Learn more about these different git repos.
Other Git URLs
Passing a bad password to an IPA provider (which expects preauthentication) returns a "Preauthentication failed" error. This is the trigger for the IPA provider to attempt password migration (this needs to change, but that's a separate bug).
The password migration code has a segfault in it, because the breq->be_ctx->bet_info[BET_AUTH].pvt_bet_data contains a krb5_ctx not a sdap_auth_ctx
I strongly recommend that we disable the password migration path for SSSD 1.0, as the IPA server does not yet support it in any case.
Backtrace:
#0 0x00007f1637d222ed in auth_send (memctx=0x23ee0d0, ev=0x23c75b0, ctx=0x24052b0, username=0x23eef88 "user2", password=...) at ../../server/providers/ldap/ldap_auth.c:467 req = 0x2401230 subreq = 0x7fff75207ce0 state = 0x24088c0 #1 0x00007f1637d23aae in sdap_pam_auth_handler (breq=0x23ee0d0) at ../../server/providers/ldap/ldap_auth.c:876 state = 0x23ef310 ctx = 0x24052b0 subreq = 0x3421604916 pd = 0x23ef050 dp_err = 3 __FUNCTION__ = "sdap_pam_auth_handler" #2 0x00007f1637d09f64 in ipa_auth_handler_send (memctx=0x24002e0, ev=0x23c75b0, be_req=0x23ee0d0, auth_handler=0x7f1637d2389a <sdap_pam_auth_handler>) at ../../server/providers/ipa/ipa_auth.c:97 state = 0x23ef170 req = 0x23ef5d0 __FUNCTION__ = "ipa_auth_handler_send" #3 0x00007f1637d0a8a5 in ipa_auth_handler_done (req=0x0) at ../../server/providers/ipa/ipa_auth.c:232 ipa_auth_ctx = 0x24002e0 pd = 0x23ef050 be_req = 0x23ee0d0 ret = 0 __FUNCTION__ = "ipa_auth_handler_done" #4 0x00007f1637d0a0ea in ipa_auth_handler_callback (be_req=0x23ee0d0, dp_err_type=0, errnum=17, errstr=0x0) at ../../server/providers/ipa/ipa_auth.c:118 req = 0x23ef5d0 state = 0x23ef170 __FUNCTION__ = "ipa_auth_handler_callback" #5 0x00007f1637d44356 in krb_reply (req=0x23ee0d0, dp_err=0, result=17) at ../../server/providers/krb5/krb5_auth.c:1127 No locals. #6 0x00007f1637d439c3 in krb5_child_done (req=0x0) at ../../server/providers/krb5/krb5_auth.c:1016 kr = 0x2408780 pd = 0x23ef050 be_req = 0x23ee0d0 ret = 0 buf = 0x240a030 "\021" len = 37 pref_len = 139733402745080 p = 12 msg_status = 0x240a030 msg_type = 0x240a034 msg_len = 0x240a038 pam_status = 17 dp_err = 0 __FUNCTION__ = "krb5_child_done" attrs = 0x7fff75208110 #7 0x00007f1637d417a7 in handle_child_done (subreq=0x0) at ../../server/providers/krb5/krb5_auth.c:655 req = 0x24089f0 state = 0x24015b0 ret = 0 #8 0x00007f1637d057fe in read_pipe_done (ev=0x23c75b0, fde=0x240a190, flags=1, pvt=0x2401230) at ../../server/providers/child_common.c:122 size = 0 req = 0x2401230 state = 0x24013a0 __FUNCTION__ = "read_pipe_done" #9 0x0000003421605556 in epoll_event_loop (tvalp=<value optimized out>, std_ev=0x23c7670) at tevent_standard.c:309 fde = <value optimized out> flags = <value optimized out> ret = 1 i = <value optimized out> events = {{events = 16, data = {ptr = 0x240a190, fd = 37790096, u32 = 37790096, u64 = 37790096}}} timeout = <value optimized out> #10 std_event_loop_once (tvalp=<value optimized