Re: strange behaviour of sssd

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 


Le 24/06/2010 12:58, Stephen Gallagher a écrit :
> On 06/23/2010 01:32 PM, Eric Doutreleau wrote:
>>
>>
>> Le 23/06/2010 18:28, Michael Cronenworth a écrit :
>>> Rick Stevens wrote:
>>>> 	passwd:     files ldap
>>>> 	shadow:     files ldap
>>>> 	group:      files ldap
>>>
>>> That would be wrong for sssd. If he used system-config-authentication,
>>> his nsswitch.conf should read:
>>>
>>>      	passwd:     files sss
>>>      	shadow:     files sss
>>>      	group:      files sss
>>
>> indeed I have this
>> then getent passwd work under root work
>> under root
>> id doutrele work
>> but as soon as i connect as a regular user i can't check the id
>>
>> id doutrele
>> no such user
>
> If this works with root but not with a regular user, I'd bet you that
> you're actually experiencing an SELinux denial here. Check your
> /var/log/audit.log
>
>

hi
i have selinux disabled on that machine
in my audit.log file i can read

type=USER_ACCT msg=audit(1277380060.174:289): user pid=28949 uid=0 
auid=4294967295 ses=4294967295 msg='op=PAM:accounting acct="doutrele" 
exe="/usr/sbin/sshd" hostname=157.159.21.133 addr=157.159.21.133 
terminal=ssh res=success'
type=CRED_ACQ msg=audit(1277380060.200:290): user pid=28949 uid=0 
auid=4294967295 ses=4294967295 msg='op=PAM:setcred acct="doutrele" 
exe="/usr/sbin/sshd" hostname=157.159.21.133 addr=157.159.21.133 
terminal=ssh res=success'
type=LOGIN msg=audit(1277380060.201:291): login pid=28949 uid=0 old 
auid=4294967295 new auid=14517 old ses=4294967295 new ses=46
type=USER_START msg=audit(1277380060.226:292): user pid=28949 uid=0 
auid=14517 ses=46 msg='op=PAM:session_open acct="doutrele" 
exe="/usr/sbin/sshd" hostname=157.159.21.133 addr=157.159.21.133 
terminal=ssh res=success'
type=CRED_ACQ msg=audit(1277380060.232:293): user pid=28966 uid=0 
auid=14517 ses=46 msg='op=PAM:setcred acct="doutrele" 
exe="/usr/sbin/sshd" hostname=157.159.21.133 addr=157.159.21.133 
terminal=ssh res=success'
type=USER_LOGIN msg=audit(1277380060.258:294): user pid=28949 uid=0 
auid=14517 ses=46 msg='op=login id=14517 exe="/usr/sbin/sshd" 
hostname=157.159.21.133 addr=157.159.21.133 terminal=/dev/pts/1 res=success'
-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux