Learn more about these different git repos.
Other Git URLs
sssd used to inform about password change in offline mode
sh$ passwd puser1 Changing password for user puser1. System is offline, password change not possible passwd: Authentication token manipulation error
The pam error code should be 9 and not 6
sssd.conf is minimal
[sssd] services = nss, pam domains = LDAP [nss] [pam] [domain/LDAP] id_provider = ldap ldap_uri = ldaps://$SERVER ldap_search_base = $DS_BASE_DN ldap_tls_cacert = /etc/openldap/certs/cacert.asc
Redproducer:
Expected result:
sh# grep -E "pam_dp|pam_print_data" /var/log/sssd/sssd_pam.log [sssd[pam]] [pam_print_data] (0x0100): command: SSS_PAM_CHAUTHTOK_PRELIM [sssd[pam]] [pam_print_data] (0x0100): domain: not set [sssd[pam]] [pam_print_data] (0x0100): user: puser1 [sssd[pam]] [pam_print_data] (0x0100): service: passwd [sssd[pam]] [pam_print_data] (0x0100): tty: pts/0 [sssd[pam]] [pam_print_data] (0x0100): ruser: not set [sssd[pam]] [pam_print_data] (0x0100): rhost: not set [sssd[pam]] [pam_print_data] (0x0100): authtok type: 0 [sssd[pam]] [pam_print_data] (0x0100): newauthtok type: 0 [sssd[pam]] [pam_print_data] (0x0100): priv: 1 [sssd[pam]] [pam_print_data] (0x0100): cli_pid: 15559 [sssd[pam]] [pam_print_data] (0x0100): logon name: puser1 [sssd[pam]] [pam_dp_send_req] (0x0100): Sending request with the following data: [sssd[pam]] [pam_print_data] (0x0100): command: SSS_PAM_CHAUTHTOK_PRELIM [sssd[pam]] [pam_print_data] (0x0100): domain: LDAP [sssd[pam]] [pam_print_data] (0x0100): user: puser1 [sssd[pam]] [pam_print_data] (0x0100): service: passwd [sssd[pam]] [pam_print_data] (0x0100): tty: pts/0 [sssd[pam]] [pam_print_data] (0x0100): ruser: not set [sssd[pam]] [pam_print_data] (0x0100): rhost: not set [sssd[pam]] [pam_print_data] (0x0100): authtok type: 0 [sssd[pam]] [pam_print_data] (0x0100): newauthtok type: 0 [sssd[pam]] [pam_print_data] (0x0100): priv: 1 [sssd[pam]] [pam_print_data] (0x0100): cli_pid: 15559 [sssd[pam]] [pam_print_data] (0x0100): logon name: puser1 [sssd[pam]] [pam_dom_forwarder] (0x0100): pam_dp_send_req returned 0 [sssd[pam]] [pam_dp_process_reply] (0x0200): received: [9 (Authentication service cannot retrieve authentication info)][LDAP]
Current result:
sh# grep -E "pam_dp|pam_print_data" /var/log/sssd/sssd_pam.log [sssd[pam]] [pam_print_data] (0x0100): command: SSS_PAM_CHAUTHTOK_PRELIM [sssd[pam]] [pam_print_data] (0x0100): domain: not set [sssd[pam]] [pam_print_data] (0x0100): user: puser1 [sssd[pam]] [pam_print_data] (0x0100): service: passwd [sssd[pam]] [pam_print_data] (0x0100): tty: pts/0 [sssd[pam]] [pam_print_data] (0x0100): ruser: not set [sssd[pam]] [pam_print_data] (0x0100): rhost: not set [sssd[pam]] [pam_print_data] (0x0100): authtok type: 0 [sssd[pam]] [pam_print_data] (0x0100): newauthtok type: 0 [sssd[pam]] [pam_print_data] (0x0100): priv: 1 [sssd[pam]] [pam_print_data] (0x0100): cli_pid: 17140 [sssd[pam]] [pam_print_data] (0x0100): logon name: puser1 [sssd[pam]] [pam_dp_send_req] (0x0100): Sending request with the following data: [sssd[pam]] [pam_print_data] (0x0100): command: SSS_PAM_CHAUTHTOK_PRELIM [sssd[pam]] [pam_print_data] (0x0100): domain: LDAP [sssd[pam]] [pam_print_data] (0x0100): user: puser1@ldap [sssd[pam]] [pam_print_data] (0x0100): service: passwd [sssd[pam]] [pam_print_data] (0x0100): tty: pts/0 [sssd[pam]] [pam_print_data] (0x0100): ruser: not set [sssd[pam]] [pam_print_data] (0x0100): rhost: not set [sssd[pam]] [pam_print_data] (0x0100): authtok type: 0 [sssd[pam]] [pam_print_data] (0x0100): newauthtok type: 0 [sssd[pam]] [pam_print_data] (0x0100): priv: 1 [sssd[pam]] [pam_print_data] (0x0100): cli_pid: 17140 [sssd[pam]] [pam_print_data] (0x0100): logon name: puser1 [sssd[pam]] [pam_dom_forwarder] (0x0100): pam_dp_send_req returned 0 [sssd[pam]] [pam_dp_process_reply] (0x0200): received: [6 (Permission denied)][LDAP]
This chage was introduced by commit dea636a DP: Switch to new interface
Fields changed
owner: somebody => pcech
status: new => assigned
Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1361563
rhbz: => [https://bugzilla.redhat.com/show_bug.cgi?id=1361563 1361563]
milestone: NEEDS_TRIAGE => SSSD 1.14.1
patch: 0 => 1
master:
resolution: => fixed status: assigned => closed
Metadata Update from @lslebodn: - Issue assigned to pcech - Issue set to the milestone: SSSD 1.14.1
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/4142
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Login to comment on this ticket.