out>, std_ev=0x23c7670) at tevent_standard.c:544 tval = {tv_sec = 5, tv_usec = 535887} #11 0x0000003421602780 in _tevent_loop_once (ev=0x23c75b0, location=0x4470b8 "../../server/util/server.c:428") at tevent.c:490 ret = <value optimized out> nesting_stack_ptr = 0x0 #12 0x00000034216027fb in tevent_common_loop_wait (ev=0x23c75b0, location=0x4470b8 "../../server/util/server.c:428") at tevent.c:591 ret = <value optimized out> #13 0x0000000000438b38 in server_loop (main_ctx=0x23c76e0) at ../../server/util/server.c:428 No locals. #14 0x000000000040dd3b in main (argc=7, argv=0x7fff75208638) at ../../server/providers/data_provider_be.c:1188 opt = -1 pc = 0x23c6030 be_domain = 0x23c64f0 "sgallagh" srv_name = 0x23c60f0 "sssd[be[sgallagh]]" conf_entry = 0x23c6160 "config/domain/sgallagh" main_ctx = 0x23c76e0 ret = 0 long_options = {{longName = 0x0, shortName = 0 '\000', argInfo = 4, arg = 0x64c9e0, val = 0, descrip = 0x43c9a7 "Help options:", argDescrip = 0x0}, {longName = 0x43c9b5 "debug-level", shortName = 100 'd', argInfo = 2, arg = 0x64cac0, val = 0, descrip = 0x43c9c1 "Debug level", argDescrip = 0x0}, {longName = 0x43c9cd "debug-to-files", shortName = 102 'f', argInfo = 0, arg = 0x64cac8, val = 0, descrip = 0x43c9e0 "Send the debug output to files instead of stderr", argDescrip = 0x0}, { longName = 0x43ca11 "debug-timestamps", shortName = 0 '\000', argInfo = 0, arg = 0x64cac4, val = 0, descrip = 0x43ca22 "Add debug timestamps", argDescrip = 0x0}, {longName = 0x43ca37 "domain", shortName = 0 '\000', argInfo = 1, arg = 0x7fff75208510, val = 0, descrip = 0x43ca40 "Domain of the information provider (mandatory)", argDescrip = 0x0}, {longName = 0x0, shortName = 0 '\000', argInfo = 0, arg = 0x0, val = 0, descrip = 0x0, argDescrip = 0x0}} __FUNCTION__ = "main"
Related log file:
(Thu Dec 17 09:28:35 2009) [sssd[be[sgallagh]]] [sbus_dispatch] (9): dbus conn: 1C18260 (Thu Dec 17 09:28:35 2009) [sssd[be[sgallagh]]] [sbus_dispatch] (9): Dispatching. (Thu Dec 17 09:28:35 2009) [sssd[be[sgallagh]]] [sbus_message_handler] (9): Received SBUS method [ping] (Thu Dec 17 09:28:35 2009) [sssd[be[sgallagh]]] [sbus_dispatch] (9): dbus conn: 1C21370 (Thu Dec 17 09:28:35 2009) [sssd[be[sgallagh]]] [sbus_dispatch] (9): Dispatching. (Thu Dec 17 09:28:35 2009) [sssd[be[sgallagh]]] [sbus_message_handler] (9): Received SBUS method [getAccountInfo] (Thu Dec 17 09:28:35 2009) [sssd[be[sgallagh]]] [be_get_account_info] (4): Got request for [1][core][name=user2] (Thu Dec 17 09:28:35 2009) [sssd[be[sgallagh]]] [sdap_get_generic_send] (6): calling ldap_search_ext with [(&(uid=user2)(objectclass=posixAccount))][cn=accounts,dc=sgallagh,dc=example,dc=com]. (Thu Dec 17 09:28:35 2009) [sssd[be[sgallagh]]] [sdap_get_generic_send] (7): Requesting attrs: [objectClass] (Thu Dec 17 09:28:35 2009) [sssd[be[sgallagh]]] [sdap_get_generic_send] (7): Requesting attrs: [uid] (Thu Dec 17 09:28:35 2009) [sssd[be[sgallagh]]] [sdap_get_generic_send] (7): Requesting attrs: [userPassword] (Thu Dec 17 09:28:35 