Skip to content

Instantly share code, notes, and snippets.

@trissylegs
Last active Sep 8, 2021
Embed
What would you like to do?
Kanidm trouble shooting
Sep 08 17:15:20 Asuka kanidm_unixd[5983]: [2021-09-08T07:15:20Z DEBUG kanidm_unixd] Accepted connection
Sep 08 17:15:20 Asuka kanidm_unixd[5983]: [2021-09-08T07:15:20Z DEBUG kanidm_unixd] nssaccountbyname req
Sep 08 17:15:20 Asuka kanidm_unixd[5983]: [2021-09-08T07:15:20Z DEBUG kanidm_unix_common::cache] get_usertoken
Sep 08 17:15:20 Asuka kanidm_unixd[5983]: [2021-09-08T07:15:20Z DEBUG kanidm_unix_common::cache] online expired, refresh cache
Sep 08 17:15:21 Asuka kanidm_unixd[5983]: [2021-09-08T07:15:21Z DEBUG kanidm_client::asynchronous] opid -> "186f9f81-31e4-40d2-ab79-88bd2ee9aaf7"
Sep 08 17:15:21 Asuka kanidm_unixd[5983]: [2021-09-08T07:15:21Z DEBUG kanidm_unix_common::db] insert -> 1
Sep 08 17:15:21 Asuka kanidm_unixd[5983]: [2021-09-08T07:15:21Z DEBUG kanidm_unix_common::db] insert -> 1
Sep 08 17:15:21 Asuka kanidm_unixd[5983]: [2021-09-08T07:15:21Z DEBUG kanidm_unix_common::db] delete memberships -> 2
Sep 08 17:15:21 Asuka kanidm_unixd[5983]: [2021-09-08T07:15:21Z DEBUG kanidm_unix_common::db] insert membership -> 1
Sep 08 17:15:21 Asuka kanidm_unixd[5983]: [2021-09-08T07:15:21Z DEBUG kanidm_unix_common::db] insert membership -> 1
Sep 08 17:15:21 Asuka kanidm_unixd[5983]: [2021-09-08T07:15:21Z DEBUG kanidm_unix_common::cache] token -> Some(UnixUserToken { name: "nirya", spn: "nirya@idm.trissyle.gs", displayname: "Triss Healy",>
Sep 08 17:15:21 Asuka kanidm_unixd[5983]: [2021-09-08T07:15:21Z DEBUG kanidm_unixd] Attempting to send response -> NssAccount(Some(NssUser { name: "nirya", gid: 1001, gecos: "Triss Healy", homedir: ">
Sep 08 17:15:21 Asuka kanidm_unixd[5983]: [2021-09-08T07:15:21Z DEBUG kanidm_unixd] flushed response!
Sep 08 17:15:21 Asuka kanidm_unixd[5983]: [2021-09-08T07:15:21Z DEBUG kanidm_unixd] Disconnecting client ...
Sep 08 17:15:21 Asuka kanidm_unixd[5983]: [2021-09-08T07:15:21Z DEBUG kanidm_unixd] Accepted connection
Sep 08 17:15:21 Asuka kanidm_unixd[5983]: [2021-09-08T07:15:21Z DEBUG kanidm_unixd] nssaccountbyuid req
Sep 08 17:15:21 Asuka kanidm_unixd[5983]: [2021-09-08T07:15:21Z DEBUG kanidm_unix_common::cache] get_usertoken
Sep 08 17:15:21 Asuka kanidm_unixd[5983]: [2021-09-08T07:15:21Z DEBUG kanidm_unix_common::cache] online valid, returning cached item
Sep 08 17:15:21 Asuka kanidm_unixd[5983]: [2021-09-08T07:15:21Z DEBUG kanidm_unix_common::cache] token -> Some(UnixUserToken { name: "nirya", spn: "nirya@idm.trissyle.gs", displayname: "Triss Healy",>
Sep 08 17:15:21 Asuka kanidm_unixd[5983]: [2021-09-08T07:15:21Z DEBUG kanidm_unixd] Attempting to send response -> NssAccount(Some(NssUser { name: "nirya", gid: 1001, gecos: "Triss Healy", homedir: ">
Sep 08 17:15:21 Asuka kanidm_unixd[5983]: [2021-09-08T07:15:21Z DEBUG kanidm_unixd] flushed response!
Sep 08 17:15:21 Asuka kanidm_unixd[5983]: [2021-09-08T07:15:21Z DEBUG kanidm_unixd] Disconnecting client ...
Sep 08 17:15:24 Asuka kanidm_unixd[5983]: [2021-09-08T07:15:24Z DEBUG kanidm_unixd] Accepted connection
Sep 08 17:15:24 Asuka kanidm_unixd[5983]: [2021-09-08T07:15:24Z DEBUG kanidm_unixd] nssaccountbyname req
Sep 08 17:15:24 Asuka kanidm_unixd[5983]: [2021-09-08T07:15:24Z DEBUG kanidm_unix_common::cache] get_usertoken
Sep 08 17:15:24 Asuka kanidm_unixd[5983]: [2021-09-08T07:15:24Z DEBUG kanidm_unix_common::cache] online valid, returning cached item
Sep 08 17:15:24 Asuka kanidm_unixd[5983]: [2021-09-08T07:15:24Z DEBUG kanidm_unix_common::cache] token -> Some(UnixUserToken { name: "nirya", spn: "nirya@idm.trissyle.gs", displayname: "Triss Healy",>
Sep 08 17:15:24 Asuka kanidm_unixd[5983]: [2021-09-08T07:15:24Z DEBUG kanidm_unixd] Attempting to send response -> NssAccount(Some(NssUser { name: "nirya", gid: 1001, gecos: "Triss Healy", homedir: ">
Sep 08 17:15:24 Asuka kanidm_unixd[5983]: [2021-09-08T07:15:24Z DEBUG kanidm_unixd] flushed response!
Sep 08 17:15:24 Asuka kanidm_unixd[5983]: [2021-09-08T07:15:24Z DEBUG kanidm_unixd] Disconnecting client ...
#%PAM-1.0
auth required pam_faillock.so preauth
# Optionally use requisite above if you do not want to prompt for the password
# on locked accounts.
auth [success=2 default=ignore] pam_unix.so try_first_pass nullok
auth sufficient pam_kanidm.so debug ignore_unknown_user
auth [default=die] pam_faillock.so authfail
auth optional pam_permit.so
auth required pam_env.so
auth required pam_faillock.so authsucc
# If you drop the above call to pam_faillock.so the lock will be done also
# on non-consecutive authentication failures.
account required pam_unix.so
account optional pam_permit.so
account sufficient pam_kanidm.so debug ignore_unknown_user
account required pam_time.so
password required pam_unix.so try_first_pass nullok shadow sha512
password sufficient pam_kanidm.so debug
password optional pam_permit.so
session required pam_limits.so
session required pam_unix.so
session optional pam_permit.so
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment