Carlos Lopez Molina via FreeIPA-users wrote: > I keep reviewing logs and comparing behaviours. To check that I'm writing the > right credentials, I tried to log in using the web console which worked > properly. Trying the same using ssh, it is failing. > > Comparing the logs in the sssd_staging.domain.com.log, I see, when using the > web console: > > (2024-11-06 10:09:58): [be[staging.domain.com]] [sdap_search_user_next_base] > (0x0400): [RID#3] Searching for users with base > [cn=accounts,dc=staging,dc=domain,dc=com] > (2024-11-06 10:09:58): [be[staging.domain.com]] [sdap_get_generic_ext_step] > (0x0400): [RID#3] calling ldap_search_ext with > [(&(ipaNTSecurityIdentifier=S-1-5-21-2724122324-262051234-121598765-1005)(objectclass=posixAccount)(uid=*)(ipaNTSecurityIdentifier=*))][cn=accounts,dc=staging,dc=domain,dc=com]. > ... > (2024-11-06 10:09:58): [be[staging.domain.com]] [sdap_parse_entry] (0x1000): > [RID#3] OriginalDN: > [uid=username4,cn=users,cn=accounts,dc=staging,dc=domain,dc=com]. > (2024-11-06 10:09:58): [be[staging.domain.com]] > [sdap_get_generic_op_finished] (0x0400): [RID#3] Search result: Success(0), > no errmsg set > (2024-11-06 10:09:58): [be[staging.domain.com]] [sdap_search_user_process] > (0x0400): [RID#3] Search for users, returned 1 results. > > While when using ssh I see a different identifier: > (2024-11-06 10:15:48): [be[staging.domain.com]] [sdap_search_user_next_base] > (0x0400): [RID#4] Searching for users with base > [cn=accounts,dc=staging,dc=domain,dc=com] > (2024-11-06 10:15:48): [be[staging.domain.com]] [sdap_get_generic_ext_step] > (0x0400): [RID#4] calling ldap_search_ext with > [(&(ipaNTSecurityIdentifier=S-1-5-21-2724122324-262051234-121598765-515)(objectclass=posixAccount)(uid=*)(ipaNTSecurityIdentifier=*))][cn=accounts,dc=staging,dc=domain,dc=com]. > ... > (2024-11-06 10:15:48): [be[staging.domain.com]] > [sdap_get_generic_op_finished] (0x0400): [RID#4] Search result: Success(0), > no errmsg set > (2024-11-06 10:15:48): [be[staging.domain.com]] [sdap_search_user_process] > (0x0400): [RID#4] Search for users, returned 0 results. > (2024-11-06 10:15:48): [be[staging.domain.com]] [sysdb_search_object_attr] > (0x0400): [RID#4] No such entry. > (2024-11-06 10:15:48): [be[staging.domain.com]] [sysdb_delete_by_sid] > (0x0400): [RID#4] search by sid did not return any results. > (2024-11-06 10:15:48): [be[staging.domain.com]] [sysdb_search_object_attr] > (0x0400): [RID#4] No such entry. > (2024-11-06 10:15:48): [be[staging.domain.com]] [get_object_from_cache] > (0x0200): [RID#4] Object wasn't found in cache > (2024-11-06 10:15:48): [be[staging.domain.com]] > [ipa_id_get_account_info_orig_done] (0x0080): [RID#4] Object not found, > ending request > > I don't know if it is relevant that the sid is different in both cases login > in web console vs login in ssh. >
What we normally do in cases like this is ask that you try reproducing the issue on a VM. If it is not reproducible there then open an issue with the freeipa-container project at https://github.com/freeipa/freeipa-container/issues/ rob -- _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
