Bug 736314
Summary: | sssd crashes during auth while there exists multiple external hosts along with managed host. | |||
---|---|---|---|---|
Product: | Red Hat Enterprise Linux 6 | Reporter: | Gowrishankar Rajaiyan <grajaiya> | |
Component: | sssd | Assignee: | Stephen Gallagher <sgallagh> | |
Status: | CLOSED ERRATA | QA Contact: | Chandrasekar Kannan <ckannan> | |
Severity: | unspecified | Docs Contact: | ||
Priority: | unspecified | |||
Version: | 6.2 | CC: | benl, grajaiya, jgalipea, jhrozek, kbanerje, nsoman, prc | |
Target Milestone: | rc | |||
Target Release: | --- | |||
Hardware: | Unspecified | |||
OS: | Unspecified | |||
Whiteboard: | ||||
Fixed In Version: | sssd-1.5.1-50.el6 | Doc Type: | Bug Fix | |
Doc Text: |
Do not document
|
Story Points: | --- | |
Clone Of: | ||||
: | 748870 (view as bug list) | Environment: | ||
Last Closed: | 2011-12-06 16:39:51 UTC | Type: | --- | |
Regression: | --- | Mount Type: | --- | |
Documentation: | --- | CRM: | ||
Verified Versions: | Category: | --- | ||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
Cloudforms Team: | --- | Target Upstream Version: | ||
Embargoed: | ||||
Bug Depends On: | ||||
Bug Blocks: | 743047, 748870 |
Description
Gowrishankar Rajaiyan
2011-09-07 11:28:00 UTC
At times I also see the following message in the sssd domain logs: (Wed Sep 7 07:35:47 2011) [sssd[be[lab.eng.pnq.redhat.com]]] [hbac_host_attrs_to_rule] (8): Added host [bumblebee.lab.eng.pnq.redhat.com] to rule [rule2] (Wed Sep 7 07:35:47 2011) [sssd[be[lab.eng.pnq.redhat.com]]] [hbac_shost_attrs_to_rule] (7): Processing source hosts for rule [rule2] (Wed Sep 7 07:35:47 2011) [sssd[be[lab.eng.pnq.redhat.com]]] [hbac_host_attrs_to_rule] (4): No host specified, rule will never apply. (Wed Sep 7 07:35:47 2011) [sssd[be[lab.eng.pnq.redhat.com]]] [hbac_shost_attrs_to_rule] (8): Added external source host [ironhide.lab.eng.pnq.redhat.com] to rule [rule2] (Wed Sep 7 07:35:47 2011) [sssd[be[lab.eng.pnq.redhat.com]]] [hbac_attrs_to_rule] (1): Could not parse source hosts for rule [rule2] (Wed Sep 7 07:35:47 2011) [sssd[be[lab.eng.pnq.redhat.com]]] [hbac_ctx_to_rules] (1): Could not construct rules (Wed Sep 7 07:35:47 2011) [sssd[be[lab.eng.pnq.redhat.com]]] [ipa_hbac_evaluate_rules] (1): Could not construct HBAC rules (Wed Sep 7 07:35:47 2011) [sssd[be[lab.eng.pnq.redhat.com]]] [sdap_id_op_destroy] (9): releasing operation connection (Wed Sep 7 07:35:47 2011) [sssd[be[lab.eng.pnq.redhat.com]]] [be_pam_handler_callback] (4): Backend returned: (3, 4, <NULL>) [Internal Error (System error)] (Wed Sep 7 07:35:47 2011) [sssd[be[lab.eng.pnq.redhat.com]]] [be_pam_handler_callback] (4): Sending result [4][lab.eng.pnq.redhat.com] (Wed Sep 7 07:35:47 2011) [sssd[be[lab.eng.pnq.redhat.com]]] [be_pam_handler_callback] (4): Sent result [4][lab.eng.pnq.redhat.com] (Wed Sep 7 07:35:47 2011) [sssd[be[lab.eng.pnq.redhat.com]]] [sdap_process_result] (8): Trace: sh[0x22a4710], connected[1], ops[(nil)], ldap[0x22a51f0] (Wed Sep 7 07:35:47 2011) [sssd[be[lab.eng.pnq.redhat.com]]] [sdap_process_result] (8): Trace: ldap_result found nothing! This is reproduced more often if you have the following rule on your server: # ipa hbacrule-show rule2 --all --raw dn: ipauniqueid=bcc94bbe-d91d-11e0-aafb-525400deab7b,cn=hbac,dc=lab,dc=eng,dc=pnq,dc=redhat,dc=com cn: rule2 ipaenabledflag: TRUE externalhost: ironhide.lab.eng.pnq.redhat.com memberhost: fqdn=bumblebee.lab.eng.pnq.redhat.com,cn=computers,cn=accounts,dc=lab,dc=eng,dc=pnq,dc=redhat,dc=com memberuser: uid=shanks,cn=users,cn=accounts,dc=lab,dc=eng,dc=pnq,dc=redhat,dc=com accessruletype: allow ipauniqueid: bcc94bbe-d91d-11e0-aafb-525400deab7b memberservice: cn=vsftpd,cn=hbacservices,cn=hbac,dc=lab,dc=eng,dc=pnq,dc=redhat,dc=com memberservice: cn=sshd,cn=hbacservices,cn=hbac,dc=lab,dc=eng,dc=pnq,dc=redhat,dc=com objectclass: ipaassociation objectclass: ipahbacrule [root@bumblebee ~]# gdb --core=core.9425.1 /usr/libexec/sssd/sssd_be --quiet -ex "thread apply all bt full" -ex "quit" Reading symbols from /usr/libexec/sssd/sssd_be...Reading symbols from /usr/lib/debug/usr/libexec/sssd/sssd_be.debug...done. done. [New Thread 9425] Missing separate debuginfo for Try: yum --disablerepo='*' --enablerepo='*-debuginfo' install /usr/lib/debug/.build-id/49/0fbc77e52e600698826003dad684bbb09d149d Reading symbols from /lib64/libpam.so.0.82.2...Reading symbols from /usr/lib/debug/lib64/libpam.so.0.82.2.debug...done. done. Loaded symbols for /lib64/libpam.so.0.82.2 Reading symbols from /usr/lib64/libtevent.so.0.9.8...Reading symbols from /usr/lib/debug/usr/lib64/libtevent.so.0.9.8.debug...done. done. Loaded symbols for /usr/lib64/libtevent.so.0.9.8 Reading symbols from /usr/lib64/libtalloc.so.2.0.1...Reading symbols from /usr/lib/debug/usr/lib64/libtalloc.so.2.0.1.debug...done. done. Loaded symbols for /usr/lib64/libtalloc.so.2.0.1 Reading symbols from /lib64/libpopt.so.0.0.0...Reading symbols from /usr/lib/debug/lib64/libpopt.so.0.0.0.debug...done. done. Loaded symbols for /lib64/libpopt.so.0.0.0 Reading symbols from /usr/lib64/libldb.so.0.9.10...Reading symbols from /usr/lib/debug/usr/lib64/libldb.so.0.9.10.debug...done. done. Loaded symbols for /usr/lib64/libldb.so.0.9.10 Reading symbols from /lib64/libdbus-1.so.3.4.0...Reading symbols from /usr/lib/debug/lib64/libdbus-1.so.3.4.0.debug...done. done. Loaded symbols for /lib64/libdbus-1.so.3.4.0 Reading symbols from /lib64/librt.so.1...(no debugging symbols found)...done. Loaded symbols for /lib64/librt.so.1 Reading symbols from /lib64/libpcre.so.0.0.1...Reading symbols from /usr/lib/debug/lib64/libpcre.so.0.0.1.debug...done. done. Loaded symbols for /lib64/libpcre.so.0.0.1 Reading symbols from /usr/lib64/libini_config.so.2.0.0...Reading symbols from /usr/lib/debug/usr/lib64/libini_config.so.2.0.0.debug...done. done. Loaded symbols for /usr/lib64/libini_config.so.2.0.0 Reading symbols from /usr/lib64/libcollection.so.2.0.0...Reading symbols from /usr/lib/debug/usr/lib64/libcollection.so.2.0.0.debug...done. done. Loaded symbols for /usr/lib64/libcollection.so.2.0.0 Reading symbols from /usr/lib64/libdhash.so.1.0.0...Reading symbols from /usr/lib/debug/usr/lib64/libdhash.so.1.0.0.debug...done. done. Loaded symbols for /usr/lib64/libdhash.so.1.0.0 Reading symbols from /lib64/liblber-2.4.so.2.5.6...Reading symbols from /usr/lib/debug/lib64/liblber-2.4.so.2.5.6.debug...done. done. Loaded symbols for /lib64/liblber-2.4.so.2.5.6 Reading