Bug #37143
Remove unnecessary pam_sss errors from /var/log/auth.log
Description
Part III
Tested on FreeNAS 11.2-Beta 1 system. Issue in initial bug report is still present.
Jun 18 14:59:34 eye-01 afpd50079: authentication failure; logname=root uid=0 euid=0 tty=afpd ruser=smb_user rhost=10.231.1.24 user=smb_user Jun 18 14:59:42 eye-01 afpd50116: authentication failure; logname=root uid=0 euid=0 tty=afpd ruser=smb_user rhost=10.231.1.24 user=smb_user Jun 18 14:59:45 eye-01 afpd50149: authentication failure; logname=root uid=0 euid=0 tty=afpd ruser=smb_user rhost=10.231.1.24 user=smb_user Jun 18 15:01:45 eye-01 afpd51457: authentication failure; logname=root uid=0 euid=0 tty=afpd ruser=smb_user rhost=10.231.1.24 user=smb_user
Steps to reproduce:
================================================
1) Create local user
2) Create time machine share owned by local user
3) Enable LDAP
4) Configure Time Machine backup on OSX client.
5) Monitor /var/log/auth.log for entries like above.
The issue is still present in 11.2, but was masked by a separate bug related to the generation of the /etc/pam.d/netatalk file.
Initially reported in https://redmine.ixsystems.com/issues/31635
Associated revisions
Bump port revision
Ticket: #37143
Bump port revision
Ticket: #37143
Make sure pam_sss is quiet when told to be quiet
Ticket: #37143
Make sure pam_sss is quiet when told to be quiet
Ticket: #37143
Make sure pam_sss is quiet when told to be quiet
Ticket: #37143
Make sure pam_sss is quiet when told to be quiet
Ticket: #37143
Make sure pam_sss is quiet when told to be quiet
Ticket: #37143
Make sure pam_sss is quiet when told to be quiet
Ticket: #37143
History
#1
Updated by Dru Lavigne about 1 year ago
Updated by Dru Lavigne - Assignee changed from Release Council to John Hixson
#2
Updated by John Hixson about 1 year ago
Updated by John Hixson Fixed. Master PR https://github.com/freenas/ports/pull/121. The last remaining message was one that was being printed out rather login was successful or not. I have made it disappear if quiet is specified or an unknown user tries to login. Maybe the 2nd isn't necessary, but let's be extra paranoid ;-)
#3
Updated by John Hixson about 1 year ago
- Status changed from Unscreened to Ready for Testing
#4
Updated by Dru Lavigne about 1 year ago
- Subject changed from Correct PAM constants for AFP users authenticating as local user in LDAP environment to Remove unnecessary pam_sss errors from /var/log/auth.log
- Target version changed from Backlog to 11.2-BETA2
- Needs Doc changed from Yes to No
- Needs Merging changed from Yes to No
Updated by Bonnie Follweiler #7
Updated by Dru Lavigne 12 months ago
- Status changed from Done to Ready for Testing
- Target version changed from 11.2-BETA2 to 11.1-U6
- Needs QA changed from No to Yes
11.1-stable PR: https://github.com/freenas/ports/pull/126
Make sure pam_sss is quiet when told to be quiet
Ticket: #37143