Header Shadow Image

«
»

pam_reply called with result [4]: System error.

So you're trying to login and get these messages on ovirt01 (192.168.0.145) and ipaclient01 (192.168.0.236).  What could be wrong: 

(Thu Mar 22 23:59:26 2018) [sssd[be[nix.mds.xyz]]] [ldb] (0x4000): cancel ldb transaction (nesting: 2)
(Thu Mar 22 23:59:26 2018) [sssd[be[nix.mds.xyz]]] [sysdb_mod_group_member] (0x0080): ldb_modify failed: [No such object](32)[ldb_wait from ldb_modify with LDB_WAIT_ALL: No such object (32)]
(Thu Mar 22 23:59:26 2018) [sssd[be[nix.mds.xyz]]] [sysdb_mod_group_member] (0x0400): Error: 2 (No such file or directory)
(Thu Mar 22 23:59:26 2018) [sssd[be[nix.mds.xyz]]] [sysdb_update_members_ex] (0x0020): Could not add member [tom@mds.xyz] to group [name=tom@mds.xyz,cn=groups,cn=mds.xyz,cn=sysdb]. Skipping.

(Thu Mar 22 23:59:26 2018) [[sssd[krb5_child[3246]]]] [k5c_setup_fast] (0x0020): check_fast_ccache failed.
(Thu Mar 22 23:59:26 2018) [[sssd[krb5_child[3246]]]] [k5c_setup_fast] (0x0020): 2618: [-1765328203][Key table entry not found]
(Thu Mar 22 23:59:26 2018) [[sssd[krb5_child[3246]]]] [privileged_krb5_setup] (0x0040): Cannot set up FAST
(Thu Mar 22 23:59:26 2018) [[sssd[krb5_child[3246]]]] [main] (0x0020): privileged_krb5_setup failed.
(Thu Mar 22 23:59:26 2018) [[sssd[krb5_child[3246]]]] [main] (0x0020): krb5_child failed!

(Thu Mar 22 23:59:26 2018) [sssd[be[nix.mds.xyz]]] [read_pipe_handler] (0x0400): EOF received, client finished

(Thu Mar 22 23:59:26 2018) [sssd[be[nix.mds.xyz]]] [parse_krb5_child_response] (0x0020): message too short.
(Thu Mar 22 23:59:26 2018) [sssd[be[nix.mds.xyz]]] [krb5_auth_done] (0x0040): The krb5_child process returned an error. Please inspect the krb5_child.log file or the journal for more information
(Thu Mar 22 23:59:26 2018) [sssd[be[nix.mds.xyz]]] [krb5_auth_done] (0x0040): Could not parse child response [22]: Invalid argument
(Thu Mar 22 23:59:26 2018) [sssd[be[nix.mds.xyz]]] [check_wait_queue] (0x1000): Wait queue for user [tom@mds.xyz] is empty.
(Thu Mar 22 23:59:26 2018) [sssd[be[nix.mds.xyz]]] [krb5_auth_queue_done] (0x0040): krb5_auth_recv failed with: 22
(Thu Mar 22 23:59:26 2018) [sssd[be[nix.mds.xyz]]] [ipa_pam_auth_handler_krb5_done] (0x0040): KRB5 auth failed [22]: Invalid argument
(Thu Mar 22 23:59:26 2018) [sssd[be[nix.mds.xyz]]] [dp_req_done] (0x0400): DP Request [PAM Preauth #2]: Request handler finished [0]: Success

(Thu Mar 22 23:59:26 2018) [sssd[pam]] [pam_dp_process_reply] (0x0200): received: [4 (System error)][mds.xyz]
(Thu Mar 22 23:59:26 2018) [sssd[pam]] [pam_reply] (0x0200): pam_reply called with result [4]: System error.

More intrieguing is that the reverse dig output had two PTR records for one IP and none for the other IP:

[root@ovirt01 network-scripts]# dig -x 192.168.0.145

; <<>> DiG 9.9.4-RedHat-9.9.4-51.el7_4.2 <<>> -x 192.168.0.145
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47551
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 3

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;145.0.168.192.in-addr.arpa.    IN      PTR

;; ANSWER SECTION:
145.0.168.192.in-addr.arpa. 1200 IN     PTR     ovirt01.nix.mds.xyz.
145.0.168.192.in-addr.arpa. 1200 IN     PTR     ipaclient01.nix.mds.xyz.

;; AUTHORITY SECTION:
0.168.192.in-addr.arpa. 86400   IN      NS      idmipa01.nix.mds.xyz.
0.168.192.in-addr.arpa. 86400   IN      NS      idmipa02.nix.mds.xyz.

;; ADDITIONAL SECTION:
idmipa01.nix.mds.xyz.   1200    IN      A       192.168.0.44
idmipa02.nix.mds.xyz.   1200    IN      A       192.168.0.45

;; Query time: 1 msec
;; SERVER: 192.168.0.44#53(192.168.0.44)
;; WHEN: Fri Mar 23 00:04:25 EDT 2018
;; MSG SIZE  rcvd: 192

[root@ovirt01 network-scripts]#

Whilst the other IP had no PTR records returned:

[root@ovirt01 network-scripts]# dig -x 192.168.0.236

; <<>> DiG 9.9.4-RedHat-9.9.4-51.el7_4.2 <<>> -x 192.168.0.236
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 64699
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;236.0.168.192.in-addr.arpa.    IN      PTR

;; AUTHORITY SECTION:
0.168.192.in-addr.arpa. 3600    IN      SOA     idmipa01.nix.mds.xyz. hostmaster.nix.mds.xyz. 1521778151 3600 900 1209600 3600

;; Query time: 1 msec
;; SERVER: 192.168.0.44#53(192.168.0.44)
;; WHEN: Fri Mar 23 00:27:22 EDT 2018
;; MSG SIZE  rcvd: 122

[root@ovirt01 network-scripts]#

Is because I was copying the /etc/sssd/sssd.conf config from one client to the other.  More specifically, I was copying the config from ipaclient01 to ovirt01:

[root@ipaclient01 ~]# grep -Ei ipa_hostname /etc/sssd/sssd.conf
ipa_hostname = ipaclient01.nix.mds.xyz
[root@ipaclient01 ~]#

[root@ovirt01 network-scripts]# grep -Ei ipa_hostname /etc/sssd/sssd.conf
ipa_hostname = ipaclient01.nix.mds.xyz
[root@ovirt01 network-scripts]#

Changing the above quickly resolved my login issue.

Cheers,
TK

This entry was posted on Friday, March 23rd, 2018 at 12:31 am and is filed under NIX Posts. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Subscribe
Notify of
0 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
     
  Copyright © 2003 - 2025 Tom Kacperski (microdevsys.com). All rights reserved.

Creative Commons License
This work is licensed under a Creative Commons Attribution 3.0 Unported License

  

0
Would love your thoughts, please comment.x
()
x
The IT Development and Technology Mini Vault | MicroDevSys.com
Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.