symbols from /lib64/libldap-2.4.so.2.5.6...Reading symbols from /usr/lib/debug/lib64/libldap-2.4.so.2.5.6.debug...done. done. Loaded symbols for /lib64/libldap-2.4.so.2.5.6 Reading symbols from /usr/lib64/libtdb.so.1.2.1...Reading symbols from /usr/lib/debug/usr/lib64/libtdb.so.1.2.1.debug...done. done. Loaded symbols for /usr/lib64/libtdb.so.1.2.1 Reading symbols from /usr/lib64/libssl3.so...Reading symbols from /usr/lib/debug/usr/lib64/libssl3.so.debug...done. done. Loaded symbols for /usr/lib64/libssl3.so Reading symbols from /usr/lib64/libsmime3.so...Reading symbols from /usr/lib/debug/usr/lib64/libsmime3.so.debug...done. done. Loaded symbols for /usr/lib64/libsmime3.so Reading symbols from /usr/lib64/libnss3.so...Reading symbols from /usr/lib/debug/usr/lib64/libnss3.so.debug...done. done. Loaded symbols for /usr/lib64/libnss3.so Reading symbols from /usr/lib64/libnssutil3.so...Reading symbols from /usr/lib/debug/usr/lib64/libnssutil3.so.debug...done. done. Loaded symbols for /usr/lib64/libnssutil3.so Reading symbols from /lib64/libplds4.so...Reading symbols from /usr/lib/debug/lib64/libplds4.so.debug...done. done. Loaded symbols for /lib64/libplds4.so Reading symbols from /lib64/libplc4.so...Reading symbols from /usr/lib/debug/lib64/libplc4.so.debug...done. done. Loaded symbols for /lib64/libplc4.so Reading symbols from /lib64/libnspr4.so...Reading symbols from /usr/lib/debug/lib64/libnspr4.so.debug...done. done. Loaded symbols for /lib64/libnspr4.so Reading symbols from /lib64/libpthread.so.0...(no debugging symbols found)...done. [Thread debugging using libthread_db enabled] Loaded symbols for /lib64/libpthread.so.0 Reading symbols from /lib64/libdl.so.2...(no debugging symbols found)...done. Loaded symbols for /lib64/libdl.so.2 Reading symbols from /usr/lib64/libcares.so.2.0.0...Reading symbols from /usr/lib/debug/usr/lib64/libcares.so.2.0.0.debug...done. done. Loaded symbols for /usr/lib64/libcares.so.2.0.0 Reading symbols from /lib64/libc.so.6...(no debugging symbols found)...done. Loaded symbols for /lib64/libc.so.6 Reading symbols from /lib64/libaudit.so.1.0.0...Reading symbols from /usr/lib/debug/lib64/libaudit.so.1.0.0.debug...done. done. Loaded symbols for /lib64/libaudit.so.1.0.0 Reading symbols from /lib64/libcrypt.so.1...(no debugging symbols found)...done. Loaded symbols for /lib64/libcrypt.so.1 Reading symbols from /lib64/ld-linux-x86-64.so.2...(no debugging symbols found)...done. Loaded symbols for /lib64/ld-linux-x86-64.so.2 Reading symbols from /usr/lib64/libpath_utils.so.1.0.0...Reading symbols from /usr/lib/debug/usr/lib64/libpath_utils.so.1.0.0.debug...done. done. Loaded symbols for /usr/lib64/libpath_utils.so.1.0.0 Reading symbols from /usr/lib64/libref_array.so.1.0.0...Reading symbols from /usr/lib/debug/usr/lib64/libref_array.so.1.0.0.debug...done. done. Loaded symbols for /usr/lib64/libref_array.so.1.0.0 Reading symbols from /lib64/libresolv.so.2...