (19/08/17 10:57), Lukas Slebodnik wrote:
I think it would be better to start from scratch:
You did tell me that I was not hitting that RH bug. Sorry.
Please answer to following question: Is your local password the same as kerberos password?
Yes
And much simpler would be to test without gdm.
I switched tty, instead of logging on through gdm I logged on at the console with same result.
Please open one console as *root* and run following command sh# journalctl -f > my_journal_output.log
Open another console as *ordinary user* and run following commands just
with you user:
sh$ date Sat Aug 19 10:41:36 CEST 2017
sh$ kdestroy -A
# use kerberos password for test_user sh$ su - test_user Password:
sh$ klist Ticket cache: FILE:/tmp/ccache_gjwisq Default principal: test_user@EXAMPLE.COM
Valid starting Expires Service principal 08/19/2017 10:42:17 08/19/2017 20:42:17 krbtgt/
EXAMPLE.COM@EXAMPLE.COM
sh$ date Sat Aug 19 10:42:21 CEST 2017
Then jump to the 1st terminal and stop command (ctrl-c).
- run following command
sh# ps aux | grep ss[s] root 29712 0.0 0.0 277304 9672 ? Ss Aug18 0:00
/usr/sbin/sssd -i -f
root 29715 0.0 0.0 296268 13240 ? S Aug18 0:00
/usr/libexec/sssd/sssd_be --domain files.example --uid 0 --gid 0 --debug-to-files
root 29717 0.0 0.2 282388 33156 ? S Aug18 0:00
/usr/libexec/sssd/sssd_nss --uid 0 --gid 0 --debug-to-files
root 29718 0.0 0.0 262040 8624 ? S Aug18 0:00
/usr/libexec/sssd/sssd_pam --uid 0 --gid 0 --debug-to-files
And then attach sssd.conf, my_journal_output.log and sssd log files.
BTW here is the most important part of my_journal_output.log on my system.
Aug 19 10:59:19 host.example.com su[32502]: pam_unix(su-l:auth): authentication failure; logname=test_user uid=1000 euid=0 tty=pts/18 ruser=test_user rhost= user=test_user Aug 19 10:59:20 host.example.com su[32502]: pam_sss(su-l:auth): authentication success; logname=test_user uid=1000 euid=0 tty=pts/18 ruser=test_user rhost= user=test_user
I do not see this in my log. I still believe sssd is not getting my login
info. it's going straight to pam and local user.
Jakub made it look oh so easy. https://www.youtube.com/watch?v=qEsBVckPpk4
Thank you for helping me these weeks. This should not be that hard.
LS
sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org
#cat /etc/sssd/sssd.conf [sssd] domains = files services = nss, pam
[pam] debug_level = 9
[domain/files] id_provider = files auth_provider = krb5 debug_level = 9
krb5_server = panther.montclaire.local krb5_realm = MONTCLAIRE.LOCAL
krb5_store_password_if_offline = True cache_credentials = True