sssd user can't login and ssh to server
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
sssd (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Xenial |
Fix Released
|
Undecided
|
Timo Aaltonen |
Bug Description
Hello,
User can't login to machine or ssh to it using domain account. User is immediately kicked off from login or disconnected from ssh.
excerpt from auth.log
May 6 14:59:06 openmanage sshd[3967]: Connection closed by 10.10.254.254 port 51913 [preauth]
May 6 14:59:17 openmanage sshd[3970]: pam_sss(
May 6 14:59:17 openmanage sshd[3970]: fatal: Access denied for user xxx by PAM account configuration [preauth]
May 6 14:59:49 openmanage sshd[3976]: pam_sss(
May 6 14:59:49 openmanage sshd[3976]: fatal: Access denied for user xxx by PAM account configuration [preauth]
cat gpo_child.log
(Fri May 6 15:05:25 2016) [[sssd[
(Fri May 6 15:05:25 2016) [[sssd[
(Fri May 6 15:05:25 2016) [[sssd[
(Fri May 6 15:05:25 2016) [[sssd[
(Fri May 6 15:05:25 2016) [[sssd[
(Fri May 6 15:05:25 2016) [[sssd[
(Fri May 6 15:05:25 2016) [[sssd[
workaround:
to fix it run:
mkdir -pv /var/lib/
chown -R sssd. /var/lib/
systemctl restart sssd
cheers
Woj
ProblemType: Bug
DistroRelease: Ubuntu 16.04
Package: sssd 1.13.4-1ubuntu1
ProcVersionSign
Uname: Linux 4.4.0-21-generic x86_64
ApportVersion: 2.20.1-0ubuntu2
Architecture: amd64
Date: Fri May 6 15:08:26 2016
ProcEnviron:
TERM=xterm
PATH=(custom, no user)
LANG=en_GB.UTF-8
SHELL=/bin/bash
SourcePackage: sssd
UpgradeStatus: No upgrade log present (probably fresh install)
Changed in sssd (Ubuntu Xenial): | |
status: | Incomplete → Triaged |
On 05/06/2016 10:16 AM, Wojciech Giel wrote: sshd:account) : Access denied for user xxx: 4 (System error) sshd:account) : Access denied for user xxx: 4 (System error) gpo_child[ 627]]]] [prepare_gpo_cache] (0x0400): Storing GPOs in /var/lib/ sss/gpo_ cache/MY_ AD_DOMAIN gpo_child[ 627]]]] [prepare_gpo_cache] (0x0020): mkdir(/ var/lib/ sss/gpo_ cache/ad. lib.cam. ac.uk) failed: 2 gpo_child[ 627]]]] [gpo_cache_ store_file] (0x0020): prepare_gpo_cache failed [2][No such file or directory] gpo_child[ 627]]]] [gpo_cache_ store_file] (0x0020): Error encountered: 2. gpo_child[ 627]]]] [copy_smb_ file_to_ gpo_cache] (0x0020): gpo_cache_ store_file failed [2][No such file or directory] gpo_child[ 627]]]] [perform_ smb_operations] (0x0020): copy_smb_ file_to_ gpo_cache failed [2][No such file or directory] gpo_child[ 627]]]] [main] (0x0020): perform_ smb_operations failed.[2][No such file or directory]. sss/gpo_ cache/name_ of_joined_ domain sss/gpo_ cache ature: Ubuntu 4.4.0-21.37-generic 4.4.6
> Public bug reported:
>
> Hello,
>
> User can't login to machine or ssh to it using domain account. User is
> immediately kicked off from login or disconnected from ssh.
>
> excerpt from auth.log
> May 6 14:59:06 openmanage sshd[3967]: Connection closed by 10.10.254.254 port 51913 [preauth]
> May 6 14:59:17 openmanage sshd[3970]: pam_sss(
> May 6 14:59:17 openmanage sshd[3970]: fatal: Access denied for user xxx by PAM account configuration [preauth]
> May 6 14:59:49 openmanage sshd[3976]: pam_sss(
> May 6 14:59:49 openmanage sshd[3976]: fatal: Access denied for user xxx by PAM account configuration [preauth]
>
> cat gpo_child.log
> (Fri May 6 15:05:25 2016) [[sssd[
> (Fri May 6 15:05:25 2016) [[sssd[
> (Fri May 6 15:05:25 2016) [[sssd[
> (Fri May 6 15:05:25 2016) [[sssd[
> (Fri May 6 15:05:25 2016) [[sssd[
> (Fri May 6 15:05:25 2016) [[sssd[
> (Fri May 6 15:05:25 2016) [[sssd[
>
>
> workaround:
>
> to fix it run:
> mkdir -pv /var/lib/
> chown -R sssd. /var/lib/
> systemctl restart sssd
>
> cheers
> Woj
>
> ProblemType: Bug
> DistroRelease: Ubuntu 16.04
> Package: sssd 1.13.4-1ubuntu1
> ProcVersionSign
> Uname: Linux 4.4.0-21-generic x86_64
> ApportVersion: 2.20.1-0ubuntu2
> Architecture: amd64
> Date: Fri May 6 15:08:26 2016
> ProcEnviron:
> TERM=xterm
> PATH=(custom, no user)
> LANG=en_GB.UTF-8
> SHELL=/bin/bash
> SourcePackage: sssd
> UpgradeStatus: No upgrade log present (probably fresh install)
>
> ** Affects: sssd (Ubuntu)
> Importance: Undecided
> Status: New
>
>
> ** Tags: amd64 apport-bug xenial
>
The problem here is most likely that something like AppArmor is denying SSSD
permission to create the necessary directories.