(no debugging symbols found)...done. Loaded symbols for /lib64/libresolv.so.2 Reading symbols from /usr/lib64/libsasl2.so.2.0.23...Reading symbols from /usr/lib/debug/usr/lib64/libsasl2.so.2.0.23.debug...done. done. Loaded symbols for /usr/lib64/libsasl2.so.2.0.23 Reading symbols from /lib64/libz.so.1.2.3...Reading symbols from /usr/lib/debug/lib64/libz.so.1.2.3.debug...done. done. Loaded symbols for /lib64/libz.so.1.2.3 Reading symbols from /lib64/libfreebl3.so...Reading symbols from /usr/lib/debug/lib64/libfreebl3.so.debug...done. done. Loaded symbols for /lib64/libfreebl3.so Reading symbols from /usr/lib64/ldb/memberof.so...Reading symbols from /usr/lib/debug/usr/lib64/ldb/memberof.so.debug...done. done. Loaded symbols for /usr/lib64/ldb/memberof.so Reading symbols from /usr/lib64/sssd/libsss_ipa.so.1.0.0...Reading symbols from /usr/lib/debug/usr/lib64/sssd/libsss_ipa.so.1.0.0.debug...done. done. Loaded symbols for /usr/lib64/sssd/libsss_ipa.so.1.0.0 Reading symbols from /lib64/libkeyutils.so.1.3...Reading symbols from /usr/lib/debug/lib64/libkeyutils.so.1.3.debug...done. done. Loaded symbols for /lib64/libkeyutils.so.1.3 Reading symbols from /lib64/libkrb5.so.3...(no debugging symbols found)...done. Loaded symbols for /lib64/libkrb5.so.3 Reading symbols from /lib64/libk5crypto.so.3...(no debugging symbols found)...done. Loaded symbols for /lib64/libk5crypto.so.3 Reading symbols from /lib64/libcom_err.so.2.1...Reading symbols from /usr/lib/debug/lib64/libcom_err.so.2.1.debug...done. done. Loaded symbols for /lib64/libcom_err.so.2.1 Reading symbols from /usr/lib64/libipa_hbac.so.0.0.0...Reading symbols from /usr/lib/debug/usr/lib64/libipa_hbac.so.0.0.0.debug...done. done. Loaded symbols for /usr/lib64/libipa_hbac.so.0.0.0 Reading symbols from /usr/lib64/libunistring.so.0.1.2...Reading symbols from /usr/lib/debug/usr/lib64/libunistring.so.0.1.2.debug...done. done. Loaded symbols for /usr/lib64/libunistring.so.0.1.2 Reading symbols from /lib64/libkrb5support.so.0...(no debugging symbols found)...done. Loaded symbols for /lib64/libkrb5support.so.0 Reading symbols from /lib64/libselinux.so.1...Reading symbols from /usr/lib/debug/lib64/libselinux.so.1.debug...done. done. Loaded symbols for /lib64/libselinux.so.1 Reading symbols from /lib64/libnss_files.so.2...(no debugging symbols found)...done. Loaded symbols for /lib64/libnss_files.so.2 Reading symbols from /lib64/libnss_dns.so.2...(no debugging symbols found)...done. Loaded symbols for /lib64/libnss_dns.so.2 Reading symbols from /lib64/libnss_sss.so.2...Reading symbols from /usr/lib/debug/lib64/libnss_sss.so.2.debug...done. done. Loaded symbols for /lib64/libnss_sss.so.2 Reading symbols from /usr/lib64/sasl2/libgssapiv2.so.2.0.23...Reading symbols from /usr/lib/debug/usr/lib64/sasl2/libgssapiv2.so.2.0.23.debug...done. done. Loaded symbols for /usr/lib64/sasl2/libgssapiv2.so.2.0.23 Reading symbols from /lib64/libgssapi_krb5.so.2...(no debugging symbols found)...done. Loaded symbols for /lib64/libgssapi_krb5.so.2 Reading symbols from /usr/lib64/sasl2/libplain.so.2.0.23...Reading symbols from /usr/lib/debug/usr/lib64/sasl2/libplain.so.2.0.23.debug...done. done. Loaded symbols for /usr/lib64/sasl2/libplain.so.2.0.23 Reading symbols from /usr/lib64/sasl2/libcrammd5.so.2.0.23...Reading symbols from /usr/lib/debug/usr/lib64/sasl2/libcrammd5.so.2.0.23.debug...done. done. Loaded symbols for /usr/lib64/sasl2/libcrammd5.so.2.0.23 Reading symbols from /usr/lib64/sasl2/libsasldb.so.2.0.23...Reading