Vinícius Ferrão wrote: > Hi guys! Good news. > >> On 15 Feb 2021, at 20:11, Rob Crittenden <[email protected] >> <mailto:[email protected]>> wrote: >> >> Vinícius Ferrão via FreeIPA-users wrote: >>> Hi Robbie. >>> >>>> On 15 Feb 2021, at 18:45, Robbie Harwood <[email protected] >>>> <mailto:[email protected]>> wrote: >>>> >>>> Vinícius Ferrão writes: >>>> >>>>> [10/Feb/2021:23:05:57.501853962 -0300] conn=92 op=1 RESULT err=49 >>>>> tag=97 nentries=0 etime=0.001927716 - SASL(-1): generic failure: >>>>> GSSAPI Error: Unspecified GSS failure. Minor code may provide more >>>>> information (Cannot create replay cache file /var/tmp/ldap_389: >>>>> Operation not permitted) >>>> >>>> Well, this looks suspicious. Any idea why it can't create that? >>>> SELinux maybe? >>> >>> I was suspecting of SELinux too, so I’ve issued setenforce 0 to check >>> of it will work but no success either. >> >> What is the mode of /var/tmp? > > :) > > You figured out. > > For reason that I don’t know yet - you’ll try to discover why this > happened - /var/tmp was with UID and GID permissions for a random user: > > [root@neumann2 ~]# ls -l /var | grep tmp > drwxrwxrwt. 7 depaula depaula 4096 Feb 15 21:21 tmp > > Since sticky bit is enabled we got some bizarre things like this: > > [root@neumann2 ~]# ls -l /var/tmp/ > total 12 > -rw-------. 1 root root 6 Feb 6 11:21 host_0 > -rw-------. 1 root root 6 Feb 9 19:42 kadmin_0 > -rw-------. 1 depaula depaula 2738 Feb 2 08:36 ldap_389 > > So yeah. February 2nd matches with the start of the issue. > > I’ve immediately stopped IPA, removed the files, fixed the permissions, > reverted back my /etc/named.conf hack and IPA started without any > apparent issue. > > I was able to properly issue commands after kinit’ing as admin. > > Guys, thank you so much. It’s really good to have help from smart guys.
Awesome, great news. Glad you got it working and thanks for closing the loop. rob > Thanks!!! > > Best regards, > Vinicius > > PS: Just to confirm: > > [root@neumann2 ~]# ipa user-find | head > ---------------- > 74 users matched > ---------------- > User login: admin > Last name: Administrator > Home directory: /home/admin > Login shell: /bin/bash > Principal alias: [email protected] > <mailto:[email protected]> > UID: 917400000 > GID: 917400000 > >> >> rob >> > _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
