[Pkg-sssd-devel] Bug#888207: sssd authentication errors for local users

goehle at gmail.com goehle at gmail.com
Tue Jan 23 22:20:30 UTC 2018 

Package: sssd
Version: 1.16.0-3
Severity: normal

   * What led up to the situation?

This machine is running debian testing (with sssd 1.16.0-3 installed).
It has a mix of local users and users who log in through sssd.  In the
past the two were compatible.  If local users could log in with their
local password, sss users could log in with their ad password, and if
someone happened to have both accounts they could log in with either
password and would be given their local uid.

Now when users with local accounts authenticate a "System error"
is reported in auth.log.  E.G.

Jan 23 17:05:48 ###### su[22022]: pam_sss(su:auth): received for user
######: 4 (System error)

For users with both sss and local accounts this prevents them from using
their ad passwords.  Local users can still successfully use their local
passwords.

   * What exactly did you do (or not do) that was effective (or
     ineffective)?

I have tried reordering various things in nssswitch.conf and the pam
stack, as well as numerious sssd options.

   * What was the outcome of this action?

Nothing I did with pam, nsswitch or the sssd conf files had any affect.
The only clue in the log files is in sssd_pam where there are lines
like:

(Tue Jan 23 17:02:44 2018) [sssd[pam]] [pam_dp_process_reply] (0x0010):
Reply error.
(Tue Jan 23 17:02:44 2018) [sssd[pam]] [pam_reply] (0x0200): pam_reply
called with result [4]: System error.

There are no entries in krb5_child.log, sssd.log, or the domain logs which
correspond to these login attempts.

   * What outcome did you expect instead?

Previously the system would successfully attempt to validate the
credentials for local users, either returning unknown user or checking
the password for local users with ad accounts.

*** End of the template - remove these template lines ***


-- System Information:
Debian Release: buster/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 4.14.0-3-amd64 (SMP w/24 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8),
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages sssd depends on:
ii  python3-sss  1.16.0-3
ii  sssd-ad      1.16.0-3
ii  sssd-common  1.16.0-3
ii  sssd-ipa     1.16.0-3
ii  sssd-krb5    1.16.0-3
ii  sssd-ldap    1.16.0-3
ii  sssd-proxy   1.16.0-3

sssd recommends no packages.

sssd suggests no packages.

-- debconf-show failed
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/pkg-sssd-devel/attachments/20180123/f5c9e907/attachment.html>

More information about the Pkg-sssd-devel mailing list