symbols from /usr/lib/debug/usr/lib64/sasl2/libsasldb.so.2.0.23.debug...done. done. Loaded symbols for /usr/lib64/sasl2/libsasldb.so.2.0.23 Reading symbols from /lib64/libdb-4.7.so...Reading symbols from /usr/lib/debug/lib64/libdb-4.7.so.debug...done. done. Loaded symbols for /lib64/libdb-4.7.so Reading symbols from /usr/lib64/sasl2/libanonymous.so.2.0.23...Reading symbols from /usr/lib/debug/usr/lib64/sasl2/libanonymous.so.2.0.23.debug...done. done. Loaded symbols for /usr/lib64/sasl2/libanonymous.so.2.0.23 Reading symbols from /usr/lib64/sasl2/libdigestmd5.so.2.0.23...Reading symbols from /usr/lib/debug/usr/lib64/sasl2/libdigestmd5.so.2.0.23.debug...done. done. Loaded symbols for /usr/lib64/sasl2/libdigestmd5.so.2.0.23 Reading symbols from /usr/lib64/libcrypto.so.1.0.0...Reading symbols from /usr/lib/debug/usr/lib64/libcrypto.so.1.0.0.debug...done. done. Loaded symbols for /usr/lib64/libcrypto.so.1.0.0 Reading symbols from /usr/lib64/sasl2/liblogin.so.2.0.23...Reading symbols from /usr/lib/debug/usr/lib64/sasl2/liblogin.so.2.0.23.debug...done. done. Loaded symbols for /usr/lib64/sasl2/liblogin.so.2.0.23 Reading symbols from /usr/lib64/krb5/plugins/libkrb5/sssd_krb5_locator_plugin.so...Reading symbols from /usr/lib/debug/usr/lib64/krb5/plugins/libkrb5/sssd_krb5_locator_plugin.so.debug...done. done. Loaded symbols for /usr/lib64/krb5/plugins/libkrb5/sssd_krb5_locator_plugin.so Reading symbols from /usr/lib64/libsoftokn3.so...Reading symbols from /usr/lib/debug/usr/lib64/libsoftokn3.so.debug...done. done. Loaded symbols for /usr/lib64/libsoftokn3.so Reading symbols from /usr/lib64/libsqlite3.so.0.8.6...Reading symbols from /usr/lib/debug/usr/lib64/libsqlite3.so.0.8.6.debug...done. done. Loaded symbols for /usr/lib64/libsqlite3.so.0.8.6 Core was generated by `/usr/libexec/sssd/sssd_be -d 10 --domain lab.eng.pnq.redhat.com'. Program terminated with signal 11, Segmentation fault. #0 0x000000316f07fa81 in __strlen_sse2 () from /lib64/libc.so.6 Thread 1 (Thread 0x7f4afd54e700 (LWP 9425)): #0 0x000000316f07fa81 in __strlen_sse2 () from /lib64/libc.so.6 No symbol table info available. #1 0x0000003170804ef4 in talloc_strdup (t=0x131e690, p=0x62376261 <Address 0x62376261 out of bounds>) at talloc.c:1581 No locals. #2 0x00007f4af71c5c87 in hbac_shost_attrs_to_rule (mem_ctx=0x131fac0, sysdb=<value optimized out>, domain=<value optimized out>, rule_name=0x134e770 "rule2", rule_attrs=<value optimized out>, source_hosts=0x131fae8) at src/providers/ipa/ipa_hbac_hosts.c:504 ret = <value optimized out> host_count = 1 tmp_ctx = 0x134ed50 idx = 2 el = 0x134e200 shosts = 0x13115a0 __FUNCTION__ = "hbac_shost_attrs_to_rule" #3 0x00007f4af71cb1d4 in hbac_attrs_to_rule (mem_ctx=0x1350800, hbac_ctx=0x1350800, rules=0x7fffccbea0f8, request=0x7fffccbea0f0) at src/providers/ipa/ipa_hbac_common.c:460 ret = <value optimized out> rule_type = 0x1346200 "allow" new_rule = 0x131fac0 el = 0x134e1e0 #4 hbac_ctx_to_rules (mem_ctx=0x1350800, hbac_ctx=0x1350800, rules=0x7fffccbea0f8, request=0x7fffccbea0f0) at src/providers/ipa/ipa_hbac_common.c:347 ret = <value optimized out> new_rules = 0x131ec40 new_request = <value optimized out> i = <value optimized out> tmp_ctx = 0x1311710 __FUNCTION__ = "hbac_ctx_to_rules" #5 0x00007f4af71c04e8 in ipa_hbac_evaluate_rules (hbac_ctx=0x1350800) at src/providers/ipa/ipa_access.c:566 ret = <value optimized out> hbac_rules = <value optimized out> eval_req = <value optimized out> result = <value optimized out> info = <value optimized out> __FUNCTION__ = "ipa_hbac_evaluate_rules" #6 0x00007f4af71c267c in hbac_sysdb_save (req=0x0) at src/providers/ipa/ipa_access.c:534 ret = <value optimized out> in_transaction = true hbac_ctx = 0x1350800 domain = <value optimized out> sysdb = <value optimized out> base_dn = <value optimized out> be_ctx = <value optimized out> access_ctx = 0x130b550 Missing separate debuginfos, use: debuginfo-install glibc-2.12-1.38.el6.x86_64 krb5-libs-1.9-20.el6.x86_64 ---Type <return> to continue, or q <return> to quit--- tmp_ctx = <value optimized out> __FUNCTION__ = "hbac_sysdb_save" #7 0x00007f4af71c7487 in ipa_hbac_rule_info_done (subreq=<value optimized out>) at src/providers/ipa/ipa_hbac_rules.c:213 ret = 0 req = 0x131b9d0 state = 0x134a010 __FUNCTION__ = "ipa_hbac_rule_info_done" #8 0x00007f4af71dd406 in sdap_get_generic_done (op=<value optimized out>, reply=<value optimized out>, error=<value optimized out>, pvt=<value optimized out>) at src/providers/ldap/sdap_async.c:1024 req = 0x131d860 state = 0x1329590 attrs = <value optimized out> errmsg = 0x0 result = 0 ret = <value optimized out> lret = 0 total_count = 0 cookie = {bv_len = 0, bv_val = 0x132f010 "P\205\064\001"} returned_controls = 0x1347d40 page_control = <value optimized out> __FUNCTION__ = "sdap_get_generic_done" #9 0x00007f4af71defb5 in sdap_process_message (ev=<value optimized out>, pvt=<value optimized out>) at src/providers/ldap/sdap_async.c:307 msgtype = <value optimized out> ret = 0 reply = 0x131fac0 op = 0x1311310 msgid = 13 #10 sdap_process_result (ev=<value optimized out>, pvt=<value optimized out>) at src/providers/ldap/sdap_async.c:207 sh = <value optimized out> no_timeout = {tv_sec = 0, tv_usec = 0} te = <value optimized out> msg = 0x132e8f0 ret = <value optimized out> __FUNCTION__ = "sdap_process_result" #11 0x0000003173c034e5 in tevent_common_loop_timer_delay (ev=0x12e24a0) at tevent_timed.c:254 current_time = {tv_sec = 0, tv_usec = 0} te = 0x131f930 #12 0x0000003173c0531b in std_event_loop_once (ev=<value optimized out>, location=<value optimized out>) at tevent_standard.c:537 std_ev = 0x12e2560 tval = {tv_sec = 0, tv_usec = 0} #13 0x0000003173c026d0 in _tevent_loop_once (ev=0x12e24a0, location=0x4421d5 "src/util/server.c:526") at tevent.c:490 ret = <value optimized out> nesting_stack_ptr = 0x0 #14 0x0000003173c0273b in tevent_common_loop_wait (ev=0x12e24a0, location=0x4421d5 "src/util/server.c:526") at tevent.c:591 ret = <value optimized out> #15 0x00000000004341b1 in server_loop (main_ctx=0x12e3610) at src/util/server.c:526 No locals. ---Type <return> to continue, or q <return> to quit--- #16 0x000000000040ed0b in main (argc=5, argv=<value optimized out>) at src/providers/data_provider_be.c:1333 opt = <value optimized out> pc = <value optimized out> be_domain = 0x12e1460 "lab.eng.pnq.redhat.com" srv_name = <value optimized out> conf_entry = <value optimized out> main_ctx = 0x12e3610 ret = 0 long_options = {{longName = 0x0, shortName = 0 '\000', argInfo = 4, arg = 0x648800, val = 0, descrip = 0x4391d2 "Help options:", argDescrip = 0x0}, { longName = 0x4391e0 "debug-level", shortName = 100 'd', argInfo = 2, arg = 0x6488e0, val = 0, descrip = 0x4391b1 "Debug level", argDescrip = 0x0}, { longName = 0x4391ec "debug-to-files", shortName = 102 'f', argInfo = 0, arg = 0x6488e4, val = 0, descrip = 0x439e48 "Send the debug output to files instead of stderr", argDescrip = 0x0}, {longName = 0x4391fb "debug-timestamps", shortName = 0 '\000', argInfo = 2, arg = 0x6487c0, val = 0, descrip = 0x4391bd "Add debug timestamps", argDescrip = 0x0}, { longName = 0x43a7c0 "domain", shortName = 0 '\000', argInfo = 1, arg = 0x7fffccbea608, val = 0, descrip = 0x439e80 "Domain of the information provider (mandatory)", argDescrip = 0x0}, {longName = 0x0, shortName = 0 '\000', argInfo = 0, arg = 0x0, val = 0, descrip = 0x0, argDescrip = 0x0}} __FUNCTION__ = "main" Upstream ticket: https://fedorahosted.org/sssd/ticket/990 [root@bumblebee ~]# ipa hbacrule-show rule2 --all --raw dn: ipauniqueid=bcc94bbe-d91d-11e0-aafb-525400deab7b,cn=hbac,dc=lab,dc=eng,dc=pnq,dc=redhat,dc=com cn: rule2 ipaenabledflag: TRUE externalhost: external.lab.eng.pnq.redhat.com externalhost: ironhide.lab.eng.pnq.redhat.com sourcehost: fqdn=mudflap.lab.eng.pnq.redhat.com,cn=computers,cn=accounts,dc=lab,dc=eng,dc=pnq,dc=redhat,dc=com memberhost: fqdn=bumblebee.lab.eng.pnq.redhat.com,cn=computers,cn=accounts,dc=lab,dc=eng,dc=pnq,dc=redhat,dc=com memberuser: uid=shanks,cn=users,cn=accounts,dc=lab,dc=eng,dc=pnq,dc=redhat,dc=com accessruletype: allow ipauniqueid: bcc94bbe-d91d-11e0-aafb-525400deab7b memberservice: cn=vsftpd,cn=hbacservices,cn=hbac,dc=lab,dc=eng,dc=pnq,dc=redhat,dc=com memberservice: cn=sshd,cn=hbacservices,cn=hbac,dc=lab,dc=eng,dc=pnq,dc=redhat,dc=com objectclass: ipaassociation objectclass: ipahbacrule /var/log/secure: Sep 7 23:47:24 bumblebee sshd[13345]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=ironhide.lab.eng.pnq.redhat.com user=shanks Sep 7 23:47:25 bumblebee sshd[13345]: pam_sss(sshd:auth): authentication success; logname= uid=0 euid=0 tty=ssh ruser= rhost=ironhide.lab.eng.pnq.redhat.com user=shanks Sep 7 23:47:26 bumblebee sshd[13345]: Accepted password for shanks from 10.65.201.65 port 45251 ssh2 Sep 7 23:47:26 bumblebee sshd[13345]: pam_unix(sshd:session): session opened for user shanks by (uid=0) - authentication successful as expected. - no crash detected. # rpm -qi sssd | head Name : sssd Relocations: (not relocatable) Version : 1.5.1 Vendor: Red Hat, Inc. Release : 50.el6 Build Date: Wed 07 Sep 2011 04:17:16 PM EDT Install Date: Thu 08 Sep 2011 12:26:38 AM EDT Build Host: x86-002.build.bos.redhat.com Group : Applications/System Source RPM: sssd-1.5.1-50.el6.src.rpm Size : 3550272 License: GPLv3+ Signature : (none) Packager : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla> URL : http://fedorahosted.org/sssd/ Summary : System Security Services Daemon Technical note added. If any revisions are required, please edit the "Technical Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. New Contents: Do not document Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2011-1529.html |