2009) [sssd[be[sgallagh]]] [sdap_get_generic_send] (7): Requesting attrs: [uidNumber] (Thu Dec 17 09:28:35 2009) [sssd[be[sgallagh]]] [sdap_get_generic_send] (7): Requesting attrs: [gidNumber] (Thu Dec 17 09:28:35 2009) [sssd[be[sgallagh]]] [sdap_get_generic_send] (7): Requesting attrs: [gecos] (Thu Dec 17 09:28:35 2009) [sssd[be[sgallagh]]] [sdap_get_generic_send] (7): Requesting attrs: [homeDirectory] (Thu Dec 17 09:28:35 2009) [sssd[be[sgallagh]]] [sdap_get_generic_send] (7): Requesting attrs: [loginShell] (Thu Dec 17 09:28:35 2009) [sssd[be[sgallagh]]] [sdap_get_generic_send] (7): Requesting attrs: [krbPrincipalName] (Thu Dec 17 09:28:35 2009) [sssd[be[sgallagh]]] [sdap_get_generic_send] (7): Requesting attrs: [cn] (Thu Dec 17 09:28:35 2009) [sssd[be[sgallagh]]] [sdap_get_generic_send] (7): Requesting attrs: [memberOf] (Thu Dec 17 09:28:35 2009) [sssd[be[sgallagh]]] [sdap_get_generic_send] (7): Requesting attrs: [nsUniqueId] (Thu Dec 17 09:28:35 2009) [sssd[be[sgallagh]]] [sdap_get_generic_send] (7): Requesting attrs: [modifyTimestamp] (Thu Dec 17 09:28:35 2009) [sssd[be[sgallagh]]] [sdap_get_generic_send] (7): Requesting attrs: [shadowLastChange] (Thu Dec 17 09:28:35 2009) [sssd[be[sgallagh]]] [sdap_get_generic_send] (7): Requesting attrs: [shadowMin] (Thu Dec 17 09:28:35 2009) [sssd[be[sgallagh]]] [sdap_get_generic_send] (7): Requesting attrs: [shadowMax] (Thu Dec 17 09:28:35 2009) [sssd[be[sgallagh]]] [sdap_get_generic_send] (7): Requesting attrs: [shadowWarning] (Thu Dec 17 09:28:35 2009) [sssd[be[sgallagh]]] [sdap_get_generic_send] (7): Requesting attrs: [shadowInactive] (Thu Dec 17 09:28:35 2009) [sssd[be[sgallagh]]] [sdap_get_generic_send] (7): Requesting attrs: [shadowExpire] (Thu Dec 17 09:28:35 2009) [sssd[be[sgallagh]]] [sdap_get_generic_send] (7): Requesting attrs: [shadowFlag] (Thu Dec 17 09:28:35 2009) [sssd[be[sgallagh]]] [sdap_get_generic_send] (7): Requesting attrs: [krbLastPwdChange] (Thu Dec 17 09:28:35 2009) [sssd[be[sgallagh]]] [sdap_get_generic_send] (7): Requesting attrs: [krbPasswordExpiration] (Thu Dec 17 09:28:35 2009) [sssd[be[sgallagh]]] [sdap_get_generic_send] (7): Requesting attrs: [pwdAttribute] (Thu Dec 17 09:28:35 2009) [sssd[be[sgallagh]]] [sdap_get_generic_send] (8): ldap_search_ext called, msgid = 9 (Thu Dec 17 09:28:35 2009) [sssd[be[sgallagh]]] [sdap_process_result] (8): Trace: sh[0x1c26ce0], connected[1], ops[0x1c42bc0], fde[0x1c31920], ldap[0x1c276c0] (Thu Dec 17 09:28:35 2009) [sssd[be[sgallagh]]] [sdap_parse_entry] (9): OriginalDN: [uid=user2,cn=users,cn=accounts,dc=sgallagh,dc=example,dc=com]. (Thu Dec 17 09:28:35 2009) [sssd[be[sgallagh]]] [sdap_process_result] (8): Trace: sh[0x1c26ce0], connected[1], ops[0x1c42bc0], fde[0x1c31920], ldap[0x1c276c0] (Thu Dec 17 09:28:35 2009) [sssd[be[sgallagh]]] [sdap_get_generic_done] (6): Search result: Success(0), (null) (Thu Dec 17 09:28:35 2009) [sssd[be[sgallagh]]] [sdap_get_users_process] (6): Search for users, returned 1 results. (Thu Dec 17 09:28:35 2009) [sssd[be[sgallagh]]] [sdap_process_result] (8): Trace: sh[0x1c26ce0], connected[1], ops[(nil)], fde[0x1c31920], ldap[0x1c276c0] (Thu Dec 17 09:28:35 2009) [sssd[be[sgallagh]]] [sdap_process_result] (8): Trace: ldap_result found nothing! (Thu Dec 17 09:28:35 2009) [sssd[be[sgallagh]]] [ldb] (9): start ldb transaction (nesting: 0) (Thu Dec 17 09:28:35 2009) [sssd[be[sgallagh]]] [sdap_save_user_send] (9): Save user (Thu Dec 17 09:28:35 2009) [sssd[be[sgallagh]]] [sdap_save_user_send] (7): Adding original DN [uid=user2,cn=users,cn=accounts,dc=sgallagh,dc=example,dc=com] to attributes of [user2]. (Thu Dec 17 09:28:35 2009) [sssd[be[sgallagh]]] [sdap_save_user_send] (7): Adding original memberOf attributes to [user2]. (Thu Dec 17 09:28:35 2009) [sssd[be[sgallagh]]] [sdap_save_user_send] (7): Adding user principle [user2@SGALLAGH.EXAMPLE.COM] to attributes of [user2]. (Thu Dec 17 09:28:35 2009) [sssd[be[sgallagh]]] [sdap_save_user_send] (6): Storing info for user user2 (Thu Dec 17 09:28:35 2009) [sssd[be[sgallagh]]] [sdap_save_users_process] (9): User 0 processed! (Thu Dec 17 09:28:35 2009) [sssd[be[sgallagh]]] [ldb] (9): commit ldb transaction (nesting: 0) (Thu Dec 17 09:28:35 2009) [sssd[be[sgallagh]]] [sdap_get_users_done] (9): Saving 1 Users - Done (Thu Dec 17 09:28:35 2009) [sssd[be[sgallagh]]] [acctinfo_callback] (4): Request processed. Returned 0,0,Success (Thu Dec 17 09:28:35 2009) [sssd[be[sgallagh]]] [sbus_dispatch] (9): dbus conn: 1C21370 (Thu Dec 17 09:28:35 2009) [sssd[be[sgallagh]]] [sbus_dispatch] (9): Dispatching. (Thu Dec 17 09:28:35 2009) [sssd[be[sgallagh]]] [sbus_message_handler] (9): Received SBUS method [pamHandler] (Thu Dec 17 09:28:35 2009) [sssd[be[sgallagh]]] [be_pam_handler] (4): Got request with the following data (Thu Dec 17 09:28:35 2009) [sssd[be[sgallagh]]] [pam_print_data] (4): command: 241 (Thu Dec 17 09:28:35 2009) [sssd[be[sgallagh]]] [pam_print_data] (4): domain: sgallagh (Thu Dec 17 09:28:35 2009) [sssd[be[sgallagh]]] [pam_print_data] (4): user: user2 (Thu Dec 17 09:28:35 2009) [sssd[be[sgallagh]]] [pam_print_data] (4): service: su-l (Thu Dec 17 09:28:35 2009) [sssd[be[sgallagh]]] [pam_print_data] (4): tty: pts/2 (Thu Dec 17 09:28:35 2009) [sssd[be[sgallagh]]] [pam_print_data] (4): ruser: sgallagh (Thu Dec 17 09:28:35 2009) [sssd[be[sgallagh]]] [pam_print_data] (4): rhost: (Thu Dec 17 09:28:35 2009) [sssd[be[sgallagh]]] [pam_print_data] (4): authtok type: 1 (Thu Dec 17 09:28:35 2009) [sssd[be[sgallagh]]] [pam_print_data] (4): authtok size: 1 (Thu Dec 17 09:28:35 2009) [sssd[be[sgallagh]]] [pam_print_data] (4): newauthtok type: 0 (Thu Dec 17 09:28:35 2009) [sssd[be[sgallagh]]] [pam_print_data] (4): newauthtok size: 0 (Thu Dec 17 09:28:35 2009) [sssd[be[sgallagh]]] [pam_print_data] (4): priv: 0 (Thu Dec 17 09:28:35 2009) [sssd[be[sgallagh]]] [pam_print_data] (4): pw_uid: 1101 (Thu Dec 17 09:28:35 2009) [sssd[be[sgallagh]]] [pam_print_data] (4): gr_gid: 1002 (Thu Dec 17 09:28:35 2009) [sssd[be[sgallagh]]] [pam_print_data] (4): cli_pid: 13264 (Thu Dec 17 09:28:35 2009) [sssd[be[sgallagh]]] [get_user_attr_done] (4): No active ccache file for user [user2] found. (Thu Dec 17 09:28:35 2009) [sssd[be[sgallagh]]] [get_user_attr_done] (9): Ccache_file is [FILE:/tmp/krb5cc_1101_XXXXXX] and will be generated. (Thu Dec 17 09:28:35 2009) [sssd[be[sgallagh]]] [fo_resolve_service_send] (4): Trying to resolve service 'IPA' (Thu Dec 17 09:28:35 2009) [sssd[be[sgallagh]]] [get_server_status] (7): Status of server 'vm-094.idm.lab.bos.redhat.com' is 'working' (Thu Dec 17 09:28:35 2009) [sssd[be[sgallagh]]] [get_port_status] (7): Port status of port 0 for server 'vm-094.idm.lab.bos.redhat.com' is 'working' (Thu Dec 17 09:28:35 2009) [sssd[be[sgallagh]]] [get_server_status] (7): Status of server 'vm-094.idm.lab.bos.redhat.com' is 'working' (Thu Dec 17 09:28:35 2009) [sssd[be[sgallagh]]] [be_resolve_server_done] (4): Found address for server vm-094.idm.lab.bos.redhat.com: [10.16.78.94] (Thu Dec 17 09:28:35 2009) [sssd[be[sgallagh]]] [krb5_child_done] (4): child response [17][1][25]. (Thu Dec 17 09:28:35 2009) [sssd[be[sgallagh]]] [ipa_auth_handler_callback] (9): received from handler [0] [17] [(null)]. (Thu Dec 17 09:28:35 2009) [sssd[be[sgallagh]]] [ipa_auth_handler_done] (1): Assuming Kerberos password is missing, starting password migration. (Thu Dec 17 09:28:36 2009) [sssd[be[sgallagh]]] [server_setup] (3): CONFDB: /var/lib/sss/db/config.ldb (Thu Dec 17 09:28:36 2009) [sssd[be[sgallagh]]] [fo_context_init] (3): Created new fail over context, retry timeout is 30 (Thu Dec 17 09:28:36 2009) [sssd[be[sgallagh]]] [sysdb_domain_init_internal] (5): DB File for sgallagh: /var/lib/sss/db/cache_sgallagh.ldb (Thu Dec 17 09:28:36 2009) [sssd[be[sgallagh]]] [ldb] (9): trying to load memberof from /usr/lib64/ldb/memberof.so (Thu Dec 17 09:28:36 2009) [sssd[be[sgallagh]]] [ldb] (6): asq: Unable to register control with rootdse! (Thu Dec 17 09:28:36 2009) [sssd[be[sgallagh]]] [sbus_init_connection] (5): Adding connection B1E260 (Thu Dec 17 09:28:36 2009) [sssd[be[sgallagh]]] [sbus_add_watch] (8): 0xb1d230/0xb1dab0 (15), -/W (enabled) (Thu Dec 17 09:28:36 2009) [sssd[be[sgallagh]]] [sbus_toggle_watch] (8): 0xb1d230/0xb1db00 (15), R/- (disabled) (Thu Dec 17 09:28:36 2009) [sssd[be[sgallagh]]] [monitor_common_send_id] (4): Sending ID: (%BE_sgallagh,1) (Thu Dec 17 09:28:36 2009) [sssd[be[sgallagh]]] [sbus_add_timeout] (8): 0xb1ea90 (Thu Dec 17 09:28:36 2009) [sssd[be[sgallagh]]] [sbus_toggle_watch] (8): 0xb1d230/0xb1db00 (15), R/- (enabled) (Thu Dec 17 09:28:36 2009) [sssd[be[sgallagh]]] [sbus_toggle_watch] (8): 0xb1d230/0xb1dab0 (15), -/W (disabled)
Commit 66e4134 disables the password migration code. It will be rewritten in SSSD 1.1.
fixedin: => 1.0.0 resolution: => fixed status: new => closed
Fields changed
rhbz: => 0
Metadata Update from @sgallagh: - Issue assigned to sbose - Issue set to the milestone: SSSD 1.0
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/1384
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Login to comment on this ticket.