I am getting an System Error message when I try to su to an user. I am using Ubuntu 18.04 and version 1.16.1-1ubuntu1.3
Jul 29 11:55:17 su[8658]: pam_sss(su:auth): authentication success; logname= uid=1000 euid=0 tty=/dev/pts/0 ruser=**** rhost= user=***** Jul 29 11:55:17 su[8658]: pam_sss(su:account): Access denied for user *****: 4 (System error) Jul 29 11:55:17 su[8658]: pam_acct_mgmt: System error Jul 29 11:55:17 su[8658]: FAILED su for ***** by *****
On (29/07/19 12:10), Sherman Lilly wrote:
I am getting an System Error message when I try to su to an user. I am using Ubuntu 18.04 and version 1.16.1-1ubuntu1.3
Jul 29 11:55:17 su[8658]: pam_sss(su:auth): authentication success; logname= uid=1000 euid=0 tty=/dev/pts/0 ruser=**** rhost= user=***** Jul 29 11:55:17 su[8658]: pam_sss(su:account): Access denied for user *****: 4 (System error) Jul 29 11:55:17 su[8658]: pam_acct_mgmt: System error Jul 29 11:55:17 su[8658]: FAILED su for ***** by *****
The pamm error code 4 (System error) usually means unhandled "exception" in sssd. There should be more context in sssd log files. https://docs.pagure.org/SSSD.sssd/users/troubleshooting.html https://docs.pagure.org/SSSD.sssd/users/troubleshooting.html#troubleshooting...
LS
I went through doc earlier. I can change the access_provider to permit and it works but when set to "ad" I get a system error. I can run "id" and "getent" and everything works fine. In the sssd_pam.log I get this "[sssd[pam]] [sss_dp_get_reply] (0x0010): The Data Provider returned an error [org.freedesktop.sssd.Error.DataProvider.Offline]" when I try to "su". I have turn debug all the way up and sssd.log is showing all successes. The domain sssd log has quite a few errors. Most are probably not relevant. The one it looks to have died on is
[netlogon_get_domain_info] (0x0080): No netlogon site name data available. [ad_master_domain_netlogon_done] (0x0400): Found flat name [domain]. [ad_master_domain_netlogon_done] (0x0400): Found site [(null)]. [ad_master_domain_netlogon_done] (0x0400): Found forest [domain.org]. [ad_gpo_site_name_retrieval_done] (0x0040): Cannot retrieve master domain info [ad_gpo_process_som_done] (0x0040): Unable to get som list: [2](No such file or directory) [sdap_id_op_destroy] (0x4000): releasing operation connection [ad_gpo_access_done] (0x0040): GPO-based access control failed.
I remember something in the log but couldn't find again, it said something about the home folder not able to be created but it was created when I ran with "permitted"
On Mon, Jul 29, 2019 at 12:18 PM Lukas Slebodnik lslebodn@redhat.com wrote:
On (29/07/19 12:10), Sherman Lilly wrote:
I am getting an System Error message when I try to su to an user. I am using Ubuntu 18.04 and version 1.16.1-1ubuntu1.3
Jul 29 11:55:17 su[8658]: pam_sss(su:auth): authentication success; logname= uid=1000 euid=0 tty=/dev/pts/0 ruser=**** rhost= user=***** Jul 29 11:55:17 su[8658]: pam_sss(su:account): Access denied for user *****: 4 (System error) Jul 29 11:55:17 su[8658]: pam_acct_mgmt: System error Jul 29 11:55:17 su[8658]: FAILED su for ***** by *****
The pamm error code 4 (System error) usually means unhandled "exception" in sssd. There should be more context in sssd log files. https://docs.pagure.org/SSSD.sssd/users/troubleshooting.html
https://docs.pagure.org/SSSD.sssd/users/troubleshooting.html#troubleshooting...
LS _______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.o...
On (29/07/19 15:23), Sherman Lilly wrote:
I went through doc earlier. I can change the access_provider to permit and it works but when set to "ad" I get a system error. I can run "id" and "getent" and everything works fine. In the sssd_pam.log I get this "[sssd[pam]] [sss_dp_get_reply] (0x0010): The Data Provider returned an error [org.freedesktop.sssd.Error.DataProvider.Offline]" when I try to "su". I have turn debug all the way up and sssd.log is showing all successes. The domain sssd log has quite a few errors. Most are probably not relevant. The one it looks to have died on is
[netlogon_get_domain_info] (0x0080): No netlogon site name data available. [ad_master_domain_netlogon_done] (0x0400): Found flat name [domain]. [ad_master_domain_netlogon_done] (0x0400): Found site [(null)]. [ad_master_domain_netlogon_done] (0x0400): Found forest [domain.org]. [ad_gpo_site_name_retrieval_done] (0x0040): Cannot retrieve master domain info [ad_gpo_process_som_done] (0x0040): Unable to get som list: [2](No such file or directory) [sdap_id_op_destroy] (0x4000): releasing operation connection [ad_gpo_access_done] (0x0040): GPO-based access control failed.
I remember something in the log but couldn't find again, it said something about the home folder not able to be created but it was created when I ran with "permitted"
It looks like you hit a bug which was fixed in upstream 1.16.2 https://pagure.io/SSSD/sssd/issue/3680
LS
sssd-users@lists.fedorahosted.org