I keep reviewing logs and comparing behaviours. To check that I'm writing the right credentials, I tried to log in using the web console which worked properly. Trying the same using ssh, it is failing.
Comparing the logs in the sssd_staging.domain.com.log, I see, when using the web console: (2024-11-06 10:09:58): [be[staging.domain.com]] [sdap_search_user_next_base] (0x0400): [RID#3] Searching for users with base [cn=accounts,dc=staging,dc=domain,dc=com] (2024-11-06 10:09:58): [be[staging.domain.com]] [sdap_get_generic_ext_step] (0x0400): [RID#3] calling ldap_search_ext with [(&(ipaNTSecurityIdentifier=S-1-5-21-2724122324-262051234-121598765-1005)(objectclass=posixAccount)(uid=*)(ipaNTSecurityIdentifier=*))][cn=accounts,dc=staging,dc=domain,dc=com]. ... (2024-11-06 10:09:58): [be[staging.domain.com]] [sdap_parse_entry] (0x1000): [RID#3] OriginalDN: [uid=username4,cn=users,cn=accounts,dc=staging,dc=domain,dc=com]. (2024-11-06 10:09:58): [be[staging.domain.com]] [sdap_get_generic_op_finished] (0x0400): [RID#3] Search result: Success(0), no errmsg set (2024-11-06 10:09:58): [be[staging.domain.com]] [sdap_search_user_process] (0x0400): [RID#3] Search for users, returned 1 results. While when using ssh I see a different identifier: (2024-11-06 10:15:48): [be[staging.domain.com]] [sdap_search_user_next_base] (0x0400): [RID#4] Searching for users with base [cn=accounts,dc=staging,dc=domain,dc=com] (2024-11-06 10:15:48): [be[staging.domain.com]] [sdap_get_generic_ext_step] (0x0400): [RID#4] calling ldap_search_ext with [(&(ipaNTSecurityIdentifier=S-1-5-21-2724122324-262051234-121598765-515)(objectclass=posixAccount)(uid=*)(ipaNTSecurityIdentifier=*))][cn=accounts,dc=staging,dc=domain,dc=com]. ... (2024-11-06 10:15:48): [be[staging.domain.com]] [sdap_get_generic_op_finished] (0x0400): [RID#4] Search result: Success(0), no errmsg set (2024-11-06 10:15:48): [be[staging.domain.com]] [sdap_search_user_process] (0x0400): [RID#4] Search for users, returned 0 results. (2024-11-06 10:15:48): [be[staging.domain.com]] [sysdb_search_object_attr] (0x0400): [RID#4] No such entry. (2024-11-06 10:15:48): [be[staging.domain.com]] [sysdb_delete_by_sid] (0x0400): [RID#4] search by sid did not return any results. (2024-11-06 10:15:48): [be[staging.domain.com]] [sysdb_search_object_attr] (0x0400): [RID#4] No such entry. (2024-11-06 10:15:48): [be[staging.domain.com]] [get_object_from_cache] (0x0200): [RID#4] Object wasn't found in cache (2024-11-06 10:15:48): [be[staging.domain.com]] [ipa_id_get_account_info_orig_done] (0x0080): [RID#4] Object not found, ending request I don't know if it is relevant that the sid is different in both cases login in web console vs login in ssh. -- _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
